Microsoft said that installing the latest update "stops the attack chain" leading to the remote code execution bug. The updates are also in addition to 30 issues addressed by Microsoft in its Chromium-based Edge browser since last month's Patch Tuesday edition and one side-channel flaw impacting certain processor models offered by AMD ( CVE-2023-20569 or Inception).ĪDV230003 concerns an already known security flaw tracked as CVE-2023-36884, a remote code execution vulnerability in Office and Windows HTML that has been actively exploited by the Russia-linked RomCom threat actor in attacks targeting Ukraine as well as pro-Ukraine targets in Eastern Europe and North America.
Released along with the security improvements are two defense-in-depth updates for Microsoft Office ( ADV230003) and the Memory Integrity System Readiness Scan Tool ( ADV230004). This comprises six Critical, 67 Important, and one Moderate severity vulnerabilities. Microsoft has patched a total of 74 flaws in its software as part of the company's Patch Tuesday updates for August 2023, down from the voluminous 132 vulnerabilities the company fixed last month.
0 kommentar(er)
