9 August 2023

Microsoft fixes two actively exploited bugs


Microsoft fixes two actively exploited bugs

Microsoft released its August 2023 Patch Tuesday security updates addressing almost 90 vulnerabilities, including two flaws listed as being under active exploitation.

The first issue tracked as CVE-2023-36884 is an Office and Windows HTML remote code execution vulnerability said to have been exploited by the RomCom (aka Storm-0978 and DEV-0978) hacking group in targeted attacks aimed at defense and government entities in Europe and North America. This bug was disclosed back in July but didn’t receive a patch at the time.

The second actively exploited issue is CVE-2023-38180, a .NET and Visual Studio Denial of Service vulnerability that can allow a remote hacker to carry out a denial of service (DoS) attack by sending specially crafted input to the application. Microsoft did not share any details regarding attacks exploiting this vulnerability.

Microsoft's August 2023 Patch Tuesday also includes fixes for numerous high-risk flaws in Microsoft OLE DB, Microsoft HEVC Video Extensions, Microsoft Message Queuing, Exchange Server, Outlook, Excel, Office, Microsoft Teams, Microsoft .NET and Visual Studio, Microsoft .NET Framework, and other software.

Back to the list

Latest Posts

North Korean Lazarus Group targets software devs in Operation 99 campaign

North Korean Lazarus Group targets software devs in Operation 99 campaign

Operation 99 aims to steal sensitive information, including source code, configuration files, API keys, and crypto wallet credentials.
20 January 2025
Threat actors impersonating Ukraine’s CERT using AnyDesk

Threat actors impersonating Ukraine’s CERT using AnyDesk

In these cases, threat actors sent requests to connect via AnyDesk, falsely claiming to represent CERT-UA.
20 January 2025
Europol's largest-ever operation seizes millions in criminal assets worldwide

Europol's largest-ever operation seizes millions in criminal assets worldwide

The global operation uncovered 83 crypto wallets and addresses linked to criminal organizations.
20 January 2025