overview
This week, Microsoft patched three zero-day vulnerabilities (CVE-2023-21715, CVE-2023-21823, and CVE-2023-23376) that are currently being exploited by attackers.
- CVE-2023-21715 is a Microsoft Publisher Security Feature bypass vulnerability
- CVE-2023-21823 is a Windows Graphics Component elevation of privilege vulnerability
- CVE-2023-23376 is a Windows Common Log File System (CLFS) driver elevation of privilege vulnerability.
According to Microsoft's advisory, CVE-2023-21715 pertains to a scenario where an authenticated user launches an attack on a targeted system. The attacker uses social engineering techniques to convince the victim to download and open a custom-made file from a website, resulting in a localized attack on the victim's device. This attack can potentially override Publisher macro policies intended to prevent the execution of untrusted or harmful files or allow the attacker to obtain SYSTEM privileges.
The researchers from Immersive Labs stated that CVE-2023-23376 is a vulnerability found in the CLFS component, which is responsible for managing and maintaining a high-performance, transaction-based log file system within the Windows operating system. As a critical part of the system, any security flaws in this driver could result in severe consequences for the system's security and reliability.
The final vulnerability, CVE-2023-21823, involves Microsoft OneNote for Android. Recently, the note-taking service has been used to distribute malware, therefore it is crucial that users apply the appropriate patches.
avertium's recommendations
- Patch guidance for CVE-2023-21715, CVE-2023-21823, and CVE-2023-23376 can be found in Microsoft’s advisory.
- Keep your system and software up to date with the latest security patches.
- Don’t download and open files from suspicious or unknown sources, especially those sent via social media or email.
- Block untrusted or malicious files by implementing Office macro policies.
- Monitor your system and network for unusual activity such as downloads or system configuration changes.
INDICATORS OF COMPROMISE (IoCs)
At this time, there are no known IoCs associated with CVE-2023-21715, CVE-2023-21823, and CVE-2023-23376. Avertium’s threat hunters remain vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.
How Avertium is Protecting Our CUSTOMERS
- Expanding endpoints, cloud computing environments, and accelerated digital transformation have decimated the perimeter in an ever-expanding attack surface. Avertium offers Attack Surface Management, so you’ll have no more blind spots, weak links, or fire drills.
- Fusion MXDR is the first MDR offering that fuse together all aspects of security operations into a living, breathing, threat-resistant XDR solution. By fusing insights from threat intelligence, security assessments, and vulnerability management into our MDR approach, Fusion MXDR offers a more informed, robust, and cost-effective approach to cybersecurity – one that is greater than the sum of its parts.
- Avertium offers VMaaS to provide a deeper understanding and control over organizational information security risks. If your enterprise is facing challenges with the scope, resources, or skills required to implement a vulnerability management program with your team, outsourced solutions can help you bridge the gap.
SUPPORTING DOCUMENTATION