Microsoft has released emergency security updates to address a critical vulnerability in multiple products that could allow remote attackers to execute arbitrary code on affected systems.
Microsoft has released emergency security updates to address a critical vulnerability affecting multiple products. The vulnerability, tracked as CVE-2023-1234, has a CVSS score of 9.8 and allows unauthenticated remote attackers to execute arbitrary code.
Affected products include:
- Windows 11 (versions 22H2 and 23H2)
- Windows Server 2022
- Microsoft Office 2021
- Microsoft 365 Apps for Enterprise
The vulnerability exists in the Windows Graphics Component, which fails to properly handle specially crafted image files. When a user opens a malicious image file, the component can be tricked into executing attacker-controlled code.
Microsoft has rated this vulnerability as critical due to its ease of exploitation and potential for widespread impact. Attackers could exploit this vulnerability by convincing users to visit a malicious website containing a specially crafted image, or by sending malicious image files via email.
Mitigation steps:
Apply the security updates immediately:
- Windows users: Download updates via Windows Update
- Microsoft Office users: Install the latest updates
- Microsoft 365 users: Check for updates in your Office applications
If unable to update immediately, implement the following workarounds:
- Configure the Windows Defender Exploit Guard to block Office applications from creating child processes
- Use Application Control to prevent the execution of untrusted applications
- Block access to potentially suspicious websites using Microsoft Defender SmartScreen
For enterprise environments:
- Deploy updates using Microsoft Endpoint Configuration Manager
- Monitor for exploitation attempts using Microsoft Defender for Endpoint
- Implement network segmentation to limit lateral movement
Microsoft first learned of this vulnerability from external research and has confirmed limited targeted exploitation in the wild. The company credits security researchers from XYZ Security Research for reporting the issue.
Organizations should prioritize applying these updates within the next 7 days. Microsoft typically releases security updates on the second Tuesday of each month (Patch Tuesday), but this emergency update was released outside of the normal schedule due to the severity of the vulnerability.
For more information on this vulnerability, refer to the Microsoft Security Advisory and the official security blog.
Comments
Please log in or register to join the discussion