Security
Headlines
HeadlinesLatestCVEs

Headline

Six critical vulnerabilities included in August’s Microsoft security update

The only vulnerability Microsoft states is being exploited in the wild is CVE-2023-38180, a denial-of-service vulnerability in .NET and Microsoft Visual Studio.

TALOS
#vulnerability#mac#windows#microsoft#cisco#dos#rce#auth#zero_day

Tuesday, August 8, 2023 15:08

Microsoft disclosed 73 vulnerabilities across its suite of products and software Tuesday, including six that are considered “critical.”

One of the vulnerabilities, which Microsoft considers to be only of “moderate” severity, has been actively exploited in the wild. The company has had to address many zero-day vulnerabilities in its monthly security updates this year, including four last month and one in May. Microsoft also released an advisory detailing changes to its defense-in-depth model to defend against tactics adversaries are currently using in the wild.

Outside of the six critical issues, two are considered to be of “moderate” severity, while the remainder are listed as “important.”

Two of the critical vulnerabilities lie in Microsoft Teams, the company’s popular collaboration and messaging platform. An attacker could exploit CVE-2023-29328 and CVE-2023-29330 to perform remote code execution in the context of the victim user.

An attacker could exploit these vulnerabilities by tricking the victim into joining an adversary-created Teams meeting.

Three other critical remote code execution vulnerabilities — CVE-2023-35385, CVE-2023-36910 and CVE-2023-36911 — exist in Microsoft’s message queuing service for certain versions of Windows 10, 11 and Windows Server.

Message queuing would need to be manually enabled on a target’s machine for it to be exploitable, according to Microsoft. Users can check to see if they’re vulnerable by checking if there is a service named “Message Queuing” running on their device and if port 1801 is listening on the machine.

The last critical vulnerability included in August’s Patch Tuesday is CVE-2023-36895, a remote code execution vulnerability in Microsoft word. However, it has a relatively low severity score of 7.8 out of 10 for a critical vulnerability.

Microsoft Exchange also contains four remote code execution vulnerabilities, though all are considered “important.”

An authenticated attacker who is on the same intranet as the Exchange Server could achieve remote code execution via a PowerShell remoting session, according to Microsoft, by exploiting CVE-2023-35388, CVE-2023-35368, CVE-2023-38182 and CVE-2023-38185.

An adversary could only exploit the vulnerabilities in Exchange Server if they have valid credentials to log in with LAN access and have access to a valid Exchange user account.

There are also four elevation of privilege issues in the Windows kernel that could allow an adversary to gain SYSTEM-level privileges: CVE-2023-35359, CVE-2023-35380, CVE-2023-35382 and CVE-2023-35386.

Microsoft’s advisories state that these issues are “more likely” to be exploited, though the adversary must first have local access to the targeted machine, and the targeted user needs to be able to create folders and performance traces on the machine, which most users have by default.

Another privilege escalation vulnerability, CVE-2023-36900, exists in the Windows Common Log File System Driver. An attacker could also exploit this vulnerability to gain SYSTEM-level privileges, though they first must be able to log into the targeted system with the privileges of a standard user.

The only vulnerability Microsoft states is being exploited in the wild is CVE-2023-38180, a denial-of-service vulnerability in .NET and Microsoft Visual Studio. Though there are little details available currently about this issue, Microsoft states that the attack complexity is “low” and does not require any user privileges or interaction for an attacker to exploit it.

Talos would also like to highlight five “important” vulnerabilities that Microsoft considers “less likely” to be exploited. However, as these issues exist in the popular Microsoft Office suite of products and could lead to remote code execution, are still worth noting:

  • CVE-2023-35371
  • CVE-2023-35372
  • CVE-2023-36865
  • CVE-2023-36866
  • CVE-2023-36896

A complete list of all the vulnerabilities Microsoft disclosed this month is available on its update page.

In response to these vulnerability disclosures, Talos is releasing a new Snort rule set that detects attempts to exploit some of them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Cisco Secure Firewall customers should use the latest update to their ruleset by updating their SRU. Open-source Snort Subscriber Rule Set customers can stay up to date by downloading the latest rule pack available for purchase on Snort.org.

