* . *
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Sunday, June 8, 2025
Earth-News
  • Home
  • Business
  • Entertainment
    Ceramic Dalmatian Entertainment is WLAF’s Business of the Week – WLAF

    Spotlight on Success: Ceramic Dalmatian Entertainment Shines as This Week’s Featured Business!

    Brass Lion Entertainment unveils co-op action RPG Wu-Tang: Rise of the Deceiver – VentureBeat

    Unleash Your Inner Warrior: Discover the Co-Op Action RPG Wu-Tang: Rise of the Deceiver!

    Entertainment lineup released for 2025 Mississippi State Fair – WAPT

    Exciting Entertainment Lineup Unveiled for the 2025 Mississippi State Fair!

    After Denzel Washington Said He Would Be In Black Panther 3, Ryan Coogler Explained Why He’s ‘Fine’ With That Information Being Revealed So Early – Yahoo

    Ryan Coogler Shares Why He’s Cool with Denzel Washington’s Black Panther 3 Reveal!

    Traveling Tacos and Tequila Festival to stop at Florence Yall’s stadium this October – Cincinnati Enquirer

    Get Ready for a Flavor Fiesta: Traveling Tacos and Tequila Festival Hits Florence Y’all’s Stadium This October!

    9 things to do this weekend in Lake County plus a look ahead – Leesburg Daily Commercial

    Discover 9 Exciting Weekend Adventures in Lake County and What’s Coming Up!

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    Drag racer survives frightening airborne crash at World Wide Technology Raceway – FOX 2

    Drag racer survives frightening airborne crash at World Wide Technology Raceway – FOX 2

    Apple Watch and the future of wearable technology in healthcare – MSN

    Revolutionizing Healthcare: The Future of Wearable Technology with Apple Watch

    ECS Professor Pankaj K. Jha Receives NSF Grant to Develop Quantum Technology – Syracuse University News

    Unlocking the Future: ECS Professor Pankaj K. Jha Secures NSF Grant for Groundbreaking Quantum Technology Development

    Fire Tech Brief: 5 Fire Apparatus Technology Upgrades – firehouse.com

    Revving Up Safety: 5 Innovative Upgrades for Fire Apparatus Technology

    U.S. FDA Grants Platform Technology Designation to the Viral Vector Used in SRP-9003, Sarepta’s Investigational Gene Therapy for the Treatment of Limb Girdle Muscular Dystrophy Type 2E/R4 – Sarepta Therapeutics

    Breakthrough for Gene Therapy: FDA Designates Viral Vector in Sarepta’s SRP-9003 for Limb Girdle Muscular Dystrophy Treatment

    Waunakee Fifth-Graders Dive into the Future at Exciting Tech Day!

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
  • Home
  • Business
  • Entertainment
    Ceramic Dalmatian Entertainment is WLAF’s Business of the Week – WLAF

    Spotlight on Success: Ceramic Dalmatian Entertainment Shines as This Week’s Featured Business!

    Brass Lion Entertainment unveils co-op action RPG Wu-Tang: Rise of the Deceiver – VentureBeat

    Unleash Your Inner Warrior: Discover the Co-Op Action RPG Wu-Tang: Rise of the Deceiver!

    Entertainment lineup released for 2025 Mississippi State Fair – WAPT

    Exciting Entertainment Lineup Unveiled for the 2025 Mississippi State Fair!

    After Denzel Washington Said He Would Be In Black Panther 3, Ryan Coogler Explained Why He’s ‘Fine’ With That Information Being Revealed So Early – Yahoo

    Ryan Coogler Shares Why He’s Cool with Denzel Washington’s Black Panther 3 Reveal!

    Traveling Tacos and Tequila Festival to stop at Florence Yall’s stadium this October – Cincinnati Enquirer

    Get Ready for a Flavor Fiesta: Traveling Tacos and Tequila Festival Hits Florence Y’all’s Stadium This October!

    9 things to do this weekend in Lake County plus a look ahead – Leesburg Daily Commercial

    Discover 9 Exciting Weekend Adventures in Lake County and What’s Coming Up!

