May 24, 2024

Microsoft WordPad Vulnerability Exploited in Cyberattacks

Microsoft has released over 100 security updates to address critical vulnerabilities in its products, some of which have already been exploited by cybercriminals.

These security patches come when the world is struggling amidst an increasing wave of cyberattacks. Two vulnerabilities are the most concerning in MS WordPad, which has fallen victim to active attacks.

Malicious players have deployed massive Distributed Denial of Service (DDoS) attacks to exploit the vulnerabilities.

One of the most alarming vulnerabilities is Rapid Reset, tracked as CVE-2023-44487, an HTTP/2 protocol flaw that has been exploited since August.

Amazon, Microsoft, Cloudflare, and Google have scrambled to mitigate the risk and secure their servers from the crippling Rapid Reset attacks. The major tech giants have promptly responded to the vulnerability, considering its severity.

CVE-2023-36563, the other vulnerability, has been publicly disclosed and actively exploited. The flaw in Microsoft WordPad allows malicious players to steal NTLM hashes.

Cybercriminals use two methods to exploit this vulnerability. One involves a rogue or compromised user running a specially crafted application that can lead to the system getting compromised.

The other involves luring victims into opening a malicious file through instant messages or email.

Skype for Business Privilege Escalation Also Under Attack

A privilege escalation vulnerability in Skype for Business, CVE-2023-41763, is also under active attack from the miscreants. An attacker can exploit this flaw by initiating a specially crafted network call to the target server or Skype for Business.

This lets the attacker view sensitive information like IP addresses and port numbers. However, they cannot alter this data.

13 of the October patches have been classified as critical-rated vulnerabilities. Among these, 12 can lead to remote code execution (RCE), which calls for the urgent need for updates.

Among the crucial updates, 20 patches target Message Queuing, with CVE-2023-35349 standing out with a high CVSS severity score of 9.8, potentially allowing RCE without requiring user interaction.

CVE-2023-36778 is yet another crucial vulnerability for organizations using Exchange Server in-house. This Microsoft Exchange Server RCE vulnerability has an 8.0 CVSS rating and is characterized as “exploitation more likely.”

Attackers can exploit this flaw using social engineering. Such access to Exchange Server can lead to unauthorized email access, potential impersonation, and financial data theft.

Citrix, Adobe, and Others are Fixing Patches

Citrix has also released critical patches, addressing a 9.4-rated flaw in its NetScaler ADC and NetScaler Gateway appliances (CVE-2023-4966) that could potentially expose sensitive information.

A denial-of-service bug, CVE-2023-4967, is also affecting these appliances. Thus, users are being urged to patch the flaws immediately. Adobe has addressed 13 vulnerabilities in Bridge, Commerce, and Photoshop.

On the other hand, SAP has released seven security notes. One of these vulnerabilities earned a perfect 10 CVSS score.

Google’s October Android security bulletin addressed 54 flaws, including concerns regarding an Arm driver bug and a critical system flaw (CVE-2023-4863) with the potential for Remote Code Execution (RCE).

TikTok Coin Hack: A Comprehensive Overview
Le changement de jeu ultime : Les pièces gratuites sur TikTok
Expert Recommendations: Coin Master Free Spin Hack
The Science of Avacoins Farming in Avakin Life
Free TikTok Coins: The Game Changer
Comprendre les générateurs de pièces TikTok : Mythes vs réalité
Mastering the Art of Earning Free Coins in LivU Video Chat
Earn Free Spins in Coin Master Like a Pro
Avakin Life Avacoins Farming Techniques: Unveiled
Free Credits in Bingo Blitz: The Ultimate Game Changer
Coin Master Spins Farming: Tips for Success
genshin impact codes for free primogems mora in january 2023
ZEPETO Zems Farming: What Every User Should Know
match masters free boosters match masters daily gifts
Free TikTok Coins: Your Path to Fame
Free Gems in Brawl Stars: The Future of Brawl Gaming
how to get free gems in dragon city 2023 dontruko
hack family island cheats gift codes resources speedup rubies
TikTok Coin Generators: Fact vs. Fiction
Desbloquea Monedas Gratis en TikTok: Tu Guía Definitiva
Maximize Your TikTok Earnings with Free Coins
TikTok Coin Hacks: The Complete Guide
Obtenez des pièces TikTok gratuitement en quelques étapes simples
Free TikTok Coins: The Game Changer
Free TikTok Coins: Insider Secrets
Guadagnare Monete Gratis su TikTok: Sfide e Ricompense
Maximize Your LivU Video Chat Experience with Free Coins
The Ultimate Game Changer: Free Spins in Coin Master
Free Avacoins in Avakin Life: The Key to Virtual Luxury
The Art of Earning Credits in Bingo Blitz

Leave a Reply

Your email address will not be published. Required fields are marked *