Security News
The Latest Zero-Day Vulnerabilities From Apple, Microsoft
Kyle Alspach
The tech giants this week disclosed new vulnerabilities that they said have been exploited in cyberattacks.
Microsoft: Windows Remote Code Execution Vulnerability
The final exploited vulnerability disclosed by Microsoft on Tuesday also impacts Windows — including many versions of Windows Server, along with Windows 10 and 11 — and is tracked at CVE-2023-21823. It’s rated as being “important” in terms of severity by Microsoft.
Microsoft said that an attacker could exploit the vulnerability, which affects a Windows graphics component, to gain system privileges.
The vulnerability “appears to exist due to fact that a user can trigger memory corruption due to a boundary error and execute arbitrary code from within the Graphics Driver Component in Windows,” Cribelar wrote.
Microsoft has specifically singled out the possibility of leveraging the vulnerability with OneNote, Immersive Labs’ Kevin Breen told Brian Krebs. Breen noted that there has recently been increased utilization of OneNote in targeted attacks.