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    Drag racer survives frightening airborne crash at World Wide Technology Raceway – FOX 2

    Drag racer survives frightening airborne crash at World Wide Technology Raceway – FOX 2

    Apple Watch and the future of wearable technology in healthcare – MSN

    Revolutionizing Healthcare: The Future of Wearable Technology with Apple Watch

    ECS Professor Pankaj K. Jha Receives NSF Grant to Develop Quantum Technology – Syracuse University News

    Unlocking the Future: ECS Professor Pankaj K. Jha Secures NSF Grant for Groundbreaking Quantum Technology Development

    Fire Tech Brief: 5 Fire Apparatus Technology Upgrades – firehouse.com

    Revving Up Safety: 5 Innovative Upgrades for Fire Apparatus Technology

    U.S. FDA Grants Platform Technology Designation to the Viral Vector Used in SRP-9003, Sarepta’s Investigational Gene Therapy for the Treatment of Limb Girdle Muscular Dystrophy Type 2E/R4 – Sarepta Therapeutics

    Breakthrough for Gene Therapy: FDA Designates Viral Vector in Sarepta’s SRP-9003 for Limb Girdle Muscular Dystrophy Treatment

    Waunakee Fifth-Graders Dive into the Future at Exciting Tech Day!

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
Earth-News
No Result
View All Result
Home Technology

Microsoft addresses Office vulnerability attacked by Russian spooks in latest update

August 9, 2023
in Technology
Microsoft addresses Office vulnerability attacked by Russian spooks in latest update
Share on FacebookShare on Twitter

Gina Sanders – stock.adobe.com

Microsoft has issued fixes for over 70 vulnerabilities in its August Patch Tuesday drop, including remedies for CVE-2023-36884, which was disclosed without a fix in July and has been the subject of Kremlin-backed cyber attacks

Alex Scroxton

By

Alex Scroxton,
Security Editor

Published: 09 Aug 2023 15:15

Amid the ongoing Black Hat USA and DEF CON cyber jamborees, Microsoft has addressed a little over 70 vulnerabilities in its August Patch Tuesday update, including two zero-days already being exploited, more than 20 remote code execution (RCE) flaws, and six critical bugs.

Of the two zero-days fixes, the first comes in the form of a Defense in Depth Update for Microsoft Office, tagged as ADV23003.

This is a set of mitigations that supposedly breaks the exploit chain used by threat actors to target CVE-2023-36884, an RCE vuln in Microsoft Office which was disclosed in the July update without a fix, and is known to have been exploited by a threat actor linked to Russian intelligence agencies.

Separately, patches for the multiple products affected by this vulnerability are now available and should be applied.

Chris Goett, vice-president of security products at Ivanti, explained the significance of the ADV23303 release. “Microsoft updated the affected products listed in CVE-2023-36884 removing the Office products originally listed in the CVE,” he said.

“The Office products listed in ADV230003 are not directly vulnerable, but can be used in an attack chain to exploit CVE-2023-36884. Microsoft has clarified the changes in the Office updates were a Defense in Depth measure.

“Microsoft recommends applying the Office updates discussed in the advisory in addition to the August Windows OS updates,” he added.

The second zero-day is tracked as CVE-2023-38180, a denial of service vulnerability in .NET and Visual Studio. It is considered to be of low complexity and requires no special privileges or user interaction to exploit.

Nikolas Cemerikic, cyber security engineer at Immersive Labs, explained the scope of the vulnerability.

“A denial of service (DoS) attack involves overrunning it with an excessive volume of requests, which exhausts its available resources, such as processing power, memory, or network bandwidth. Consequently, the application becomes incapable of fulfilling legitimate user requests, limiting its normal functionality,” he said.

“If an attacker, who was suitably positioned on the network exploited this vulnerability, it would cause the Visual Studio application or applications on the same system, which are dependent on the .NET framework to become unavailable.

“Although the attacker would need to be on the same network as the target system, this vulnerability specifically does not require the attacker to have acquired user privileges,” added Cemerikic.

“According to the CVE details code maturity has reached proof-of-concept and it is confirmed to be exploited in the wild,” Ivanti’s Goettl told Computer Weekly in emailed comments.

“The CVE is only rated as Important and the CVSS v3.1 score is 7.5, but taking a risk-based approach this should be treated as a higher priority this month.”

The six critical vulnerabilities this month are all RCE flaws, three within Microsoft Message Queuing – CVE-2023-35385, CVE-2023-36910 and CVE-2023-36911; two within Microsoft Teams – CVE-2023-29328 and CVE-2023-29330; and one within Microsoft Outlook – CVE-2023-36895.

Dustin Childs of Trend Micro’s Zero Day Initiative said that the Microsoft Message Queueing bugs, of which there are several others less dramatic in their scope, were likely to see exploitation in short order as a number of PoCs are already circulating, while the Microsoft Teams vulnerabilities are worth paying attention to as both bear similarities to others that were demonstrated at the 2023 Pwn2Own event.

