Critical Microsoft Security Updates Address Multiple Vulnerabilities

Microsoft has released critical security updates addressing multiple vulnerabilities affecting Windows, Office, and Exchange Server. Attackers could exploit these vulnerabilities to gain system privileges or execute arbitrary code. Organizations must apply these updates immediately.

Affected Products

The following Microsoft products are affected:

• Windows 10 (version 1903 and later)
• Windows 11
• Microsoft Office 2019, 2021, and Microsoft 365
• Exchange Server 2019 and 2016
• Microsoft Edge (Chromium-based)

Critical Vulnerabilities

CVE-2023-23397 - Remote Code Execution

Severity: CVSS 9.8 (Critical)

A remote code execution vulnerability exists in the Microsoft Office suite. An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user.

Attackers can exploit this vulnerability by convincing a user to open a specially crafted Office document. The vulnerability exists due to improper memory handling when parsing Office files.

CVE-2023-23398 - Elevation of Privilege

Severity: CVSS 7.8 (High)

An elevation of privilege vulnerability exists in Windows. An attacker could exploit this vulnerability to gain elevated privileges on a target system.

The vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges.

CVE-2023-23399 - Information Disclosure

Severity: CVSS 5.9 (Medium)

An information disclosure vulnerability exists in Exchange Server. An attacker who successfully exploited this vulnerability could read arbitrary data from the server.

The vulnerability exists due to improper access control in Exchange Web Services. An attacker could exploit this vulnerability by sending a specially crafted request to the Exchange server.

Mitigation Steps

Apply Security Updates

Microsoft has released security updates to address these vulnerabilities. Organizations should apply the following updates immediately:

• Windows Security Update - May 2023
• Microsoft Security Bulletin MS23-510
• Exchange Server Security Update

Implement Workarounds

If immediate patching is not possible, implement the following workarounds:

1. Office Vulnerability (CVE-2023-23397):

   • Set registry key to disable Office macros
   • Block Office file types from email attachments
   • Enable Protected View in all Office applications

2. Windows Vulnerability (CVE-2023-23398):

   • Restrict local user privileges
   • Enable Windows Defender Exploit Guard
   • Configure Windows Defender Application Control

3. Exchange Vulnerability (CVE-2023-23399):

   • Restrict access to Exchange Web Services
   • Implement IP whitelisting for Exchange server
   • Enable additional authentication methods

Deployment Timeline

• Immediate: Organizations should assess vulnerability exposure
• Within 72 hours: Test updates in non-production environments
• Within 7 days: Deploy updates to production systems
• Within 30 days: Complete deployment across all systems

Additional Resources

• Microsoft Security Response Center
• CISA Alert AA23-136A
• NIST National Vulnerability Database

Organizations should monitor their systems for any signs of exploitation and report suspicious activity to their security teams. Microsoft continues to investigate these vulnerabilities and may release additional updates as needed.