Microsoft has fixed a flaw that allowed hackers to abuse the iconic WordPad application to steal NTLM hashes - cryptographic formats in which Windows stores user passwords.
The vulnerability is tracked as CVE-2023-36563, a 6.5 severity score flaw described as an information disclosure bug. It’s apparently one of two flaws being abused in the wild right now.
Microsoft fixed the flaw as part of its Patch Tuesday practice - a cumulative security update that this month saw more than 100 flaws get fixed.
Skype for Business
Microsoft says threat actors could abuse the disclosure bug in two ways, either to log in as a Windows user and run a “specially crafted” application or to get the victim to run a piece of malware themselves. In both scenarios, the end goal is the same - to take control of the affected endpoint.
Those who are unable to apply the fix immediately can apparently apply a workaround, courtesy of Dustin Childs from the Zero Day Initiative. The workaround includes blocking outbound NTLM-over-SMB on Windows 11. "This new feature hasn't received much attention, but it could significantly hamper NTLM-relay exploits," The Register cited Childs.
The second vulnerability being abused by threat actors is a privilege escalation flaw found in Skype for Business. Tracked as CVE-2023-41763, it carries a severity score of 5.3 and could lead to information disclosure.
"An attacker could make a specially crafted network call to the target Skype for Business server, which could cause the parsing of an HTTP request made to an arbitrary address," Microsoft wrote. As a result, a threat actor could obtain information such as IP addresses or port numbers - although the information would be read-only, though.
Among other fixed flaws is Rapid Reset, a vulnerability in HTTP/2 that allowed hackers to mount the largest DDoS attack ever recorded.
More from TechRadar Pro
- Thousands of corporate logins have been taken by info-stealing malware
- Here's a list of the best firewalls today
- These are the best endpoint protection services right now
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.