Security
Headlines
HeadlinesLatestCVEs

Headline

Microsoft Patch Tuesday for February 2023 — Snort rules and prominent vulnerabilities

Microsoft released its monthly security update on Tuesday, disclosing 73 vulnerabilities. Of these vulnerabilities, 8 are classified as “Critical”, 64 are classified as “Important”, one vulnerability is classified as “Moderate.” According to Microsoft none of the vulnerabilities has been publicly disclosed before Patch Tuesday

TALOS
#vulnerability#web#mac#windows#microsoft#cisco#rce#auth

Tuesday, February 14, 2023 13:02

Microsoft released its monthly security update on Tuesday, disclosing 73 vulnerabilities. Of these vulnerabilities, 8 are classified as “Critical”, 64 are classified as “Important”, one vulnerability is classified as “Moderate.”

According to Microsoft none of the vulnerabilities has been publicly disclosed before Patch Tuesday and only one vulnerability CVE-2023-21823, a privilege escalation vulnerability, was seen in the wild.

Three of the most “Critical“ vulnerabilities, which Microsoft considers to be “more likely” to be exploited are CVE-2023-21689, CVE-2023-21690 and CVE-2023-21692. These are remote code execution (RCE) vulnerabilities in the Microsoft Protected Extensible Authentication Protocol (PEAP). As an authenticated user, the attacker could attempt to trigger malicious code in the context of the server’s account through a network call. Almost all Windows versions are vulnerable, including the latest Windows 11.

According to Microsoft the other “Critical“ vulnerabilities are “less likely” to be exploited. CVE-2023-21716 is a critical Microsoft Word Remote Code Execution Vulnerability which allows an unauthenticated attacker to gain access to execute commands within the application used to open the malicious file.

Developers are at risk due to CVE-2023-21808 a .NET and Visual Studio Remote Code Execution Vulnerability and CVE-2023-21815 also a Visual Studio Remote Code Execution Vulnerability. Both can lead to Arbitrary Code Execution (ACE) .

The last “Critical“ vulnerability which we want to mention is CVE-2023-21803. The vulnerability exists in the way that the Microsoft iSCSI Discovery Service handles certain requests. An attacker might be able to send a specially crafted malicious DHCP discovery request to the iSCSI Discovery Service on 32-bit machines.

The “important” flagged Microsoft Office Security Feature Bypass Vulnerability CVE-2023-21715 is something we want to highlight. This vulnerability allows an attacker to bypass the Mark of the Web (MoTW) policy which usually blocks macro execution for documents originating from the internet. The user would have be enticed to open a malicious file in Microsoft Publisher by the attacker. We highly recommend that users should never open anything that they do not know or trust to be safe.

Talos would also like to highlight three other “Important“ Remote Code Execution vulnerabilities which are affecting the Microsoft Exchange Server.

  • CVE-2023-21529 - Attack complexity low , attacker needs to be an authenticated user
  • CVE-2023-21706 - Attack complexity low , attacker needs to be an authenticated user
  • CVE-2023-21707 - Attack complexity low , attacker needs to be an authenticated user
  • CVE-2023-21710 - Attack complexity low , attacker needs to be an authenticated administrator

There are more vulnerabilities marked as “Important“ in the Microsoft advisory. This includes the Windows Kerberos and Active Directory services and others. A complete list of all the vulnerabilities Microsoft disclosed this month is available on its update page.

In response to these vulnerability disclosures, Talos is releasing a new Snort rule set that detects attempts to exploit some of them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Cisco Secure Firewall customers should use the latest update to their ruleset by updating their SRU. Open-source Snort Subscriber Rule Set customers can stay up to date by downloading the latest rule pack available for purchase on Snort.org.

The rules included in this release that protect against the exploitation of many of these vulnerabilities are 57907, 61312-61315, 61320, 61321, 61357, 61359. For Snort 3, the following rules are also available to protect against these vulnerabilities: 300416, 300417, 300420, 300438, 300439.

Related news

Storm-0324 Exploits MS Teams Chats to Facilitate Ransomware Attacks

By Deeba Ahmed KEY FINDINGS Microsoft Threat Intelligence Team has published a new report highlighting the activities of a notorious, financially… This is a post from HackRead.com Read the original post: Storm-0324 Exploits MS Teams Chats to Facilitate Ransomware Attacks

Microsoft Patch Tuesday June 2023: Edge type confusion, Git RCE, OneNote Spoofing, PGM RCE, Exchange RCE, SharePoint EoP

Hello everyone! This episode will be about Microsoft Patch Tuesday for June 2023, including vulnerabilities that were added between May and June Patch Tuesdays. As usual, I use my open source Vulristics project to analyse and prioritize vulnerabilities. I took the comments about the vulnerabilities from the Qualys, Tenable, Rapid7, ZDI Patch Tuesday reviews. This time there […]

Microsoft Fixes 69 Bugs, but None Are Zero-Days

The June 2023 Patch Tuesday security update included fixes for a bypass for two previously addressed issues in Microsoft Exchange and a critical elevation of privilege flaw in SharePoint Server.

