Six Critical Vulnerabilities, No 0-day
Microsoft Patch Tuesday, the company’s monthly security update, has provided fixes for 70 vulnerabilities, 62 classified as important, six as critical, one as moderate, and one as low.
These fixes encompass various software, including Microsoft Office, Microsoft SharePoint, and Windows operating system components. Critical vulnerabilities addressed include CVE-2023-29357 in SharePoint Server 2019 and CVE-2023-29363, CVE-2023-32014, and CVE-2023-32015 in the Windows operating system’s implementation of Pragmatic General Multicast (PGM).[/vc_column_text][vc_column_text]CVE-2023-29357: The Elevation of Privilege vulnerability in Microsoft SharePoint Server 2019 has a CVSSv3 severity score of 9.8 and is labeled critical. An unauthenticated, remote attacker can exploit this vulnerability by sending a spoofed JWT authentication token to the target server, thereby assuming the privileges of an authenticated user on that system.
CVE-2023—29363 / 32014 / 32015: These are Remote Code Execution (RCE) vulnerabilities in Windows Pragmatic General Multicast (PGM) that were assigned a critical severity rating of 9.8. An attacker who successfully exploits these vulnerabilities could execute arbitrary code on the target system with SYSTEM privileges.
[/vc_column_text][vc_column_text]Notably, the Elevation of Privilege (EoP) vulnerability CVE-2023-29357 in SharePoint Server 2019 is reported as having been used in a successful chained attack demonstration during the March Pwn2Own Vancouver contest. This vulnerability allows an unauthenticated, remote attacker to gain the privileges of an authenticated user by sending a spoofed JWT authentication token.
Microsoft recommends that users enable AMSI as mitigation, though the efficacy of this action remains untested.[/vc_column_text][vc_column_text]Similarly, the Remote Code Execution (RCE) vulnerabilities in the Windows operating system’s PGM, CVE-2023-29363, CVE-2023-32014, and CVE-2023-32015, could allow an attacker to execute code remotely by sending a malicious file to a vulnerable system. These vulnerabilities are only exploitable on systems with message queueing services enabled.[/vc_column_text][vc_column_text]Another set of vulnerabilities, CVE-2023-28310 and CVE-2023-32031, are RCEs in various Microsoft Exchange Server versions, allowing an authenticated attacker to execute arbitrary code or commands remotely. The affected versions are Microsoft Exchange Server 2016 Cumulative Update 23 and 2019 Cumulative Updates 12 and 13.[/vc_column_text][vc_column_text]Another set of vulnerabilities, CVE-2023-28310 and CVE-2023-32031, are RCEs in various Microsoft Exchange Server versions, allowing an authenticated attacker to execute arbitrary code or commands remotely. The affected versions are Microsoft Exchange Server 2016 Cumulative Update 23 and 2019 Cumulative Updates 12 and 13.[/vc_column_text][vc_column_text]Also, CVE-2023-29362 is an RCE vulnerability in the Remote Desktop Client component of Windows operating systems and the Remote Desktop Client for Windows Desktop applications, which can be exploited by a remote attacker with control over a Remote Desktop Server.
Microsoft urges all users to promptly apply the updates provided in the Patch Tuesday release to ensure their systems are protected against these vulnerabilities. As always, keeping software updated with the latest security patches is one of the best practices for maintaining a secure and resilient system.
[/vc_column_text][vc_column_text]
Updates ASAP
In March 2023, Microsoft Patch Tuesday updates, Microsoft has released 2 zero-days. After that, BRANDEFENSE Analysts’ investigation, threat actors posted about CVE-2023-24880 on a dark web forum. In the forum post, threat actors said that not all Windows systems had been updated yet, so they could continue to share the PoC. [Read More]
Threat actors always wait for your mistakes. Do not forget your updates.[/vc_column_text][vc_empty_space][/vc_column][/vc_row]
