![]() ![]() One of the disclosed vulnerabilities ( CVE-2023-36884), which hasn’t yet been patched, is a remote code execution flaw affecting Microsoft Office. ![]() Microsoft has issued security fixes for 132 flaws, six of which were being actively exploited in the wild, BleepingComputer reports. The advisory explains that attackers can exploit the loophole to cross the user-kernel barrier, which is crucial for “maintaining the integrity and security of the OS.” Talos has alerted Microsoft, which has since disabled all forged certificates that could have passed through this loophole. ![]() Based on the language code discovered in the metadata in the corrupted drivers, the researchers assess the threat actors to be Chinese nationals. “We have observed over a dozen code signing certificates with keys and passwords contained in a PFX file hosted on GitHub used in conjunction with these open source tools,” the advisory notes. Cisco Talos researchers discovered that threat actors took advantage of a policy loophole in Windows cross-signed kernel drivers that allowed forgery of timestamps and loading of unverified malicious drivers to expired certificates. Microsoft has also dealt with other Chinese exploitation of its products. Open source tools allow threat actors to exploit a loophole in Microsoft's kernel driver authentication procedures. According to the Wall Street Journal, the US Government is investigating the scope of the Chinese operation and assessing what damage it might have caused. Microsoft said, "They did this by using forged authentication tokens to access user email using an acquired Microsoft account (MSA) consumer signing key." Since discovering the activity, Microsoft has completed mitigating its effects for all the customers involved. Investigation subsequently determined that this was part of a cyberespionage campaign that began on or around May 15th of this year. Microsoft noticed "anomalous" mail activity on June 16th. The group "gained access to email accounts affecting approximately 25 organizations including government agencies as well as related consumer accounts of individuals likely associated with these organizations," Redmond explained. Late yesterday Microsoft described activity by the Chinese government threat actor it tracks as Storm-0558.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |