It’s the second week of June, which means it’s Patch Tuesday. And that means that you need to get about patching all things Microsoft. Bleeping Computer has the details:
While thirty-eight RCE bugs were fixed, Microsoft only listed six flaws as ‘Critical,’ including denial of service attacks, remote code execution, and privilege elevation.
The number of bugs in each vulnerability category is listed below:
- 17 Elevation of Privilege Vulnerabilities
- 3 Security Feature Bypass Vulnerabilities
- 32 Remote Code Execution Vulnerabilities
- 5 Information Disclosure Vulnerabilities
- 10 Denial of Service Vulnerabilities
- 10 Spoofing Vulnerabilities
- 1 Edge – Chromium Vulnerabilities
This list does not include sixteen Microsoft Edge vulnerabilities previously fixed on June 2nd, 2023.
Dor Segal, Senior Research Tech Lead, Silverfort highlights two key fixes by Microsoft:
“CVE-2023-29357 is a Microsoft SharePoint Server Elevation of Privilege Vulnerability with a high CVSS score of 9.8.
This vulnerability could be used by an attacker with access to spoofed JWT authentication tokens to bypass authentication, gain access to a SharePoint server and adopt the privileges of an authenticated user.
It’s currently unclear whether the access permissions are to the SharePoint application or to the server itself, meaning the impact of any exploitation attempts could range from data theft to initial access into a domain environment. This would explain its high CVSS score.
CVE-2023-29362 – a Remote Desktop Client RCE vulnerability – is pretty unique and well worth notice.
Admins use RDP clients for many of their day-to-day tasks, from managing servers to fixing user problems. Using an RDP client can give admins a false sense of security: they can see what’s going on in a remote server or that client’s computer, but they believe themselves to be protected from malicious activity on the client’s end thanks to the RDP. This vulnerability unfortunately proves that wrong.
CVE-2023-29362 allows an attacker who has compromised a Windows machine to attack and spread to any RDP client connected to that same machine. In the case of admins or other privileged machines, this could potentially lead to compromise of the entire domain.
It’s worth noting that patching is needed on the client’s side – not the server’s – so we recommend first patching privileged clients before moving on to the rest of the clients in the organization.”
After I post this, I will get about patching all the Microsoft gear in my home and home office. You might want to do the same thing as soon as you can.
Like this:
Like Loading...
Related
This entry was posted on June 13, 2023 at 2:07 pm and is filed under Commentary with tags Microsoft. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Today Is Patch Tuesday… Here’s What Was Fixed By Microsoft
It’s the second week of June, which means it’s Patch Tuesday. And that means that you need to get about patching all things Microsoft. Bleeping Computer has the details:
While thirty-eight RCE bugs were fixed, Microsoft only listed six flaws as ‘Critical,’ including denial of service attacks, remote code execution, and privilege elevation.
The number of bugs in each vulnerability category is listed below:
This list does not include sixteen Microsoft Edge vulnerabilities previously fixed on June 2nd, 2023.
Dor Segal, Senior Research Tech Lead, Silverfort highlights two key fixes by Microsoft:
“CVE-2023-29357 is a Microsoft SharePoint Server Elevation of Privilege Vulnerability with a high CVSS score of 9.8.
This vulnerability could be used by an attacker with access to spoofed JWT authentication tokens to bypass authentication, gain access to a SharePoint server and adopt the privileges of an authenticated user.
It’s currently unclear whether the access permissions are to the SharePoint application or to the server itself, meaning the impact of any exploitation attempts could range from data theft to initial access into a domain environment. This would explain its high CVSS score.
CVE-2023-29362 – a Remote Desktop Client RCE vulnerability – is pretty unique and well worth notice.
Admins use RDP clients for many of their day-to-day tasks, from managing servers to fixing user problems. Using an RDP client can give admins a false sense of security: they can see what’s going on in a remote server or that client’s computer, but they believe themselves to be protected from malicious activity on the client’s end thanks to the RDP. This vulnerability unfortunately proves that wrong.
CVE-2023-29362 allows an attacker who has compromised a Windows machine to attack and spread to any RDP client connected to that same machine. In the case of admins or other privileged machines, this could potentially lead to compromise of the entire domain.
It’s worth noting that patching is needed on the client’s side – not the server’s – so we recommend first patching privileged clients before moving on to the rest of the clients in the organization.”
After I post this, I will get about patching all the Microsoft gear in my home and home office. You might want to do the same thing as soon as you can.
Share this:
Like this:
Related
This entry was posted on June 13, 2023 at 2:07 pm and is filed under Commentary with tags Microsoft. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.