Passwords can be exposed to hackers due to a zero-day vulnerability in Microsoft Word

During a recent release of security updates, experts have published alerts regarding significant vulnerabilities that could exist in Microsoft Word.

Exploit Wednesday is the day after Patch Tuesday, when Microsoft publishes a round of security updates, on the second Wednesday of every month. The September 12 Patch Tuesday deployment, according to experts, has two zero-day vulnerabilities, including CVE-2023-36802, an elevation of privilege flaw in Microsoft’s Streaming Services proxy, and CVE-2023-36761, a possible password leak flaw.

This vulnerability has been both publicly published and actively used, particularly in the instance of CVE-2023-36761. Attackers may explicitly create harmful documents or files or take advantage of flaws in the preview pane’s software rendering engine. By taking use of this flaw, Net NTLMv2 hashes might be made public, giving an attacker access to confidential data or systems without authorization through a relay attack or allowing them to be cracked offline to retrieve user credentials.

Microsoft offers fixes not just for Word 2013 but also for the current versions of Word. In order to keep their systems current, experts have encouraged organizations to take urgent action on these changes.