National Cyber Warfare Foundation (NCWF) Forums


August 2023 Patch Tuesday: Two Actively Exploited Zero-Days and Six Critical Vulnerabilities Addressed


0 user ratings
2023-08-21 21:54:23
milo
Blue Team (CND)

 - archive -- 
Microsoft has released security updates for 76 vulnerabilities and two zero-days for its August 2023 Patch Tuesday rollout. One of the zero-days (CVE-2023-38180) is a denial-of-service vulnerability in .NET and Visual Studio. The other zero-day (CVE-2023-36884) received a Defense in Depth update to mitigate a flaw under active attack; however, it is not a patch. […

Microsoft has released security updates for 76 vulnerabilities and two zero-days for its August 2023 Patch Tuesday rollout. One of the zero-days (CVE-2023-38180) is a denial-of-service vulnerability in .NET and Visual Studio. The other zero-day (CVE-2023-36884) received a Defense in Depth update to mitigate a flaw under active attack; however, it is not a patch. Six of the vulnerabilities addressed today are rated as Critical while the remaining 68 are rated as Important and two are Moderate.


August 2023 Risk Analysis


This month’s leading risk type is remote code execution (37%), followed by elevation of privilege (29%) and information disclosure (17%).


Figure 1. Breakdown of August 2023 Patch Tuesday attack types


The Microsoft Windows product family received the most patches this month with 36, followed by Extended Support Updates (25) and Microsoft Office products (15).


Figure 2. Breakdown of product families affected by August 2023 Patch Tuesday


Defense in Depth Update Mitigates an Actively Exploited Zero-Day Vulnerability 


Microsoft Office has released an update for a previously disclosed unpatched vulnerability (CVE-2023-36884). As Microsoft stated, installing this update will stop the attack chain leading to the exploitation of the Windows Search security feature bypass vulnerability. It is recommended that users install the Office updates as well as the Windows updates from August 2023.

















ImpactSeverityCVEDescription
Defense in DepthModerateADV230003Microsoft Office Defense in Depth Update

Table 1. Zero day in Microsoft Office & Windows


Actively Exploited Zero-Day Vulnerability Affects .NET and Visual Studio


Microsoft .NET & Visual Studio has received a patch for CVE-2023-38180, which is rated Important and has a CVSS of 7.5. The vulnerability allows for a denial-of-service attack. Details of the flaw have not been publicly disclosed.

















SeverityCVSS ScoreCVEDescription
Important7.5CVE-2023-38180.NET and Visual Studio Denial of Service Vulnerability

Table 2. Zero day in Microsoft .NET & Visual Studio


Critical Vulnerabilities Affect Windows


CVE-2023-29328 and CVE-2023-29330 are Critical remote code execution vulnerabilities affecting Microsoft Teams each with a CVSS of 8.8. To exploit these vulnerabilities, the attacker must deceive the victim into joining a malicious Teams meeting, which would allow them an opportunity to execute code on the system remotely. No special privileges are necessary for a successful attack.


CVE-2023-36910, CVE-2023-36911 and CVE-2023-35385 are Critical vulnerabilities affecting Microsoft Message Queuing (MSMQ), and each has a CVSS score of 9.8. In order for an attacker to take advantage of these vulnerabilities, they would need to transmit a specifically designed MSMQ packet to an MSMQ server, leading to remote code execution. Microsoft has provided guidance on best practices and steps to see if there is a service running Message Queuing and TCP port 1801 listening on a system.


CVE-2023-36895 is a Critical vulnerability affecting Microsoft Outlook with a CVSS of 7.8. According to Microsoft, this is an Arbitrary Code Execution flaw. The attack complexity is low, no privileges required to exploit this attack and exploitation is less likely according to Microsoft.















































SeverityCVSS ScoreCVEDescription
Critical8.8CVE-2023-29328Microsoft Teams Remote Code Execution Vulnerability
Critical8.8CVE-2023-29330Microsoft Teams Remote Code Execution Vulnerability
Critical9.8CVE-2023-36910Microsoft Message Queuing Remote Code Execution Vulnerability
Critical9.8CVE-2023-36911Microsoft Message Queuing Remote Code Execution Vulnerability
Critical9.8CVE-2023-35385Microsoft Message Queuing Remote Code Execution Vulnerability
Critical7.8CVE-2023-36895Microsoft Outlook Remote Code Execution Vulnerability

Table 3. Critical vulnerabilities in MS Windows


Not All Relevant Vulnerabilities Have Patches: Consider Mitigation Strategies


As we have learned with other notable vulnerabilities, such as Log4j, not every highly exploitable vulnerability can be easily patched. As is the case for the ProxyNotShell vulnerabilities, it’s critically important to develop a response plan for how to defend your environments when no patching protocol exists. 


Regular review of your patching strategy should still be a part of your program, but you should also look more holistically at your organization’s methods for cybersecurity and improve your overall security posture. 


The CrowdStrike Falcon® platform regularly collects and analyzes trillions of security events every day from across 176 countries. Watch this demo to see the Falcon platform in action.


Learn More


Learn more about how CrowdStrike Falcon® Spotlight vulnerability management can help you quickly and easily discover and prioritize vulnerabilities here.


About CVSS Scores


The Common Vulnerability Scoring System (CVSS) is a free and open industry standard that CrowdStrike and many other cybersecurity organizations use to assess and communicate software vulnerabilities’ severity and characteristics. The CVSS Base Score ranges from 0.0 to 10.0, and the National Vulnerability Database (NVD) adds a severity rating for CVSS scores. Learn more about vulnerability scoring in this article


Additional Resources



  • For more information on which products are in Microsoft’s Extended Security Updates program, refer to the vendor guidance here.

  • See how Falcon Spotlight can help you discover and manage vulnerabilities and prioritize patches in your environments. 

  • Learn how CrowdStrike’s external attack surface module, Falcon Surface, can discover unknown, exposed and vulnerable internet-facing assets enabling security teams to stop adversaries in their tracks.

  • Learn how Falcon identity protection products can stop workforce identity threats faster. 

  • Make prioritization painless and efficient. Watch how Falcon Spotlight enables IT staff to improve visibility with custom filters and team dashboards

  • Test CrowdStrike next-gen AV for yourself with a free trial of Falcon Prevent.



Source: CrowdStrike
Source Link: https://www.crowdstrike.com/blog/patch-tuesday-analysis-august-2023/


Comments
new comment
Nobody has commented yet. Will you be the first?
 
Forum
Blue Team (CND)



Copyright 2012 through 2024 - National Cyber Warfare Foundation - All rights reserved worldwide.