What is ‘Exploit Wednesday’?
Security patches are released by Microsoft on the second Wednesday of every month, following ‘Patch Tuesday’. When vulnerabilities are confirmed, exploits are soon to follow.
It was found that the Word preview pane could be an attack vector, meaning malicious files could be viewed and used for exploitation. CVE-2023-36761 had been exploited in the wild and publicly disclosed.
The Zero-Day Exploit
The exploit can lead to Net-NTLMv2 hashes being disclosed, which are then used for authentication in Windows environments. Granting unauthorized access og sensitive information or systems.
CVE-2023-36802 is another vulnerability. It was an exploit in Microsoft’s streaming service, Proxy. Microsoft patched current versions of Word all the way back to 2013. Fifty-nine vulnerability fixes and twenty-four remote code execution fixes rolled out on September 12th.
Though the update is patched, it is possible that your Microsoft password was compromised. Ensure you change it, and that multi-factor authentication is set up properly.
Keep your company running with a Fully Managed IT Staff!
Growth Mode Technologies offers IT staffing, a focus on cyber security measures and more! Check out our services guide or contact us at email@example.com.