Warning about 6 security vulnerabilities that can affect systems in Vietnam
The Information Security Department recommends that agencies, organizations, and businesses review to detect systems affected by 6 security vulnerabilities in Microsoft products, update patches, and avoid the risk of being attacked.
The warning about 6 high-level and serious security vulnerabilities existing in Microsoft products was issued by the Department of Information Security, Ministry of Information and Communications based on the March 2023 patch list with 74 new vulnerabilities issued by this technology company.
Notably, among the new security vulnerabilities warned to IT and Information Security units of ministries, branches, and localities; state-owned corporations and groups, banks, and financial institutions, there are 2 vulnerabilities being exploited by attackers in practice. These are the CVE-2023-23397 vulnerability in Microsoft Outlook that allows for privilege escalation attacks; and the CVE-2023-24880 vulnerability in Windows SmartScreen that allows attackers to bypass security mechanisms.
Four other security vulnerabilities that the Department of Information Security also recommended that units pay special attention to include: CVE-2023-23392 exists in HTTP Protocol Stack, CVE-2023-23415 in Internet Control Message Protocol, CVE-2023-23399 in Microsoft Excel and CVE-2023-23400 in Windows DNS Server. All four vulnerabilities allow attackers to execute code remotely.
 |
| Security vulnerabilities are one of the leading causes of cyber attacks targeting organizations and businesses. Illustration photo: Internet |
The Information Security Department recommends that units check, review, and identify computers using Windows operating systems that are likely to be affected; promptly update patches to avoid the risk of cyber attacks. Strengthen monitoring and prepare response plans when detecting signs of exploitation and cyber attacks; regularly monitor warning channels of competent authorities and large organizations on information security to promptly detect the risk of cyber attacks.
In case of necessity, units can contact the support contact of the Information Security Department, National Cyber Security Monitoring Center, at phone number 02432091616, email:[email protected]for support.
Regarding another security vulnerability that Microsoft announced a patch for in February 2023, CVE-2023-21716 in Microsoft Word, on March 22, Bkav warned users about the possibility of widespread malware spread.
Specifically, vulnerabilities like CVE-2023-21716 are always attractive to hackers because this is a popular text file type; bad guys will deploy phishing campaigns to infect malware via email, share files via chat, on a large scale.
“The danger is, without opening the Word document, users only need to view it in Preview Pane mode to be successfully exploited. At that time, the hacker will remotely take control of the device, collect all data on the computer, encrypt the data... as if sitting at the victim's computer”, Bkav expert said..
Users are advised to update to the latest patch from Microsoft, even if the vulnerability is only at the testing level to avoid the risk of being attacked. In case of receiving strange emails, you should carefully check the sender's address, and be cautious when clicking on links or attachments.
Cyber attacks on information systems in Vietnam are still a notable point over the years. From the beginning of 2022 to the end of February this year, the Department of Information Security has recorded, warned and guided the handling of nearly 15,000 cyber attacks causing incidents to information systems in Vietnam. However, in a share at the beginning of 2023, a representative of the Department of Information Security said: there is a notable situation that despite receiving warnings about cyber attacks or weaknesses and vulnerabilities, many agencies and businesses have not paid attention to handling or updating patches to minimize risks.
