Microsoft Seeing Exploits Of Windows Zero Day Vulnerability
The company issued a patch for the bug, which can enable an escalation of user privileges within numerous versions of Windows and Windows Server operating systems.
Microsoft said Tuesday it has released a fix for a Windows zero day vulnerability that is seeing exploitation in real-world systems.
The vulnerability, which is being tracked as CVE-2023-21674, has received a patch as part of Microsoft‘s monthly release of bug fixes, popularly known as “Patch Tuesday.”
It’s the first zero day vulnerability to see “in the wild” exploitation in 2023, according to Maddie Stone, a well-known security researcher at Google. It was discovered by researchers from Avast.
[RELATED STORY: Microsoft Unites Windows 365, Azure Virtual Desktop Under Windows Superstar Scott Manchester ]
Microsoft said the vulnerability could be used to elevate a user’s privileges, a tactic often used by attackers as part of taking over a system and deploying malware or ransomware.
Specifically, the Windows vulnerability could allow a user to escape an isolated Chromium browser environment, potentially leading to the gaining of privileges for controlling the system, according to Dustin Childs of Trend Micro’s Zero Day Initiative.
Such bugs are often combined with other techniques to deploy ransomware or malware, and “considering this was reported to Microsoft by researchers from Avast, that scenario seems likely here,” Childs wrote in a blog post.
Microsoft reported that numerous versions of Windows and Windows Server operating systems are affected by the CVE-2023-21674 vulnerability.
On Tuesday, as part of its January 2023 security updates release, Microsoft disclosed a total of 98 newly released patches for vulnerabilities in its product portfolio.
Eleven of the patches are rated to be “critical” while the remaining 87 are characterized as “important,” according to Childs.
“This volume is the largest we’ve seen from Microsoft for a January release in quite some time,” he wrote in the blog.
Among the critical vulnerabilities is a SharePoint server bug, tracked at CVE-2023-21743, that could allow an unauthenticated user to remotely connect to a vulnerable SharePoint server, according to Childs.
Luis Alvarez, president and CEO of Salinas, Calif.-based Alvarez Technology Group, told CRN that while dealing with vulnerabilities and patches for clients is a “daunting task” for his firm, the large number of vulnerability discoveries is a good sign in one sense.
“It just goes to show that there’s a lot more work being done to uncover those. The white hat [researchers] are doing that work — they’re not just waiting for the cybercriminals to discover them,” Alvarez said, pointing to the fact that the Windows zero day vulnerability was discovered by Avast researchers.
“There are more people looking for vulnerabilities than ever before, and that means there’s a lot more visibility” about the issues, he said.