The Canadian Government is urging users of Microsoft operating systems to install all the patches that came out as part of Microsoft’s Patch Tuesday dump to fix a vulnerability where a malicious email can pwn you even before you open the email in question:
The Canadian Centre for Cyber Security is warning about a significant vulnerability impacting Microsoft email users that allows threat actors to steal victims’ identities.
The alert sent out Wednesday says the advisory from Microsoft was one of “several critical vulnerabilities” published by the company the day before.
“We are flagging this alert this evening due to the seriousness of the vulnerability,” a spokesperson for the Cyber Centre said in an email to Global News Wednesday.
The advisory in question, dubbed CVE-2023-23397 by Microsoft, disclosed a zero-day vulnerability found in an email crafted by threat actors that contains a malicious payload, the agency said.
That payload will cause the victim’s Outlook email client to automatically connect to a universal naming convention agent controlled by the actor who will then receive the user’s password hash, which contains login credentials.
Microsoft users are being advised to install newly-pushed security patches immediately to protect themselves from the vulnerability.
I’ve rarely seen a Patch Tuesday where there has been critical patch after critical patch that users are urged to install. My suggestion would be not to treat this batch of Patch Tuesday updates as trivial. Instead, I would get about patching all the things ASAP because it’s a safe bet that threat actors are going to exploit these vulnerabilities, if they haven’t already.
Like this:
Like Loading...
Related
This entry was posted on March 16, 2023 at 8:45 am and is filed under Commentary with tags Microsoft. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
If You Need Another Reason To Install Microsoft’s Latest Patch Tuesday Updates, The Canadian Government Can Help You With That
The Canadian Government is urging users of Microsoft operating systems to install all the patches that came out as part of Microsoft’s Patch Tuesday dump to fix a vulnerability where a malicious email can pwn you even before you open the email in question:
The Canadian Centre for Cyber Security is warning about a significant vulnerability impacting Microsoft email users that allows threat actors to steal victims’ identities.
The alert sent out Wednesday says the advisory from Microsoft was one of “several critical vulnerabilities” published by the company the day before.
“We are flagging this alert this evening due to the seriousness of the vulnerability,” a spokesperson for the Cyber Centre said in an email to Global News Wednesday.
The advisory in question, dubbed CVE-2023-23397 by Microsoft, disclosed a zero-day vulnerability found in an email crafted by threat actors that contains a malicious payload, the agency said.
That payload will cause the victim’s Outlook email client to automatically connect to a universal naming convention agent controlled by the actor who will then receive the user’s password hash, which contains login credentials.
Microsoft users are being advised to install newly-pushed security patches immediately to protect themselves from the vulnerability.
I’ve rarely seen a Patch Tuesday where there has been critical patch after critical patch that users are urged to install. My suggestion would be not to treat this batch of Patch Tuesday updates as trivial. Instead, I would get about patching all the things ASAP because it’s a safe bet that threat actors are going to exploit these vulnerabilities, if they haven’t already.
Share this:
Like this:
Related
This entry was posted on March 16, 2023 at 8:45 am and is filed under Commentary with tags Microsoft. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.