Microsoft released its August 2023 Patch Tuesday security updates addressing almost 90 vulnerabilities, including two flaws listed as being under active exploitation.
The first issue tracked as CVE-2023-36884 is an Office and Windows HTML remote code execution vulnerability said to have been exploited by the RomCom (aka Storm-0978 and DEV-0978) hacking group in targeted attacks aimed at defense and government entities in Europe and North America. This bug was disclosed back in July but didn’t receive a patch at the time.
The second actively exploited issue is CVE-2023-38180, a .NET and Visual Studio Denial of Service vulnerability that can allow a remote hacker to carry out a denial of service (DoS) attack by sending specially crafted input to the application. Microsoft did not share any details regarding attacks exploiting this vulnerability.
Microsoft's August 2023 Patch Tuesday also includes fixes for numerous high-risk flaws in Microsoft OLE DB, Microsoft HEVC Video Extensions, Microsoft Message Queuing, Exchange Server, Outlook, Excel, Office, Microsoft Teams, Microsoft .NET and Visual Studio, Microsoft .NET Framework, and other software.