Microsoft released on March 14, 2023, a security update that fixes at least 74 bugs in Windows and other software. Hackers are already attacking two flaws, including a very serious one in Microsoft Outlook.
Microsoft Outlook Vulnerability
The Outlook bug, CVE-2023-23397, affects all versions of Microsoft Outlook from 2013 to the most recent one.
Microsoft said that threat actors are taking advantage of this bug. It starts working automatically when a malicious email goes to an email server, even before it appears in the Preview Pane.
CVE-2023-23397 is an NTLM relay exploit that enables an attacker to gain a user’s Windows account password and use it in a “Pass The Hash” attack.
The flaw makes it possible for a threat actor to pose as a trustworthy person. This is the same as an attacker having a valid password and getting into an organization’s systems.
Windows SmartScreen Vulnerability
The second exploited flaw, CVE-2023-24880, is a “Security Feature Bypass” in Windows
SmartScreen. The flaw can let malicious code run without SmartScreen checks.
CVE-2023-24880 lets threat actors create files that get around Mark of the Web (MOTW)
defenses. By bypassing the MOTW, hackers can spread malware through documents and other infected files that SmartScreen normally blocks.
Microsoft also fixed seven other security flaws this week with a “critical” rating. The rating
means that a threat actor could take complete remote control of a Windows host without the user having to do much.
Action Plan for Business Owners
Windows is a staple in many businesses. Owners should take the following precautions to protect their clients and make sure their systems are safe:
- Install security updates quickly. Once there’s a new patch, you should update your
software to stop exploitation.
- Establish a regular update schedule. Check for and apply updates for your operating
system, apps, and security programs on a regular basis.
- Get people to use strong passwords. Encourage employees to use strong, unique
passwords and consider using a password manager.
- Enable multi-factor authentication. This provides an added layer of security.
- Train your workers about security. Teach your employees best practices, like spotting suspicious emails and what to do when a cyberattack happens.
- Always have a backup plan. Back up your data regularly and keep it in several places for quick recovery.
- Monitor network activity. Use tools for network monitoring to find strange behavior and possible threats.
- Develop an incident response plan. Plan for handling cybersecurity issues, including ways to deal with threats.
- Review policies on security. Regularly review and update security policies to adapt to new threats and technology.
Organizations need to be always aware of cyber dangers. By regularly reviewing and updating security rules, you can keep your digital environment safe from threats.