Microsoft WordPad Vulnerability Exploited in Widespread Cyberattacks

Microsoft WordPad Vulnerability Exploited in Cyberattacks

Microsoft has released over 100 security updates to address critical vulnerabilities in its products, some of which have already been exploited by cybercriminals.

These security patches come when the world is struggling amidst an increasing wave of cyberattacks. Two vulnerabilities are the most concerning in MS WordPad, which has fallen victim to active attacks.

Malicious players have deployed massive Distributed Denial of Service (DDoS) attacks to exploit the vulnerabilities.

One of the most alarming vulnerabilities is Rapid Reset, tracked as CVE-2023-44487, an HTTP/2 protocol flaw that has been exploited since August.

Amazon, Microsoft, Cloudflare, and Google have scrambled to mitigate the risk and secure their servers from the crippling Rapid Reset attacks. The major tech giants have promptly responded to the vulnerability, considering its severity.

CVE-2023-36563, the other vulnerability, has been publicly disclosed and actively exploited. The flaw in Microsoft WordPad allows malicious players to steal NTLM hashes.

Cybercriminals use two methods to exploit this vulnerability. One involves a rogue or compromised user running a specially crafted application that can lead to the system getting compromised.

The other involves luring victims into opening a malicious file through instant messages or email.

Skype for Business Privilege Escalation Also Under Attack

A privilege escalation vulnerability in Skype for Business, CVE-2023-41763, is also under active attack from the miscreants. An attacker can exploit this flaw by initiating a specially crafted network call to the target server or Skype for Business.

This lets the attacker view sensitive information like IP addresses and port numbers. However, they cannot alter this data.

13 of the October patches have been classified as critical-rated vulnerabilities. Among these, 12 can lead to remote code execution (RCE), which calls for the urgent need for updates.

Among the crucial updates, 20 patches target Message Queuing, with CVE-2023-35349 standing out with a high CVSS severity score of 9.8, potentially allowing RCE without requiring user interaction.

CVE-2023-36778 is yet another crucial vulnerability for organizations using Exchange Server in-house. This Microsoft Exchange Server RCE vulnerability has an 8.0 CVSS rating and is characterized as “exploitation more likely.”

Attackers can exploit this flaw using social engineering. Such access to Exchange Server can lead to unauthorized email access, potential impersonation, and financial data theft.

Citrix, Adobe, and Others are Fixing Patches

Citrix has also released critical patches, addressing a 9.4-rated flaw in its NetScaler ADC and NetScaler Gateway appliances (CVE-2023-4966) that could potentially expose sensitive information.

A denial-of-service bug, CVE-2023-4967, is also affecting these appliances. Thus, users are being urged to patch the flaws immediately. Adobe has addressed 13 vulnerabilities in Bridge, Commerce, and Photoshop.

On the other hand, SAP has released seven security notes. One of these vulnerabilities earned a perfect 10 CVSS score.

Google’s October Android security bulletin addressed 54 flaws, including concerns regarding an Arm driver bug and a critical system flaw (CVE-2023-4863) with the potential for Remote Code Execution (RCE).

Read More


Leave a Reply

Your email address will not be published. Required fields are marked *

Search this website