In a warning sent to IT units of ministries, ministerial-level and Government agencies, municipal and provincial Departments of Information and Communications, State-owned corporations, commercial banks, financial organisations, and information security units, the AIS announced that on February 14, Microsoft had released a list of 75 security patches for its products.
The AIS highlighted 12 high-impact and serious vulnerabilities, including four security holes, namely CVE-2023-21529, CVE-2023-21710, CVE-2023-21707 and CVE-2023-21706 in Microsoft Exchange Server that allow remote code execution by attackers.
Others include CVE-2023-21716 in Microsoft Word, CVE-2023-21715 in Microsoft Publisher, CVE-2023-23376 and CVE-2023-21812 in Windows Common Log File System; CVE-2023-21705, CVE-2023-21713 and CVE-2023- 21528 in Microsoft SQL Server, and CVE-2023-21717 in Microsoft SharePoint Server.
The AIS advised units to check Windows operating systems that are likely to be affected, perform timely patch updates to avoid the risk of attacks, strengthen monitoring and get solutions readied in case signs of network exploitation and attacks are detected, and regularly monitor warning channels from relevant agencies to promptly detect attack risks.
If necessary, units could contact the National Cyber Security Monitoring Centre (NCSC) for support via phone number 02432091616 and email address: firstname.lastname@example.org.