Vulristics News: EPSS v3 Support, Integration into Cloud Advisor

Hello everyone! This episode and will be about latest news in my Vulristics project. EPSS v3 The third iteration of the Exploit Prediction Scoring System (EPSS) was released in March. It is stated that EPSS has become 82% better. There is a pretty cool and detailed article about the changes. For example, EPSS Team began to analyze not 16 parameters […]

Apple Users Need to Update iOS Now to Patch Serious Flaws

Plus: Microsoft fixes several zero-day bugs, Google patches Chrome and Android, Mozilla rids Firefox of a full-screen vulnerability, and more.

Microsoft Patch Tuesday February 2023: Win Graphics RCE, Edge RCE, Publisher SFB, CLFS EoP, Exchange RCEs, Word RCE, HoloLens1

Hello everyone! This episode will be about Microsoft Patch Tuesday for February 2023, including vulnerabilities that were added between January and February Patch Tuesdays. Alternative video link (for Russia): https://vk.com/video-149273431_456239118 This month I decided to change the format a bit. Now I share my impression of Microsoft Patch Tuesday on the same Patch Tuesday day […]

Threat Source newsletter (Feb. 16, 2023) — Recapping what we may have missed so far this year

Jon is back from parental leave and recapping the top security stories from late 2022 and early 2023 that totally blew by him.

Update Now: Microsoft Releases Patches for 3 Actively Exploited Windows Vulnerabilities

Microsoft on Tuesday released security updates to address 75 flaws spanning its product portfolio, three of which have come under active exploitation in the wild. The updates are in addition to 22 flaws the Windows maker patched in its Chromium-based Edge browser over the past month. Of the 75 vulnerabilities, nine are rated Critical and 66 are rated Important in severity. 37 out of 75 bugs are

Update now! February's Patch Tuesday tackles three zero-days

Categories: Exploits and vulnerabilities Categories: News Tags: patch Tuesday Tags: Microsoft Tags: Apple Tags: Adobe Tags: SAP Tags: Citrix Tags: Cisco Tags: Atlassian Tags: Google Tags: Mozilla Tags: Forta Tags: OpenSSH Tags: CVE-2023-21823 Tags: CVE-2023-21715 Tags: OneNote Tags: CVE-2023-23376 Tags: CVE-2023-21706 Tags: CVE-2023-21707 Tags: CVE-2023-21529 Tags: CVE-2023-21716 Tags: CVE-2023-23378 Tags: CVE-2023-22501 Tags: CVE-2023-24486 Tags: CVE-2023-24484 Tags: CVE-2023-24484 Tags: CVE-2023-24483 Tags: CVE-2023-25136 Tags: GoAnywhere Microsoft has released updates to patch three zero-days and lots of other vulnerabilities and so have several other vendors (Read more...) The post Update now! February's Patch Tuesday tackles three zero-days appeared first on Malwarebytes Labs.

9 New Microsoft Bugs to Patch Now

78 new CVEs patched in this month's batch — nearly half of which are remotely executable and three of which attackers already are exploiting.

GHSA-824j-wqm8-89mj: .NET Remote Code Execution Vulnerability

# Microsoft Security Advisory CVE-2023-21808: .NET Remote Code Execution Vulnerability ## <a name="executive-summary"></a>Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in how .NET reads debugging symbols, where reading a malicious symbols file may result in remote code execution. ## Discussion Discussion for this issue can be found at https://github.com/dotnet/runtime/issues/82112 ### <a name="mitigation-factors"></a>Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. ## <a name="affected-software"></a>Affected software * Any .NET 7.0 application running on .NET 7.0.2 or earlier. * Any .NET 6.0 application running on .NET 6.0.13 or earlier. If your application uses the following package versions, ensure ...

CVE-2023-21815

Visual Studio Remote Code Execution Vulnerability

CVE-2023-21808

.NET and Visual Studio Remote Code Execution Vulnerability

CVE-2023-21823

Windows Graphics Component Remote Code Execution Vulnerability

Microsoft Patch Tuesday, February 2023 Edition

Microsoft is sending the world a whole bunch of love today, in the form of patches to plug dozens of security holes in its Windows operating systems and other software. This year's special Valentine's Day Patch Tuesday includes fixes for a whopping three different "zero-day" vulnerabilities that are already being used in active attacks.

CVE-2023-21690

Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability

CVE-2023-21706

Microsoft Exchange Server Remote Code Execution Vulnerability

CVE-2023-21715

Microsoft Publisher Security Features Bypass Vulnerability

CVE-2023-21803

Windows iSCSI Discovery Service Remote Code Execution Vulnerability

CVE-2023-21529

Microsoft Exchange Server Remote Code Execution Vulnerability

Microsoft Patch Tuesday for February 2023 — Snort rules and prominent vulnerabilities

Microsoft released its monthly security update on Tuesday, disclosing 73 vulnerabilities. Of these vulnerabilities, 8 are classified as “Critical”, 64 are classified as “Important”, one vulnerability is classified as “Moderate.” According to Microsoft none of the vulnerabilities has been publicly disclosed before Patch Tuesday

TALOS: Latest News

Welcome to the party, pal!