Headline
Six critical vulnerabilities included in August’s Microsoft security update
The only vulnerability Microsoft states is being exploited in the wild is CVE-2023-38180, a denial-of-service vulnerability in .NET and Microsoft Visual Studio.
Tuesday, August 8, 2023 15:08
Microsoft disclosed 73 vulnerabilities across its suite of products and software Tuesday, including six that are considered “critical.”
One of the vulnerabilities, which Microsoft considers to be only of “moderate” severity, has been actively exploited in the wild. The company has had to address many zero-day vulnerabilities in its monthly security updates this year, including four last month and one in May. Microsoft also released an advisory detailing changes to its defense-in-depth model to defend against tactics adversaries are currently using in the wild.
Outside of the six critical issues, two are considered to be of “moderate” severity, while the remainder are listed as “important.”
Two of the critical vulnerabilities lie in Microsoft Teams, the company’s popular collaboration and messaging platform. An attacker could exploit CVE-2023-29328 and CVE-2023-29330 to perform remote code execution in the context of the victim user.
An attacker could exploit these vulnerabilities by tricking the victim into joining an adversary-created Teams meeting.
Three other critical remote code execution vulnerabilities — CVE-2023-35385, CVE-2023-36910 and CVE-2023-36911 — exist in Microsoft’s message queuing service for certain versions of Windows 10, 11 and Windows Server.
Message queuing would need to be manually enabled on a target’s machine for it to be exploitable, according to Microsoft. Users can check to see if they’re vulnerable by checking if there is a service named “Message Queuing” running on their device and if port 1801 is listening on the machine.
The last critical vulnerability included in August’s Patch Tuesday is CVE-2023-36895, a remote code execution vulnerability in Microsoft word. However, it has a relatively low severity score of 7.8 out of 10 for a critical vulnerability.
Microsoft Exchange also contains four remote code execution vulnerabilities, though all are considered “important.”
An authenticated attacker who is on the same intranet as the Exchange Server could achieve remote code execution via a PowerShell remoting session, according to Microsoft, by exploiting CVE-2023-35388, CVE-2023-35368, CVE-2023-38182 and CVE-2023-38185.
An adversary could only exploit the vulnerabilities in Exchange Server if they have valid credentials to log in with LAN access and have access to a valid Exchange user account.
There are also four elevation of privilege issues in the Windows kernel that could allow an adversary to gain SYSTEM-level privileges: CVE-2023-35359, CVE-2023-35380, CVE-2023-35382 and CVE-2023-35386.
Microsoft’s advisories state that these issues are “more likely” to be exploited, though the adversary must first have local access to the targeted machine, and the targeted user needs to be able to create folders and performance traces on the machine, which most users have by default.
Another privilege escalation vulnerability, CVE-2023-36900, exists in the Windows Common Log File System Driver. An attacker could also exploit this vulnerability to gain SYSTEM-level privileges, though they first must be able to log into the targeted system with the privileges of a standard user.
The only vulnerability Microsoft states is being exploited in the wild is CVE-2023-38180, a denial-of-service vulnerability in .NET and Microsoft Visual Studio. Though there are little details available currently about this issue, Microsoft states that the attack complexity is “low” and does not require any user privileges or interaction for an attacker to exploit it.
Talos would also like to highlight five “important” vulnerabilities that Microsoft considers “less likely” to be exploited. However, as these issues exist in the popular Microsoft Office suite of products and could lead to remote code execution, are still worth noting:
- CVE-2023-35371
- CVE-2023-35372
- CVE-2023-36865
- CVE-2023-36866
- CVE-2023-36896
A complete list of all the vulnerabilities Microsoft disclosed this month is available on its update page.
In response to these vulnerability disclosures, Talos is releasing a new Snort rule set that detects attempts to exploit some of them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Cisco Secure Firewall customers should use the latest update to their ruleset by updating their SRU. Open-source Snort Subscriber Rule Set customers can stay up to date by downloading the latest rule pack available for purchase on Snort.org.
The rules included in this release that protect against the exploitation of many of these vulnerabilities are 40689, 40690, 62202, 62203, 62208 - 62211, 62215 and 62216. There are also Snort 3 rules are 300648 - 300650 and 300652.
Related news
Dell vApp Manger, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote attacker could potentially exploit this vulnerability to read arbitrary files from the target system.
Plus: Mozilla patches more than a dozen vulnerabilities in Firefox, and enterprise companies Ivanti, Cisco, and SAP roll out a slew of updates to get rid of some high-severity bugs.
