The second Tuesday of every month is Patch Tuesday. That means it’s time to patch all the things that are Microsoft related. And this month is huge. Bleeping Computer is reporting that there are 132 flaws including six zero day flaws.
Yikes!
Yoav Iellin, Senior Researcher, Silverfort highlights three that you really need to worry about:
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2023-35367, 35366, 35365
“The Routing and Remote Access role is not commonly seen in Windows servers. It’s used for advanced routing, NAT, and VPN – and it is not installed by default. However, installing this role turns the server into a provider of these services – potentially directing some or even all network traffic through the server.
Sending a special packet to the Windows server may lead to remote code execution. This is particularly concerning if the specific Windows server acts as a domain controller as well.
With a CVSS score of 9.8, it’s worth taking note of this vulnerability. If you have this service enabled, you should consider installing the patch as soon as possible or even disabling the service.”
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2023-33134, 33157, 33159, 33160
“Last month’s Patch Tuesday – which was light in comparison to this month – saw the release and disclosure of many SharePoint vulnerabilities, and this month we’re seeing RCEs in SharePoint affecting multiple areas. All of them require the attacker to be authenticated or the user to perform an action that, luckily, reduces the risk of a breach. Even so, as SharePoint can contain sensitive data and is usually exposed from outside the organization, those who use the on-premises or hybrid versions should update.”
Windows Remote Desktop Protocol Security Feature Bypass
CVE-2023-35332, 35352, 35303, 32043
“Remote Desktop Protocol provides a platform for remote communication with Windows machines, and recently, we’ve seen a number of vulnerabilities affecting it. This time there are multiple types of vulnerabilities that each attack different aspects of the service. One allows spoofing of a computer and acts as a “man in the middle” (MITM) to bypass its certificate validation warning, while another vulnerability targets environments where users can authenticate with smart cards. These vulnerabilities should be a warning to those who use them to ensure a higher level of protection between non-secure networks and high ones.”
As soon as I click publish on this story, I’ll be patching all the Microsoft gear in my environment. You should likely do the same.
Like this:
Like Loading...
Related
This entry was posted on July 11, 2023 at 2:30 pm and is filed under Commentary with tags Microsoft. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Today Is Patch Tuesday…. And It’s a BIG One
The second Tuesday of every month is Patch Tuesday. That means it’s time to patch all the things that are Microsoft related. And this month is huge. Bleeping Computer is reporting that there are 132 flaws including six zero day flaws.
Yikes!
Yoav Iellin, Senior Researcher, Silverfort highlights three that you really need to worry about:
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2023-35367, 35366, 35365
“The Routing and Remote Access role is not commonly seen in Windows servers. It’s used for advanced routing, NAT, and VPN – and it is not installed by default. However, installing this role turns the server into a provider of these services – potentially directing some or even all network traffic through the server.
Sending a special packet to the Windows server may lead to remote code execution. This is particularly concerning if the specific Windows server acts as a domain controller as well.
With a CVSS score of 9.8, it’s worth taking note of this vulnerability. If you have this service enabled, you should consider installing the patch as soon as possible or even disabling the service.”
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2023-33134, 33157, 33159, 33160
“Last month’s Patch Tuesday – which was light in comparison to this month – saw the release and disclosure of many SharePoint vulnerabilities, and this month we’re seeing RCEs in SharePoint affecting multiple areas. All of them require the attacker to be authenticated or the user to perform an action that, luckily, reduces the risk of a breach. Even so, as SharePoint can contain sensitive data and is usually exposed from outside the organization, those who use the on-premises or hybrid versions should update.”
Windows Remote Desktop Protocol Security Feature Bypass
CVE-2023-35332, 35352, 35303, 32043
“Remote Desktop Protocol provides a platform for remote communication with Windows machines, and recently, we’ve seen a number of vulnerabilities affecting it. This time there are multiple types of vulnerabilities that each attack different aspects of the service. One allows spoofing of a computer and acts as a “man in the middle” (MITM) to bypass its certificate validation warning, while another vulnerability targets environments where users can authenticate with smart cards. These vulnerabilities should be a warning to those who use them to ensure a higher level of protection between non-secure networks and high ones.”
As soon as I click publish on this story, I’ll be patching all the Microsoft gear in my environment. You should likely do the same.
Share this:
Like this:
Related
This entry was posted on July 11, 2023 at 2:30 pm and is filed under Commentary with tags Microsoft. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.