Carding 4 Carders
Professional
- Messages
- 2,724
- Reaction score
- 1,588
- Points
- 113
Microsoft has been working on bugs in their systems.
On October Tuesday of fixes, Microsoft released updates with fixes for 104 vulnerabilities, including 3 actively exploited zero days (0Day-vulnerability). Among all the fixed errors, 45 belonged to the category of Remote Code Execution (RCE), but only 12 of them were marked as "critical", all of them also belong to RCE.
The distribution of corrected defects by category is presented below:
It should be noted that the total number of threats does not include one vulnerability in Chromium, tracked as CVE-2023-5346 (CVSS: 8.8), which Google fixed on October 3 and which was moved to Microsoft Edge.
This month, 3 actively exploited zero-day vulnerabilities were fixed, two of which were made public (CVE-2023-41763 and CVE-2023-36563). Microsoft classifies a vulnerability as zero-day if it is made public or actively exploited without an official fix.
CVE-2023-41763 (CVSS: 5.3) is a privilege escalation vulnerability in Skype for Business.
Allows an attacker to view some sensitive information, although not all resources in the vulnerable component can be disclosed to the hacker. At the same time, a cybercriminal cannot make changes to the disclosed information (Integrity) or restrict access to the resource (Availability).
The vulnerability allows an attacker to break into internal networks, since Skype is usually open to the public Internet. The flaw was made public.
CVSS: 6.5) is a Microsoft WordPad vulnerability related to the disclosure of informationCVE-2023-36563 (, which can be used to steal NTLM hashes when opening a document in WordPad.
To exploit this threat, an attacker must first log in to the system. After logging in, a cybercriminal can launch a specially created application that could exploit the vulnerability and take control of the affected system.
In addition, a hacker can convince a local user to open a malicious file by sending an email or message. NTLM hashes can be hacked or used in NTLM Relay attacks to gain access to an account.
CVE-2023-44487 — .
The error is related to a new DDoS attack technique called HTTP2 Rapid Reset, which has been actively used since August, breaking all previous records.
The attack abuses the HTTP/2 thread cancellation feature to continuously send and cancel requests, overloading the target server / application and causing a Denial of service (DoS) state. Since the feature is built into the HTTP/2 standard, there is no "fix" for this technique that can be implemented other than rate limiting or blocking the protocol.
Microsoft suggested disabling the HTTP/2 protocol on the web server as a measure to mitigate the threat. However, the corporation also provided a special article about the HTTP/2 Rapid Reset attack with additional information.
BleepingComputer specialists provided a complete list of vulnerabilities that were fixed during Microsoft's Tuesday updates.
On October Tuesday of fixes, Microsoft released updates with fixes for 104 vulnerabilities, including 3 actively exploited zero days (0Day-vulnerability). Among all the fixed errors, 45 belonged to the category of Remote Code Execution (RCE), but only 12 of them were marked as "critical", all of them also belong to RCE.
The distribution of corrected defects by category is presented below:
- Privilege escalation: 26
- Bypassing security systems: 3
- Remote code execution: 45
- Disclosure of information: 12
- Denial of Service (DoS): 17
- Spoofing: 1
It should be noted that the total number of threats does not include one vulnerability in Chromium, tracked as CVE-2023-5346 (CVSS: 8.8), which Google fixed on October 3 and which was moved to Microsoft Edge.
This month, 3 actively exploited zero-day vulnerabilities were fixed, two of which were made public (CVE-2023-41763 and CVE-2023-36563). Microsoft classifies a vulnerability as zero-day if it is made public or actively exploited without an official fix.
CVE-2023-41763 (CVSS: 5.3) is a privilege escalation vulnerability in Skype for Business.
Allows an attacker to view some sensitive information, although not all resources in the vulnerable component can be disclosed to the hacker. At the same time, a cybercriminal cannot make changes to the disclosed information (Integrity) or restrict access to the resource (Availability).
The vulnerability allows an attacker to break into internal networks, since Skype is usually open to the public Internet. The flaw was made public.
CVSS: 6.5) is a Microsoft WordPad vulnerability related to the disclosure of informationCVE-2023-36563 (, which can be used to steal NTLM hashes when opening a document in WordPad.
To exploit this threat, an attacker must first log in to the system. After logging in, a cybercriminal can launch a specially created application that could exploit the vulnerability and take control of the affected system.
In addition, a hacker can convince a local user to open a malicious file by sending an email or message. NTLM hashes can be hacked or used in NTLM Relay attacks to gain access to an account.
CVE-2023-44487 — .
The error is related to a new DDoS attack technique called HTTP2 Rapid Reset, which has been actively used since August, breaking all previous records.
The attack abuses the HTTP/2 thread cancellation feature to continuously send and cancel requests, overloading the target server / application and causing a Denial of service (DoS) state. Since the feature is built into the HTTP/2 standard, there is no "fix" for this technique that can be implemented other than rate limiting or blocking the protocol.
Microsoft suggested disabling the HTTP/2 protocol on the web server as a measure to mitigate the threat. However, the corporation also provided a special article about the HTTP/2 Rapid Reset attack with additional information.
BleepingComputer specialists provided a complete list of vulnerabilities that were fixed during Microsoft's Tuesday updates.
