Rewterz Threat Alert – APT-C-35 aka Donot Team – Active IOCs
January 11, 2023Rewterz Threat Advisory –Multiple Microsoft Office Vulnerabilities
January 11, 2023Severity
Medium
Analysis Summary
CVE-2023-21762 CVSS:8
Microsoft Exchange Server could allow a remote authenticated attacker to conduct spoofing attacks.
CVE-2023-21764 CVSS:7.8
Microsoft Exchange Server could allow a local authenticated attacker to gain elevated privileges on the system. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges.
CVE-2023-21761 CVSS:7.5
Microsoft Exchange Server could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in the Cryptographic component. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.
CVE-2023-21745 CVSS:8
Microsoft Exchange Server could allow a remote authenticated attacker to conduct spoofing attacks.
CVE-2023-21763 CVSS:7.8
Microsoft Exchange Server could allow a local authenticated attacker to gain elevated privileges on the system. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges.
Impact
- Spoofing
- Privilege Escalation
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2023-21762
- CVE-2023-21764
- CVE-2023-21761
- CVE-2023-21745
- CVE-2023-21763
Affected Vendors
Microsoft
Affected Products
- Microsoft Exchange Server 2013 CU23
- Microsoft Exchange Server 2016 CU22
- Microsoft Exchange Server 2019 CU11
- Microsoft Exchange Server 2016 CU23
- Microsoft Exchange Server 2019 CU12
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.