{"id":31731,"date":"2023-09-20T00:45:44","date_gmt":"2023-09-19T22:45:44","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=31731"},"modified":"2023-09-19T11:53:12","modified_gmt":"2023-09-19T09:53:12","slug":"cisa-warns-of-attacks-against-microsoft-word-and-adobe-vulnerabilities","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2023\/09\/20\/cisa-warns-of-attacks-against-microsoft-word-and-adobe-vulnerabilities\/","title":{"rendered":"CISA warns of attacks against Microsoft Word and Adobe vulnerabilities"},"content":{"rendered":"<p><img decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline;\" title=\"Sicherheit (Pexels, allgemeine Nutzung)\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2021\/04\/Sicherheit_klein.jpg\" alt=\"Sicherheit (Pexels, allgemeine Nutzung)\" width=\"200\" align=\"left\" \/>[<a href=\"https:\/\/www.borncity.com\/blog\/2023\/09\/18\/cisa-warnt-vor-angriffen-auf-microsoft-word-und-adobe-schwachstellen\/\" target=\"_blank\" rel=\"noopener\">German<\/a>]US cybersecurity agency CISA is currently warning of attacks that target the vulnerabilities in Microsoft Word and Adobe products that were patched in September 2023. For the September 2023 patchday, Microsoft had indeed released security updates for various products that close 59 vulnerabilities. This includes two critical vulnerabilities that are actively exploited by attackers.<\/p>\n<p><!--more--><\/p>\n<p>The two vulnerabilities in Microsoft products mentioned above are <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-36761\" target=\"_blank\" rel=\"noopener\">CVE-2023-36761<\/a> in Microsoft Word and <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-36802\" target=\"_blank\" rel=\"noopener\">CVE-2023-36802<\/a> in Microsoft Streaming Service Proxy (see my blog post <a href=\"https:\/\/borncity.com\/win\/2023\/09\/13\/microsoft-security-update-summary-september-12-2023\/\">Microsoft Security Update Summary (September 12, 2023)<\/a>).<\/p>\n<p>The Information Disclosure vulnerability in Microsoft Word has been closed with updates. The updates for Office 2013\/2016, for example, are listed in the blog post <a href=\"https:\/\/borncity.com\/win\/2023\/09\/14\/patchday-microsoft-office-updates-september-12-2023\/\">Patchday: Microsoft Office Updates (September 12, 2023)<\/a>. Problem is there, however, that there are subsequently issues with individual users after the update installation. I had pointed out this problem in the blog post <a href=\"https:\/\/borncity.com\/win\/2023\/09\/15\/office-2016-update-kb5002457-causes-appwiz-cp-mso-dll-errors\/\">Office 2016 Update KB5002457 causes appwiz.cp-\/mso.dll errors<\/a> &#8211; why it does not occur with all users is unknown to me.<\/p>\n<p><a href=\"https:\/\/therecord.media\/microsoft-adobe-bugs-cisa-kev-list\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" title=\"CISA Warnung\" src=\"https:\/\/i.postimg.cc\/7ZbG8bcH\/image.png\" alt=\"CISA Warnung\" \/><\/a><\/p>\n<p>CISA's warning now refers to the vulnerabilities closed in the products mentioned here. The colleagues from The Record have picked up on this in the above tweet and prepare some details in <a href=\"https:\/\/therecord.media\/microsoft-adobe-bugs-cisa-kev-list\" target=\"_blank\" rel=\"noopener\">this article<\/a>.<\/p>\n<p><strong>Similar articles<br \/>\n<\/strong><a href=\"https:\/\/borncity.com\/win\/2023\/09\/13\/microsoft-security-update-summary-september-12-2023\/\">Microsoft Security Update Summary (September 12, 2023)<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2023\/09\/13\/patchday-windows-10-updates-september-2023\/\">Patchday: Windows 10 Updates (September 2023)<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2023\/09\/13\/patchday-windows-11-server-2022-updates-september-12-2023\/\" target=\"_blank\" rel=\"noopener\">Patchday: Windows 11\/Server 2022 Updates (September 12, 2023)<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2023\/09\/13\/patchday-windows-7-server-2008-r2-server-2012-r2-updates-september-12-2023\/\">Patchday: Windows 7\/Server 2008 R2; Server 2012 R2 Updates (September 12, 2023)<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2023\/09\/14\/patchday-microsoft-office-updates-september-12-2023\/\">Patchday: Microsoft Office Updates (September 12, 2023)<\/a><\/p>\n<p><a href=\"https:\/\/borncity.com\/win\/2023\/08\/23\/windows-11-22h2-preview-update-kb5029351-august-22-2023\/\">Windows 11 22H2: Preview Update KB5029351 (August 22, 2023)<\/a><a href=\"https:\/\/www.borncity.com\/blog\/2023\/08\/23\/windows-11-22h2-preview-update-kb5029351-22-august-2023\/\"><br \/>\n<\/a><a href=\"https:\/\/borncity.com\/win\/2023\/08\/23\/windows-11-21h2-preview-update-kb5029332-august-22-2023\/\" target=\"_blank\" rel=\"noopener\">Windows 11 21H2: Preview-Update KB5029332 (August 22, 2023)<\/a><a href=\"https:\/\/www.borncity.com\/blog\/2023\/08\/23\/windows-11-22h2-preview-update-kb5029351-22-august-2023\/\"><br \/>\n<\/a><a href=\"https:\/\/borncity.com\/win\/2023\/08\/23\/windows-10-22h2-preview-update-kb5029331-august-22-2023\/\">Windows 10 22H2 Preview Update KB5029331 (August 22, 2023)<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]US cybersecurity agency CISA is currently warning of attacks that target the vulnerabilities in Microsoft Word and Adobe products that were patched in September 2023. For the September 2023 patchday, Microsoft had indeed released security updates for various products that &hellip; <a href=\"https:\/\/borncity.com\/win\/2023\/09\/20\/cisa-warns-of-attacks-against-microsoft-word-and-adobe-vulnerabilities\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580],"tags":[69],"class_list":["post-31731","post","type-post","status-publish","format-standard","hentry","category-security","tag-security"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/31731","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=31731"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/31731\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=31731"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=31731"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=31731"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}