"Microsoft Zero-Day Bugs Allow Security Feature Bypass"

Two zero-day vulnerabilities need to be patched immediately, one in Microsoft Outlook's authentication mechanism and another discovered to be a Mark-of-the-Web (MOTW) bypass. Automox researchers advised enterprises to patch these vulnerabilities within 24 hours, as they are being exploited in the wild. In addition, several of the vulnerabilities addressed in the March update enable Remote Code Execution (RCE), making them a patching priority. Vendors reported slightly varying estimates of the total number of new severe vulnerabilities in Microsoft's March update, presumably because of differences in what they counted. For example, Trend Micro's Zero-Day Initiative (ZDI) determined that six of the vulnerabilities in Microsoft's March update were critical, whereas Tenable and Action1 estimated nine. One of the zero-day vulnerabilities is a critical privilege escalation flaw, tracked as CVE-2023-23397, in Microsoft Outlook, which allows an attacker to access the victim's Net-NTLMv2 challenge-response authentication hash and then impersonate the user. An attacker could exploit the vulnerability by sending a specially crafted email that Outlook gets and processes before the user views it in the Preview Pane. This article continues to discuss the actively exploited bugs in Microsoft Outlook and the MOTW feature. 

Dark Reading reports "Microsoft Zero-Day Bugs Allow Security Feature Bypass"