Rewterz Threat Alert – Lumma Stealer Malware aka LummaC – Active IOCs
September 13, 2023Advisory Threat Advisory – Multiple Microsoft Office Vulnerabilities
September 13, 2023Rewterz Threat Alert – Lumma Stealer Malware aka LummaC – Active IOCs
September 13, 2023Advisory Threat Advisory – Multiple Microsoft Office Vulnerabilities
September 13, 2023Severity
High
Analysis Summary
CVE-2023-36777 CVSS:5.7
Microsoft Exchange Server could allow a remote authenticated attacker to obtain sensitive information. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.
CVE-2023-36744 CVSS:8
Microsoft Exchange Server could allow a remote authenticated attacker to execute arbitrary code on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-36745 CVSS:8
Microsoft Exchange Server could allow a remote authenticated attacker to execute arbitrary code on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-36756 CVSS:8
Microsoft Exchange Server could allow a remote authenticated attacker to execute arbitrary code on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-36757 CVSS:8
Microsoft Exchange Server could allow a remote authenticated attacker to conduct spoofing attacks.
Impact
- Information Disclosure
- Code Execution
- Gain Access
Indicators Of Compromise
CVE
- CVE-2023-36777
- CVE-2023-36744
- CVE-2023-36745
- CVE-2023-36756
- CVE-2023-36757
Affected Vendors
Microsoft
Affected Products
- Microsoft Exchange Server 2016 CU23
- Microsoft Exchange Server 2019 CU12
- Microsoft Exchange Server 2019 CU13
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.