Mobile Malware Alert: Anatsa Targets Travel Firms for Financial Fraud
Overview A sophisticated strain of mobile banking malware known as Anatsa has resurfaced, now targeting travel firms and their customers for financial fraud. Anatsa differs…
Microsoft Patch Tuesday, October 2023: What organisations need to know.
Microsoft released its October 2023 Patch Tuesday updates on October 10, 2023, fixing 103 vulnerabilities, including three zero-days actively exploited. Organisations should prioritise installing these updates as soon as possible to reduce their attack risk.
Zero-day vulnerabilities
The three zero-day vulnerabilities fixed in the October 2023 Patch Tuesday updates are:
- CVE-2023-36563: A remote code execution (RCE) vulnerability in the Windows Print Spooler service.
- CVE-2023-41763: An RCE vulnerability in the Windows kernel.
- CVE-2023-41764: A privilege escalation vulnerability in the Windows kernel.
All three critical vulnerabilities could allow attackers to execute arbitrary code on a vulnerable system, leading to a complete compromise. Businesses should install the updates for these vulnerabilities as soon as possible.
Other notable vulnerabilities
In addition to the three zero-day vulnerabilities, the October 2023 Patch Tuesday updates also fix several other notable vulnerabilities, including:
- CVE-2023-41765: An RCE vulnerability in the Windows Common Log File System (CLFS) driver.
- CVE-2023-41766: An RCE vulnerability in the Windows Hyper-V hypervisor.
- CVE-2023-41767: An RCE vulnerability in the Windows Network File System (NFS) client.
- CVE-2023-41768: An RCE vulnerability in the Windows Remote Desktop Protocol (RDP) server.
Organisations should review the complete list of vulnerabilities fixed in the October 2023 Patch Tuesday updates and install all the updates that apply to their systems.
Recommendations for organisations
Businesses should take the following steps to protect themselves from the vulnerabilities fixed in the October 2023 Patch Tuesday updates:
- Prioritise installing the updates for the three zero-day vulnerabilities (CVE-2023-36563, CVE-2023-41763, and CVE-2023-41764).
- Review the complete list of vulnerabilities fixed in the October 2023 Patch Tuesday updates and install all the updates that apply to their systems.
- Test updates in a non-production environment before deploying them to production systems.
- Use a patch management tool to automate the process of deploying updates.
By following these steps, organisations can help to reduce the risk of cyber attacks and keep their systems secure.
Related articles
Alert: PayPal ‘New Address’ Phishing Scam
The Cyber and Fraud Centre Scotland would like to alert the public to a recent phishing scam exploiting PayPal’s “New Address” feature. How the Scam…
Gift Card Scams: Understanding and Preventing a Rising Trend
Gift card scams are a significant threat, with fraudsters increasingly targeting both businesses and individuals through sophisticated social engineering techniques. This article examines gift card…