overview

This week, Microsoft fixed two zero-day vulnerabilities tracked as CVE-2023-36761 and CVE-2023-36802. The first vulnerability, CVE-2023-36761 (CVSS 6.2) is a Microsoft Word information disclosure vulnerability, while the second vulnerability, CVE-2023-36802 (CVSS 7.8) is a Microsoft streaming service proxy elevation of privilege vulnerability.  

CVE-2023-36761 lets attackers steal NTLM hashes when you open a document, even in the preview pane. They can then use these NTLM hashes for unauthorized access to accounts. This means that attackers can use the stolen hashes in NTLM Relay attacks to escalate their privileges and gain control over accounts and systems.  

CVE-2023-36802 allows attackers to gain SYSTEM privileges - the highest level of access on a Windows system. Once attackers have gained SYSTEM privileges, they can install, modify, or delete software and files without restrictions, as well as access sensitive system data.  

Both vulnerabilities have been exploited in the wild but have been patched by Microsoft. Avertium recommends that users implement the appropriate patches for both vulnerabilities as soon as possible.

 

 

avertium's recommendationS

  • CVE-2023-36761  
    • Avertium recommends applying the Microsoft Word update for CVE-2023-36761. You may find patch guidance in Microsoft’s advisory under Security Updates. 
  • CVE-2023-36802 
    • Avertium recommends applying the Windows update for CVE-2023-36761. You may find patch guidance in Microsoft’s advisory under Security Updates 

 

 

INDICATORS OF COMPROMISE (IoCs)

At this time, there are no known IoCs associated with CVE-2023-36761 and CVE-2023-36802. Avertium remains vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.   

 

 

How Avertium is Protecting Our CUSTOMERS

  • Fusion MXDR for Microsoft combines Avertium's Fusion MXDR approach with Microsoft Security Solutions, creating the first MDR offering that integrates all aspects of security operations into an active and threat-informed XDR solution. Leveraging Microsoft's comprehensive and cost-effective technology, Fusion MXDR for Microsoft delivers a release of cyber energy, encompassing implementation, optimization, ongoing management, and tuning. 

  • Expanding endpoints, cloud computing environments, and accelerated digital transformation have decimated the perimeter in an ever-expanding attack surface. Avertium offers Attack Surface Management, so you’ll have no more blind spots, weak links, or fire drills. See every threat in your attack surface, every device, every entry point, and every vulnerability. Our Attack Surface Management services include:  

    • Risk Assessments 
    • Pen Testing and Social Engineering  
    • Infrastructure Architecture and Integration  
    • Zero Trust Network Architecture 
    • Vulnerability Management 






SUPPORTING DOCUMENTATION

CVE-2023-36802 - Security Update Guide - Microsoft - Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability 

CVE-2023-36761 - Security Update Guide - Microsoft - Microsoft Word Information Disclosure Vulnerability 

Microsoft Releases Patch for Two New Actively Exploited Zero-Days Flaws (thehackernews.com) 

Microsoft September 2023 Patch Tuesday fixes 2 zero-days, 59 flaws (bleepingcomputer.com) 

Adobe, Apple, Google & Microsoft Patch 0-Day Bugs – Krebs on Security 

Chat With One of Our Experts




Zero-Day Vulnerability Flash Notice Microsoft Vulnerability Microsoft Zero-Day Blog