- 76/2023
- High
Microsoft has released security updates to fix several vulnerabilities across multiple products.
The released security updates are fixing security flaws in Snipping tool, Snip & Sketch, and Microsoft Edge (Chromium-based). The addressed vulnerabilities could allow the attacker to obtain sensitive information, execute arbitrary code on the system, cause a denial of service, or trigger a buffer overflow by persuading the victim to visit a specially crafted webpage on the affected system.
Sample of the addressed vulnerabilities:
Microsoft Edge (Chromium) Use after free in ANGLE (CVE-2023-1531):
• CVSS: 8.8
• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: None
• User Interaction: Required
• Consequences: Gain Access
It should be highlighted that Microsoft had released a script to be used to search the organization’s Exchange environment for messages where the “PidLidReminderFileParameter” value is set which used to exploit “CVE-2023- 23397”. The mentioned script is available at the following URL: https://microsoft.github.io/CSS-Exchange/Security/CVE-202323397/.
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.