Rewterz Threat Advisory – Multiple Microsoft Edge Chromium-based Vulnerabilities

Rewterz Threat Advisory – Multiple Microsoft Dynamics 365 Vulnerabilities

December 13, 2023

Rewterz Threat Update – Microsoft Warns of OAuth Apps Utilized for Automatic BEC and Cryptomining Attacks

December 13, 2023

Rewterz Threat Advisory – Multiple Microsoft Edge Chromium-based Vulnerabilities

Severity

High

Analysis Summary

CVE-2023-35618 CVSS:9.6

Microsoft Edge (Chromium-based) could allow a remote attacker to gain elevated privileges on the system. By persuading a victim to open specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system with higher privileges.

CVE-2023-38174 CVSS:4.3

Microsoft Edge (Chromium-based) could allow a remote attacker to obtain sensitive information. By persuading a victim to visit a specially crafted URL, an attacker could exploit this vulnerability to obtain limited information and use this information to launch further attacks against the affected system.

Impact

Privileges Escalation
Information Disclosure

Indicators Of Compromise

CVE

CVE-2023-35618
CVE-2023-38174

Affected Vendors

Microsoft

Affected Products

Microsoft Edge (Chromium-based)

Remediation

Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.

CVE-2023-35618

CVE-2023-38174

Rewterz Threat Advisory – Multiple Microsoft Dynamics 365 Vulnerabilities

Rewterz Threat Update – Microsoft Warns of OAuth Apps Utilized for Automatic BEC and Cryptomining Attacks

Rewterz Threat Advisory – Multiple Microsoft Edge Chromium-based Vulnerabilities

Severity

Analysis Summary

Impact

Indicators Of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan