Microsoft patches zero-day bug – with a little help from Google


Microsoft’s latest round of bug fixes within its software empire, popularly known as Patch Tuesday, has secured a previously unidentified glitch that rival Google pointed out to it.

Microsoft said it had patched the “zero-days” bug – an industry term for a security flaw that could have been used without warning by a threat actor against a cybersecurity team.

Meanwhile, Google took the credit for bringing the bug, dubbed CVE-2023-24880, to its rival’s attention on February 15.

“Successful exploitation of this vulnerability could lead to some loss of integrity,” said Microsoft, adding that this could have compromised digital security had it gone unnoticed.

Explaining the impact such a vulnerability might have had if left unchecked, Microsoft said: “An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging.”

Google weighs in

As the two tech titans duke it out to see who can come up with the best artificial intelligence tool, Google seemed happy to announce its part in uncovering the zero-day affecting Microsoft systems.

It said its threat analysis team had “recently discovered usage of an unpatched security bypass in Microsoft’s SmartScreen security feature, which financially motivated actors are using to deliver the Magniber ransomware without any security warnings.”

While acknowledging Microsoft’s own announcement that it had used Patch Tuesday to fix CVE-2023-24880, Google suggested that the flaw might have been used by Magniber ransomware group, spotted using a previous similar Microsoft glitch.

“The attackers are delivering MSI [Microsoft Software Installer] files signed with an invalid but specially crafted Authenticode signature,” said Google. “The malformed signature causes SmartScreen to return an error that results in bypassing the security warning dialog displayed to users when an untrusted file contains a Mark-of-the-Web (MotW), which indicates a potentially malicious file has been downloaded from the internet.”

Google said its analysis team had spotted more than 100,000 malicious MSI downloads since the beginning of the year, with more than four-fifths of targeted users in Europe.

The tech giant said this was “a notable divergence from Magniber’s typical targeting.” It claims that hitherto the ransom gang typically focused on potential victims in South Korea and Taiwan. Google also claims that its Safe Browsing feature displayed user warnings for over 90% of these downloads.

Another stitch in time for Microsoft

Patch Tuesday revealed a second zero-day bug, dubbed CVE-2023-23397, which the software giant said could have also led to compromised system integrity if exploited in the wild.

“The attacker could exploit this vulnerability by sending a specially crafted email which triggers automatically when it is retrieved and processed by the Outlook client,” it said.

It added that in such a case the email would have posed a threat before the end user looked at it using Microsoft’s “preview pane” function, which allows a file to be inspected before opening it.

Attackers could have used this to “send specifically crafted emails” that would allow them to steal vital data allowing them to impersonate the victim on other sites.

Cyber analyst Mandiant believes the bug will be used "by multiple nation-state and financially-motivated actors, including both criminal and cyber-espionage actors."

"In the short-term, these actors will race against patching efforts to gain footholds in unpatched systems," it added.


More from Cybernews:

Key aerospace player leaks sensitive data

Web hosting provider fined $300k in data safety case

OpenAI releases its next generation model ChatGPT-4

Web hosting provider fined $300k in data safety case

Subscribe to our newsletter