This week, Microsoft patched three zero-day vulnerabilities (CVE-2023-21715, CVE-2023-21823, and CVE-2023-23376) that are currently being exploited by attackers.
According to Microsoft's advisory, CVE-2023-21715 pertains to a scenario where an authenticated user launches an attack on a targeted system. The attacker uses social engineering techniques to convince the victim to download and open a custom-made file from a website, resulting in a localized attack on the victim's device. This attack can potentially override Publisher macro policies intended to prevent the execution of untrusted or harmful files or allow the attacker to obtain SYSTEM privileges.
The researchers from Immersive Labs stated that CVE-2023-23376 is a vulnerability found in the CLFS component, which is responsible for managing and maintaining a high-performance, transaction-based log file system within the Windows operating system. As a critical part of the system, any security flaws in this driver could result in severe consequences for the system's security and reliability.
The final vulnerability, CVE-2023-21823, involves Microsoft OneNote for Android. Recently, the note-taking service has been used to distribute malware, therefore it is crucial that users apply the appropriate patches.
At this time, there are no known IoCs associated with CVE-2023-21715, CVE-2023-21823, and CVE-2023-23376. Avertium’s threat hunters remain vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.