On February 14th, 2023, Microsoft released a patch for multiple vulnerabilities including CVE-2023-21715, CVE-2023-23376, and CVE-2023-21823. The first, CVE-2023-21715, can enable an attacker to bypass a Microsoft Publisher security policy that disables macros by default. In the case of a successful social engineering or phishing attack, this would let attackers use that machine as an initial foothold in an environment to then spread from. The second vulnerability, CVE-2023-23376, was uncovered by the Microsoft Security Intelligence Center (MSTIC). This vulnerability can be used to gain SYSTEM privileges and could be used in tandem with an RCE exploit to gain complete control over a machine. Finally, CVE-2023-21823, which was found by security researchers at Mandiant, exploits a graphical component for remote code execution. The exploit for this vulnerability has a low level of complexity, and while a proof-of-concept is not yet public, it could allow for an attacker to takeover an unpatched machine.
12 Essentials for a Successful SOC Partnership
As cyber threats continue to impact businesses of all sizes, the need for round-the-clock security