Also attracting attention this month are a series of six flaws in Microsoft Exchange Server, the most significant of which is CVE-2023-21709, an elevation of privilege (EoP) vulnerability. This is of low complexity and requires no special privileges or user interaction to exploit.

Tenable senior staff research engineer Satnam Narang said: “An unauthenticated attacker could exploit this vulnerability by conducting a brute-force attack against valid user accounts. Despite the high rating, the belief is that brute-force attacks won’t be successful against accounts with strong passwords. However, if weak passwords are in use, this would make brute-force attempts more successful.

“The remaining five vulnerabilities range from a spoofing flaw and multiple remote code execution bugs, though the most severe of the bunch also require credentials for a valid account,” he added.

Read more on Application security and coding requirements


Several Exchange Server flaws fixed on August Patch Tuesday

TomWalat

By: Tom Walat


Critical Adobe ColdFusion flaws chained in ongoing cyber attacks

AlexScroxton

By: Alex Scroxton


Russia-based actor exploited unpatched Office zero day

ArielleWaldman

By: Arielle Waldman


Microsoft users on high alert over dangerous RCE zero-day

AlexScroxton

By: Alex Scroxton

>>> Read full article>>>
Copyright for syndicated content belongs to the linked Source : Computer Weekly – https://www.computerweekly.com/news/366547633/Microsoft-addresses-Office-vulnerability-attacked-by-Russian-spooks-in-latest-update

Tags: addressesMicrosofttechnology
Previous Post

Huawei a big storage hitter despite international troubles

Next Post

AI interview: Krystal Kauffman, lead organiser, Turkopticon

designing for ‘abundance,’ with ecological landscaper kelly norris – A Way To Garden

Embracing Abundance: Insights from Ecological Landscaper Kelly Norris

June 8, 2025
How to take photos on your phone via remote control – Popular Science

How to take photos on your phone via remote control – Popular Science

June 8, 2025
Opinion | RFK Jr.’s Deadly War on Science – Common Dreams

RFK Jr.’s Dangerous Assault on Science: A Call to Action

June 8, 2025
The Worst Bonne Maman Preserves Flavor Leaves A Lot To Be Desired – Yahoo

The Worst Bonne Maman Preserves Flavor Leaves A Lot To Be Desired – Yahoo

June 8, 2025
D.C. Hosts WorldPride Parade in the Shadow of Trump – The New York Times

Celebrating Love and Unity: D.C. Lights Up for WorldPride Parade Amidst Political Tensions

June 8, 2025
This New England state has the best economy in the country, according to WalletHub – Boston.com

Discover the New England State Boasting the Strongest Economy in the Nation!

June 8, 2025
Ceramic Dalmatian Entertainment is WLAF’s Business of the Week – WLAF

Spotlight on Success: Ceramic Dalmatian Entertainment Shines as This Week’s Featured Business!

June 8, 2025
Billy Joel jokes about aging, cremation after brain disorder diagnosis – Fox News

Billy Joel Shares Hilarious Takes on Aging and Life After a Health Scare

June 8, 2025
Supreme Court restores DOGE’s access to sensitive Social Security data and says it doesn’t have to turn over documents – CNN

Supreme Court Grants DOGE Access to Sensitive Social Security Data, Protects Confidential Documents!

June 8, 2025
Drag racer survives frightening airborne crash at World Wide Technology Raceway – FOX 2

Drag racer survives frightening airborne crash at World Wide Technology Raceway – FOX 2

June 8, 2025

Categories

Archives

June 2025
MTWTFSS
 1
2345678
9101112131415
16171819202122
23242526272829
30 
« May    
Earth-News.info

The Earth News is an independent English-language daily published Website from all around the World News

Browse by Category

  • Business (20,132)
  • Ecology (676)
  • Economy (689)
  • Entertainment (21,595)
  • General (15,271)
  • Health (9,731)
  • Lifestyle (693)
  • News (22,149)
  • People (690)
  • Politics (697)
  • Science (15,908)
  • Sports (21,192)
  • Technology (15,675)
  • World (674)

Recent News

designing for ‘abundance,’ with ecological landscaper kelly norris – A Way To Garden

Embracing Abundance: Insights from Ecological Landscaper Kelly Norris

June 8, 2025
How to take photos on your phone via remote control – Popular Science

How to take photos on your phone via remote control – Popular Science

June 8, 2025
  • About
  • Advertise
  • Privacy & Policy
  • Contact

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

Go to mobile version