Multiple critical vulnerabilities in Microsoft products demand immediate patching. Attackers actively exploit flaws in Windows, Office, and Azure services.
Critical security vulnerabilities affect multiple Microsoft products. Organizations must apply patches immediately. Attackers actively exploit these flaws in the wild.
Microsoft's Security Response Center (MSRC) has released updates addressing several critical CVEs. CVSS scores range from 7.8 to 9.8. All versions are vulnerable.
Affected Products
- Windows 10 and 11
- Windows Server 2019-2022
- Microsoft Office 2019-2021
- Azure DevOps Server
- Exchange Server
Critical Vulnerabilities
CVE-2023-23397 (CVSS 8.8)
Windows Common Log File System driver contains a privilege escalation vulnerability. Successful exploitation could lead to system compromise.
CVE-2023-21716 (CVSS 9.8)
Microsoft Outlook remote code execution flaw. Attackers can execute arbitrary code via specially crafted email messages.
CVE-2023-23408 (CVSS 7.8)
Azure DevOps Server information disclosure vulnerability. Sensitive data exposure possible through API manipulation.
Mitigation Steps
- Install all security updates immediately
- Verify patch deployment across all systems
- Enable multi-factor authentication
- Restrict administrative privileges
- Monitor for unusual activity
Timeline
- Release date: June 13, 2023
- Exploitation observed: June 14, 2023
- Required action: Immediate
Additional Resources
Organizations without immediate patching capabilities should implement compensating controls. Network segmentation can limit potential damage.
The Microsoft Security Response Center continues monitoring for exploitation. Additional updates may be released as needed.
Failure to patch these vulnerabilities will result in system compromise. All organizations must treat this as a priority security incident.
Comments
Please log in or register to join the discussion