Two Patch Tuesday flaws you should fix right now
CSO Online – Lucian Constantin
Microsoft released its monthly security bulletin this week, covering patches for over 80 vulnerabilities across its products. However, two of them had already been used by attackers before patches were released.

One vulnerability affects all supported versions of Outlook for Windows and allows attackers to steal Net-NTLMv2 hashes and then use them in NTLM (New Technology LAN Manager) relay attacks against other systems. The second allows attackers to bypass Microsoft SmartScreen, a technology built into Windows that performs checks on files downloaded from the internet through browsers.

The Outlook vulnerability, tracked as CVE-2023-23397, is described by Microsoft as an elevation of privilege and is rated critical (9.8 out of 10 on the CVSS scale). Microsoft credits CERT-UA, the Ukrainian government’s Computer Emergency Response Team, as well as its own Microsoft Incident Response and Microsoft Threat Intelligence team with reporting this vulnerability. The second zero-day vulnerability patched during Patch Tuesday is tracked as CVE-2023-24880 and was reported to Microsoft in February by members of Google’s Threat Analysis Group, which found it exploited by the group behind a ransomware program called Magniber.

The vulnerability allows attackers to create files that would bypass the security warning dialog displayed by Windows when users try to open an untrusted file downloaded from the internet
Link: https://www.csoonline.com/article/3691009/two-patch-tuesday-flaws-you-should-fix-right-now.html