It’s the second week of June, which means it’s Patch Tuesday. And that means that you need to get about patching all things Microsoft. Bleeping Computer has the details:
While thirty-eight RCE bugs were fixed, Microsoft only listed six flaws as ‘Critical,’ including denial of service attacks, remote code execution, and privilege elevation.
The number of bugs in each vulnerability category is listed below:
- 17 Elevation of Privilege Vulnerabilities
- 3 Security Feature Bypass Vulnerabilities
- 32 Remote Code Execution Vulnerabilities
- 5 Information Disclosure Vulnerabilities
- 10 Denial of Service Vulnerabilities
- 10 Spoofing Vulnerabilities
- 1 Edge – Chromium Vulnerabilities
This list does not include sixteen Microsoft Edge vulnerabilities previously fixed on June 2nd, 2023.
Dor Segal, Senior Research Tech Lead, Silverfort highlights two key fixes by Microsoft:
“CVE-2023-29357 is a Microsoft SharePoint Server Elevation of Privilege Vulnerability with a high CVSS score of 9.8.
This vulnerability could be used by an attacker with access to spoofed JWT authentication tokens to bypass authentication, gain access to a SharePoint server and adopt the privileges of an authenticated user.
It’s currently unclear whether the access permissions are to the SharePoint application or to the server itself, meaning the impact of any exploitation attempts could range from data theft to initial access into a domain environment. This would explain its high CVSS score.
CVE-2023-29362 – a Remote Desktop Client RCE vulnerability – is pretty unique and well worth notice.
Admins use RDP clients for many of their day-to-day tasks, from managing servers to fixing user problems. Using an RDP client can give admins a false sense of security: they can see what’s going on in a remote server or that client’s computer, but they believe themselves to be protected from malicious activity on the client’s end thanks to the RDP. This vulnerability unfortunately proves that wrong.
CVE-2023-29362 allows an attacker who has compromised a Windows machine to attack and spread to any RDP client connected to that same machine. In the case of admins or other privileged machines, this could potentially lead to compromise of the entire domain.
It’s worth noting that patching is needed on the client’s side – not the server’s – so we recommend first patching privileged clients before moving on to the rest of the clients in the organization.”
After I post this, I will get about patching all the Microsoft gear in my home and home office. You might want to do the same thing as soon as you can.
Today Is Patch Tuesday…. And It’s a BIG One
Posted in Commentary with tags Microsoft on July 11, 2023 by itnerdThe second Tuesday of every month is Patch Tuesday. That means it’s time to patch all the things that are Microsoft related. And this month is huge. Bleeping Computer is reporting that there are 132 flaws including six zero day flaws.
Yikes!
Yoav Iellin, Senior Researcher, Silverfort highlights three that you really need to worry about:
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2023-35367, 35366, 35365
“The Routing and Remote Access role is not commonly seen in Windows servers. It’s used for advanced routing, NAT, and VPN – and it is not installed by default. However, installing this role turns the server into a provider of these services – potentially directing some or even all network traffic through the server.
Sending a special packet to the Windows server may lead to remote code execution. This is particularly concerning if the specific Windows server acts as a domain controller as well.
With a CVSS score of 9.8, it’s worth taking note of this vulnerability. If you have this service enabled, you should consider installing the patch as soon as possible or even disabling the service.”
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2023-33134, 33157, 33159, 33160
“Last month’s Patch Tuesday – which was light in comparison to this month – saw the release and disclosure of many SharePoint vulnerabilities, and this month we’re seeing RCEs in SharePoint affecting multiple areas. All of them require the attacker to be authenticated or the user to perform an action that, luckily, reduces the risk of a breach. Even so, as SharePoint can contain sensitive data and is usually exposed from outside the organization, those who use the on-premises or hybrid versions should update.”
Windows Remote Desktop Protocol Security Feature Bypass
CVE-2023-35332, 35352, 35303, 32043
“Remote Desktop Protocol provides a platform for remote communication with Windows machines, and recently, we’ve seen a number of vulnerabilities affecting it. This time there are multiple types of vulnerabilities that each attack different aspects of the service. One allows spoofing of a computer and acts as a “man in the middle” (MITM) to bypass its certificate validation warning, while another vulnerability targets environments where users can authenticate with smart cards. These vulnerabilities should be a warning to those who use them to ensure a higher level of protection between non-secure networks and high ones.”
As soon as I click publish on this story, I’ll be patching all the Microsoft gear in my environment. You should likely do the same.
Leave a comment »