![]() ![]() Cybersecurity and Infrastructure Security Agency (CISA) to add the flaw to its Known Exploited Vulnerabilities ( KEV) catalog, urging organizations to apply vendor fixes by May 30, 2023.Īlso of note are two publicly known flaws, one of which is a critical remote code execution flaw impacting Windows OLE ( CVE-2023-29325, CVSS score: 8.1) that could be weaponized by an actor by sending a specially crafted email to the victim. "An attacker who successfully exploited this vulnerability could gain SYSTEM privileges," Microsoft said, crediting Avast researchers Jan Vojtěšek, Milánek, and Luigino Camastra for reporting the flaw. It's not immediately clear how widespread the attacks are. Topping the list is CVE-2023-29336 (CVSS score: 7.8), a privilege escalation flaw in Win32k that has come under active exploitation. This is aside from 18 flaws – including 11 bugs since the start of May – the Windows maker resolved in its Chromium-based Edge browser following the release of April Patch Tuesday updates. ![]() Eight of the flaws have been tagged with "Exploitation More Likely" assessment by Microsoft. Of the 38 vulnerabilities, six are rated Critical and 32 are rated Important in severity. Trend Micro's Zero Day Initiative (ZDI) said the volume is the lowest since August 2021, although it pointed out that "this number is expected to rise in the coming months." Microsoft has rolled out Patch Tuesday updates for May 2023 to address 38 security flaws, including two zero-day bugs that it said are being actively exploited in the wild. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |