Microsoft's August Patch Report identifies possible NATO Cyber-Attack
Microsoft has released their monthly patch rollout but this month, details about a zero-day exploit being used supposedly by threat actors for intelligence operations has caused a stir….
87 flaws were patched this August which includes 23 remote code execution vulnerabilities and two zero-day vulnerabilities:
18 Elevation of Privilege vulnerabilities
3 Security Feature Bypass vulnerabilities
23 Remote Code Execution vulnerabilities
10 Information Disclosure vulnerabilities
8 Denial of Service vulnerabilities
12 Spoofing vulnerabilities
Note: The list above does not include 12 Microsoft Edge vulnerabilities that were fixed earlier this month
The Two Actively Exploited vulnerabilities Found & Patched
CVE-2023-38180 - With a CVSS score of 7.5 | Vulnerability: .NET and Visual Studio Denial of Service
CVE-2023-36884 - With a CVSS score of 7.5 | Vulnerability: Microsoft Office and HTML Remote Code Execution
Details about the exploitation usage of the zero-day vulnerability, CVE-2023-38180, were not disclosed publicly by Microsoft but informed that this vulnerability was being actively used by hackers to cause DoS attacks on .NET applications and Microsoft’s Visual Studio.
The second zero-day vulnerability patched, CVE-2023-36884, has been all over the news due to the nature of the cyber attack and why it is occurring. This vulnerability allowed threat actors to create Microsoft documents that could bypass the MoTW (Mark of the Web) security feature which allowed files to be opened without a security warning, allowing hackers to freely perform remote code execution. If successfully exploited, cyber attackers can access sensitive information, turn off the device’s system protection, and also deny access to the compromised system from recovery. The vulnerability was present in various versions of Office, including Office 2010, 2013, 2016, 2019 and Office 365.
A Microsoft spokesperson stated, "Microsoft is investigating reports of a series of remote code execution vulnerabilities impacting Windows and Office products. Microsoft is aware of targeted attacks that attempt to exploit these vulnerabilities by using specially-crafted Microsoft Office documents. An attacker could create a specially crafted Microsoft Office document that enables them to perform remote code execution in the context of the victim. However, an attacker would have to convince the victim to open the malicious file."
Cyber Criminal Group Working with the Russian Government?
It was discovered by Ukraine's Computer Emergency Response Team (CERT-UA) and BlackBerry's intelligence team that this specific vulnerability was used by threat actors impersonating the Ukrainian World Congress organisation to install dangerous types of malware including the MagicSpell loader and the RomCom RAT backdoor against the guests of the 2023 NATO Summit that took place in July. “RomCom” is linked to a Russian-based cyber criminal group, also tracked as “Storm-0978”, known for engaging in ransomware and extortion attacks stealing credentials from targeted victims, Microsoft has suggested through investigations and analysis of the malicious operation, specific Ukrainian targets chosen and evidence the cyber criminal group are financially motivated, all likely points they are supporting intelligence operations for the Russian government.
Microsoft moved quickly to develop a security patch for the vulnerability and issued it as part of its regular patch update cycle. Microsoft users are strongly recommended to update Office to the latest version as soon as possible to stay protected from the threat.
While this vulnerability has been fixed, it highlights the ongoing danger presented by cyber espionage and the need for constant vigilance in preventing these attacks. As the world becomes increasingly digital, it is critical that individuals, organisations, and governments take cyber threats seriously and stay ahead of the game with robust security measures.
Your Security is our Priority
Your friendly Support Team
Speak to us about all your computer needs
This is Part of our Cyber Security awareness educational campaign. Through this training, you will learn awareness and key principles, and best practices to protect yourself, your organisation, and the public from cyber attackers. You will also be equipped with the knowledge to identify potential threats and take action before any damage can occur.