Hello everyone! This month I decided NOT to make an episode completely dedicated to Microsoft Patch Tuesday. Instead, this episode will be an answer to the question of how my Vulnerability Management month went. A retrospection of some kind. Alternative video link (for Russia): https://vk.com/video-149273431_456239134 GitHub exploits and Vulristics This month I made some improvements […]
Red Hat Security Advisory 2023-4643-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.110 and .NET Runtime 7.0.10. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-4639-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-4641-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.121 and .NET Runtime 6.0.21. Issues addressed include a denial of service vulnerability.
An update for rh-dotnet60-dotnet is now available for .NET Core on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-35390: A vulnerability was found in dotnet. This issue exists when some dotnet commands are used in directories with weaker permissions, which can result in remote code execution. * CVE-2023-38180: An uncontrolled resource consumption vulnerability was found in the Kestrel component of the dotNET. When detecting a potentially mali...
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-35390: A vulnerability was found in dotnet. This issue exists when some dotnet commands are used in directories with weaker permissions, which can result in remote code execution. * CVE-2023-38180: An uncontrolled resource consumption vulnerability was found in the Kestrel component of the dotNET. When detecting a potentially...
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-35390: A vulnerability was found in dotnet. This issue exists when some dotnet commands are used in directories with weaker permissions, which can result in remote code execution. * CVE-2023-38180: An uncontrolled resource consumption vulnerability was found in the Kestrel component of the dotNET. When detecting a potentially...
Ubuntu Security Notice 6278-2 - USN-6278-1 fixed several vulnerabilities in .NET. This update provides the corresponding updates for Ubuntu 22.04 LTS. It was discovered that .NET did properly handle the execution of certain commands. An attacker could possibly use this issue to achieve remote code execution.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched security flaw in Microsoft's .NET and Visual Studio products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2023-38180 (CVSS score: 7.5), the high-severity flaw relates to a case denial-of-service (DoS) impacting .NET and Visual Studio. It
Categories: Exploits and vulnerabilities Categories: News Microsoft has announced patches for 87 vulnerabilities this month, including two that are being actively exploited. (Read more...) The post August Patch Tuesday stops actively exploited attack chain and more appeared first on Malwarebytes Labs.
Ubuntu Security Notice 6278-1 - It was discovered that .NET did not properly handle the execution of certain commands. An attacker could possibly use this issue to achieve remote code execution. Benoit Foucher discovered that .NET did not properly implement the QUIC stream limit in HTTP/3. An attacker could possibly use this issue to cause a denial of service. It was discovered that .NET did not properly handle the disconnection of potentially malicious clients interfacing with a Kestrel server. An attacker could possibly use this issue to cause a denial of service.
# Microsoft Security Advisory CVE-2023-38180: .NET Denial of Service Vulnerability ## <a name="executive-summary"></a>Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 2.1, .NET 6.0, and .NET 7.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in Kestrel where, on detecting a potentially malicious client, Kestrel will sometimes fail to disconnect it, resulting in denial of service. ## Announcement Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/269 ### <a name="mitigation-factors"></a>Mitigation factors If your application is running behind a reverse proxy, or Web Application Firewall, which has its own mitigations against HTTP based attacks this issue may be mitigated by the proxy or WAF ## <a name="affected-software"></a>Affected software * Any .NET 7.0 applicat...
Microsoft has patched a total of 74 flaws in its software as part of the company's Patch Tuesday updates for August 2023, down from the voluminous 132 vulnerabilities the company fixed last month. This comprises six Critical and 67 Important security vulnerabilities. Also released by the tech giant are two defense-in-depth updates for Microsoft Office (ADV230003) and the Memory Integrity System
Microsoft Corp. today issued software updates to plug more than 70 security holes in its Windows operating systems and related products, including a patch that addresses multiple zero-day vulnerabilities currently being exploited in the wild.
.NET and Visual Studio Denial of Service Vulnerability
Microsoft Message Queuing Remote Code Execution Vulnerability
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Microsoft Outlook Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Message Queuing Remote Code Execution Vulnerability
Microsoft Office Visio Remote Code Execution Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Microsoft Office Visio Remote Code Execution Vulnerability
Microsoft Office Visio Remote Code Execution Vulnerability
Microsoft Teams Remote Code Execution Vulnerability
Microsoft Exchange Remote Code Execution Vulnerability
Microsoft Teams Remote Code Execution Vulnerability
Microsoft Message Queuing Remote Code Execution Vulnerability
Microsoft Exchange Server Remote Code Execution Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Microsoft Office Remote Code Execution Vulnerability
Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server Remote Code Execution Vulnerability