Microsoft patches zero-days used by state-sponsored and ransomware threat actors (CVE-2023-23397, CVE-2023-24880)

It’s March 2023 Patch Tuesday, and Microsoft has delivered fixes for 74 CVE-numbered vulnerabilities, including two actively exploited in the wild (CVE-2023-23397, CVE-2023-24880) by different threat actors. About CVE-2023-23397 “CVE-2023-23397 is a critical EoP vulnerability in Microsoft Outlook that is triggered when an attacker sends a message with an extended MAPI property with a UNC path to an SMB (TCP 445) share on a threat actor-controlled server. No user interaction is required,” Microsoft explained. “The … More →

The post …

0 day actively exploited actor critical cve cve-2023-23397 cve-2023-24880 don't miss eop exploited fixes google government-backed attacks hot stuff march message microsoft microsoft outlook ms office outlook patch patches patch tuesday path ransomware security update server share smb sponsored state tcp tenable threat threat actor threat actors trend micro tuesday unc vulnerabilities vulnerability windows zero-days