Security News
The Latest Zero-Day Vulnerabilities From Apple, Microsoft
Kyle Alspach
The tech giants this week disclosed new vulnerabilities that they said have been exploited in cyberattacks.
Microsoft: Office Security Bypass Vulnerability
The first of the three exploited vulnerabilities disclosed by Microsoft affects Office and is tracked at CVE-2023-21715. It’s rated as being “important” in terms of severity by Microsoft. However, the company has offered “no info on how widespread these exploits may be,” wrote Dustin Childs of Trend Micro’s Zero Day Initiative.
According to Microsoft, an attacker could exploit the vulnerability in order to bypass the recently added Office macro policies for blocking untrusted files. Childs said the vulnerability “sounds more like a privilege escalation than a security feature bypass.” Still, “active attacks in a common enterprise application shouldn’t be ignored,” he wrote.
Cribelar wrote that “it is not clear what the execution of the exploit can allow for the attacker to achieve further,” but that the exploit “likely leads to the ability for the attacker to bypass further security features.”
