Submit a comment
Notably, of these 9 vulnerabilities, there are 2 vulnerabilities CVE-2023-33160 and CVE-2023-33134 that exist in Microsoft SharePoint Server software, allowing hackers to execute malicious code to remotely attack the system.
Illustration photo.
Information from the Department of Information Security (Ministry of Information and Communications) said that recently, in the List of published patches for Microsoft vulnerabilities, there have appeared security vulnerabilities with a high risk of causing serious impacts in technology products.
The Information Security Department recommends that agencies, organizations, and businesses review and identify computers using the Windows operating system to promptly detect and respond to newly discovered security vulnerabilities.
Specifically, based on the July 2023 patch list for 130 information security vulnerabilities in Microsoft products, technology experts from the Department of Information Security assessed and notified specialized units in information technology and information security of ministries, branches, localities, corporations, state-owned enterprises, banks, and financial institutions about 9 vulnerabilities with high and serious impacts.
Notably, of these 9 vulnerabilities, there are 2 vulnerabilities CVE-2023-33160 and CVE-2023-33134 that exist in Microsoft SharePoint Server software, allowing hackers to execute malicious code to remotely attack the system.
The National Cyber Security Monitoring Center - NCSC (under the Department of Information Security, Ministry of Information and Communications) has repeatedly sent widespread warnings about vulnerabilities affecting Microsoft SharePoint Server software.
This shows that the widely used Microsoft SharePoint Server software is always the target of targeted cyber attackers.
Therefore, to ensure information security for the systems of agencies and organizations, the Department of Information Security recommends that units review vulnerabilities related to Microsoft SharePoint Server to detect and have timely solutions.
At the same time, units need to increase monitoring to minimize the risk of being attacked through these vulnerabilities.
In addition, the Information Security Department also requested units to pay special attention to 7 other security vulnerabilities in Microsoft products. These are all vulnerabilities that can be exploited by hackers to attack information systems in Vietnam.
Of these 7 vulnerabilities, there are 2 security vulnerabilities CVE-2023-32057 and CVE-2023-35309 in Microsoft Message Queuing that allow attackers to execute remote code.
These two vulnerabilities are rated as critical, with a Common Vulnerability Scoring System (CVSS) score of 9.8.
The remaining five vulnerabilities (including: CVE-2023-36884 in Office and Windows, CVE-2023-35311 in Microsoft Outlook, CVE-2023-36874 in Windows Error Reporting Service, CVE-2023-32046 in Windows MSHTML and CVE-2023-32049 in Windows SmartScreen) are all high risk, with CVSS scores ranging from 7.8 to 8.8.
Technology experts recommend that units check, review, and identify machines using Windows operating systems that are likely to be affected; take timely measures to avoid the risk of being attacked. The best solution is to update the patch for the above security vulnerabilities according to the manufacturer's instructions.
At the same time, agencies, organizations and enterprises should further strengthen monitoring and prepare response plans when detecting signs of cyber exploitation and attacks; regularly monitor warning channels of authorities and large organizations on information security to promptly detect cyber attack risks.
According to statistics from the National Cyber Security Monitoring Center - NCSC, in June 2023, the unit warned and provided instructions on handling more than 1,700 cyber attacks that caused incidents to information systems in Vietnam.
This figure increased nearly 2.5 times compared to May 2023 and increased 46.3% compared to the same period in June 2022. In the first half of this year, the total number of cyber attacks causing incidents to information systems in Vietnam that were recorded, warned and instructed to be handled was more than 6,360, down 4.2% compared to the first 6 months of 2022.
According to VNA
