 |
| Microsoft releases monthly security updates to fix 98 security vulnerabilities |
On Tuesday, Microsoft released its monthly security update and announced 98 vulnerabilities, including: 11 "critical" vulnerabilities, 87 "important" vulnerabilities, and no vulnerabilities rated "moderate".
According to the American software giant, serious security vulnerabilities are unlikely to be exploited, except for a security bypass vulnerability with ID (CVE-2023-21743), which can be exploited on a server (Microsoft SharePoint Server).
The company stated that the vulnerability is of low complexity and could easily be exploited by attackers. During a cyberattack, an unauthenticated user can connect to a compromised SharePoint server anonymously.
Microsoft said it downplays the possibility of exploiting "critical" vulnerabilities: (CVE-2023-21535) and (CVE-2023-21548) due to their complexity. These are two Windows SSTP remote code execution (RCE) vulnerabilities that could allow an unauthenticated attacker to send a specially crafted connection request to a remote access server, resulting in remote code execution and command execution that would lead to server. compromised system.
There are also five "critical" remote code execution vulnerabilities affecting the L2TP protocol that, if successfully exploited, could allow an unauthenticated attacker to run code on a remote access server. These vulnerabilities are: (CVE-2023-21543), (CVE-2023-21546), (CVE-2023-21555), (CVE-2023-21556) and (CVE-2023-21679).
The last "critical" vulnerability mentioned here is the vulnerability (CVE-2023-21730) which is also a remote code execution vulnerability in the Windows Cryptographic Service. Microsoft did not specify the vulnerability except to say that it is distributed over the Internet and has low complexity.
Developers may also be at risk from (CVE-2023-21779), a remote code execution vulnerability in Visual Studio Code, which has been classified as critical, and users can be tricked into opening malicious files in vscode.