Microsoft fixes two actively exploited bugs

Microsoft fixes two actively exploited bugs

Microsoft released its August 2023 Patch Tuesday security updates addressing almost 90 vulnerabilities, including two flaws listed as being under active exploitation.

The first issue tracked as CVE-2023-36884 is an Office and Windows HTML remote code execution vulnerability said to have been exploited by the RomCom (aka Storm-0978 and DEV-0978) hacking group in targeted attacks aimed at defense and government entities in Europe and North America. This bug was disclosed back in July but didn’t receive a patch at the time.

The second actively exploited issue is CVE-2023-38180, a .NET and Visual Studio Denial of Service vulnerability that can allow a remote hacker to carry out a denial of service (DoS) attack by sending specially crafted input to the application. Microsoft did not share any details regarding attacks exploiting this vulnerability.

Microsoft's August 2023 Patch Tuesday also includes fixes for numerous high-risk flaws in Microsoft OLE DB, Microsoft HEVC Video Extensions, Microsoft Message Queuing, Exchange Server, Outlook, Excel, Office, Microsoft Teams, Microsoft .NET and Visual Studio, Microsoft .NET Framework, and other software.

Back to the list

Latest Posts

Cyber Security Week in Review: July 25, 2025

Cyber Security Week in Review: July 25, 2025

In brief: Microsoft SharePoint zero-days exploited in widespread attacks, the Russian aerospace and defense industries targeted in Operation CargoTalon, and more.
25 July 2025
Microsoft warns of Warlock ransomware attacks exploiting SharePoint flaws

Microsoft warns of Warlock ransomware attacks exploiting SharePoint flaws

The attackers are using the flaws to deploy a malicious web shell named spinstall0.aspx.
24 July 2025
Lumma infostealer returns after May police crackdown

Lumma infostealer returns after May police crackdown

Lumma has shifted away from previous use of Cloudflare and is now leveraging alternative cloud services, particularly the Russian provider Selectel.
23 July 2025