Hanoi (VNA) – The Ministry of Information
and Communications’ Authority of Information Security (AIS) has recently issued
a warning about serious and high-impact security
vulnerabilities in Microsoft products.
In a warning sent to IT units of ministries, ministerial-level and
Government agencies, municipal and provincial Departments of Information and
Communications, State-owned corporations, commercial banks, financial organisations,
and information security units, the AIS announced that on February 14,
Microsoft had released a list of 75 security patches for its products.
The AIS highlighted 12 high-impact and serious vulnerabilities,
including four security holes, namely CVE-2023-21529, CVE-2023-21710,
CVE-2023-21707 and CVE-2023-21706 in Microsoft Exchange Server that allow
remote code execution by attackers.
Others
include CVE-2023-21716 in Microsoft Word, CVE-2023-21715 in Microsoft
Publisher, CVE-2023-23376 and CVE-2023-21812 in Windows Common Log File System;
CVE-2023-21705, CVE-2023-21713 and CVE-2023- 21528 in Microsoft SQL Server, and
CVE-2023-21717 in Microsoft SharePoint Server.
The AIS
advised units to check Windows operating systems that are likely to be affected,
perform timely patch updates to avoid the risk of attacks, strengthen monitoring
and get solutions readied in case signs of network exploitation and attacks are
detected, and regularly monitor warning channels from relevant agencies to
promptly detect attack risks.
If necessary, units
could contact the National Cyber Security Monitoring Centre (NCSC) for support via phone
number 02432091616 and email address: ais@mic.gov.vn./.
VNA
