Category Archives: CVE

Microsoft March 2023 Patch Tuesday

On Tuesday, Microsoft issued updates to address at least 74 security vulnerabilities in its Windows operating systems and software. Among these, two flaws are already being actively exploited, with one particularly severe vulnerability found in Microsoft Outlook that can be exploited without any user involvement.

The Outlook vulnerability (CVE-2023-23397) affects all Microsoft Outlook versions from 2013 to the latest release. Microsoft confirmed that attackers are exploiting this weakness, which can be accomplished without user interaction by sending a malicious email that activates automatically upon retrieval by the email server—even before being viewed in the Preview Pane.

Although CVE-2023-23397 is classified as an “Elevation of Privilege” vulnerability, its severity is not accurately conveyed by this label, according to Kevin Breen, director of cyber threat research at Immersive Labs. Known as an NTLM relay attack, it enables an attacker to obtain an individual’s NTLM hash (Windows account password) and use it in a “Pass The Hash” attack.

Breen explained that the vulnerability effectively allows the attacker to authenticate as a trusted person without needing to know their password, which is equivalent to the attacker having valid credentials with access to an organization’s systems.

Rapid7, a security firm, highlights that this bug affects self-hosted Outlook versions like Microsoft 365 Apps for Enterprise, but not Microsoft-hosted online services such as Microsoft 365.

The other actively exploited zero-day flaw, CVE-2023-24880, is a “Security Feature Bypass” in Windows SmartScreen, which is part of Microsoft’s endpoint protection tools suite. Patch management provider Action1 notes that the exploit for this bug is low in complexity and does not require special privileges. However, it does necessitate some user interaction and cannot be used to access private information or privileges. The flaw can enable other malicious code to execute without being detected by SmartScreen reputation checks.

Dustin Childs, head of threat awareness at Trend Micro’s Zero Day Initiative, said CVE-2023-24880 allows attackers to create files that would bypass Mark of the Web (MOTW) defenses. He explained that protective measures like SmartScreen and Protected View in Microsoft Office depend on MOTW, so bypassing these defenses makes it easier for threat actors to disseminate malware through malicious documents and other infected files that would otherwise be stopped by SmartScreen.

This week, Microsoft also patched seven other vulnerabilities that were given its highest “critical” severity rating. These updates address security gaps that could be exploited to provide an attacker with full, remote control over a Windows host with minimal or no user interaction.

Additionally, Adobe released eight patches this week to fix 105 security vulnerabilities across various products, including Adobe Photoshop, Cold Fusion, Experience Manager, Dimension, Commerce, Magento, Substance 3D Stager, Cloud Desktop Application, and Illustrator.

Trusted Platform Modules and Why They Are Important

In today’s digital age, information security has become more important than ever before. With the rapid growth of the internet and the ever-increasing number of online transactions, it has become increasingly difficult to ensure the security of sensitive data. One of the most important tools in ensuring data security is the Trusted Platform Module (TPM).

A TPM is a hardware-based security solution that is built into many modern computers and devices. It is designed to provide secure storage for sensitive information, such as encryption keys, passwords, and digital certificates. By storing this information in a secure, tamper-proof environment, the TPM can help protect against a variety of attacks, including malware, phishing, and other forms of cybercrime.

The TPM works by creating a secure storage area within the device’s hardware, separate from the device’s main processor and memory. This storage area is protected by a unique cryptographic key that is generated by the TPM itself. This key cannot be accessed or modified by any other software or hardware component, making it virtually impossible to tamper with or steal.

One of the key features of the TPM is its ability to perform remote attestation. This means that the TPM can provide information about the state of the device to a remote party, such as a server or service provider. For example, if a user logs in to an online service using a device with a TPM, the service provider can verify that the device is in a secure and trusted state before allowing the user to access their account.

Another important feature of the TPM is its ability to perform secure booting. This means that the TPM can ensure that the device’s operating system and other critical components have not been tampered with or modified since the device was last booted up. This helps protect against a variety of attacks, including rootkits and other forms of malware that can take control of a device’s operating system.

In addition to these features, the TPM also provides support for a variety of cryptographic functions, including encryption, decryption, and digital signatures. This makes it an important tool for securing online transactions and communications, as well as for protecting sensitive data stored on the device.

Overall, the TPM is an essential tool for ensuring the security and privacy of sensitive information in today’s digital world. By providing a secure, tamper-proof storage environment for encryption keys and other sensitive data, the TPM helps protect against a variety of cyber threats, including malware, phishing, and other forms of cybercrime. If you are concerned about the security of your sensitive data, it is important to look for devices that include a TPM and to make sure that it is enabled and configured properly.