The rules included in this release that protect against the exploitation of many of these vulnerabilities are 40689, 40690, 62202, 62203, 62208 - 62211, 62215 and 62216. There are also Snort 3 rules are 300648 - 300650 and 300652.

Related news

CVE-2023-48660: DSA-2023-443: Dell PowerMaxOS 5978, Dell Unisphere 360, Dell Unisphere for PowerMax, Dell Unisphere for PowerMax Virtual Appliance, Dell Solutions Enabler Virtual Appliance, and Dell PowerMax EEM Secu

Dell vApp Manger, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote attacker could potentially exploit this vulnerability to read arbitrary files from the target system.

Google Fixes Serious Security Flaws in Chrome and Android

Plus: Mozilla patches more than a dozen vulnerabilities in Firefox, and enterprise companies Ivanti, Cisco, and SAP roll out a slew of updates to get rid of some high-severity bugs.

August 2023: GitHub PoCs, Vulristics, Qualys First-Party, Tenable ExposureAI, SC Awards and Rapid7, Anglo-Saxon list, MS Patch Tuesday, WinRAR, Juniper

Hello everyone! This month I decided NOT to make an episode completely dedicated to Microsoft Patch Tuesday. Instead, this episode will be an answer to the question of how my Vulnerability Management month went. A retrospection of some kind. Alternative video link (for Russia): https://vk.com/video-149273431_456239134 GitHub exploits and Vulristics This month I made some improvements […]

Red Hat Security Advisory 2023-4643-01

Red Hat Security Advisory 2023-4643-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.110 and .NET Runtime 7.0.10. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-4639-01

Red Hat Security Advisory 2023-4639-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-4641-01

Red Hat Security Advisory 2023-4641-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.121 and .NET Runtime 6.0.21. Issues addressed include a denial of service vulnerability.

RHSA-2023:4641: Red Hat Security Advisory: rh-dotnet60-dotnet security, bug fix, and enhancement update

An update for rh-dotnet60-dotnet is now available for .NET Core on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-35390: A vulnerability was found in dotnet. This issue exists when some dotnet commands are used in directories with weaker permissions, which can result in remote code execution. * CVE-2023-38180: An uncontrolled resource consumption vulnerability was found in the Kestrel component of the dotNET. When detecting a potentially mali...

RHSA-2023:4640: Red Hat Security Advisory: .NET 6.0 security update

An update for .NET 6.0 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-35390: A vulnerability was found in dotnet. This issue exists when some dotnet commands are used in directories with weaker permissions, which can result in remote code execution. * CVE-2023-38180: An uncontrolled resource consumption vulnerability was found in the Kestrel component of the dotNET. When detecting a potentially...

RHSA-2023:4639: Red Hat Security Advisory: .NET 6.0 security update

An update for .NET 6.0 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-35390: A vulnerability was found in dotnet. This issue exists when some dotnet commands are used in directories with weaker permissions, which can result in remote code execution. * CVE-2023-38180: An uncontrolled resource consumption vulnerability was found in the Kestrel component of the dotNET. When detecting a potentially...

Ubuntu Security Notice USN-6278-2

Ubuntu Security Notice 6278-2 - USN-6278-1 fixed several vulnerabilities in .NET. This update provides the corresponding updates for Ubuntu 22.04 LTS. It was discovered that .NET did properly handle the execution of certain commands. An attacker could possibly use this issue to achieve remote code execution.

CISA Adds Microsoft .NET Vulnerability to KEV Catalog Due to Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched security flaw in Microsoft's .NET and Visual Studio products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2023-38180 (CVSS score: 7.5), the high-severity flaw relates to a case denial-of-service (DoS) impacting .NET and Visual Studio. It

August Patch Tuesday stops actively exploited attack chain and more

Categories: Exploits and vulnerabilities Categories: News Microsoft has announced patches for 87 vulnerabilities this month, including two that are being actively exploited. (Read more...) The post August Patch Tuesday stops actively exploited attack chain and more appeared first on Malwarebytes Labs.

Ubuntu Security Notice USN-6278-1

Ubuntu Security Notice 6278-1 - It was discovered that .NET did not properly handle the execution of certain commands. An attacker could possibly use this issue to achieve remote code execution. Benoit Foucher discovered that .NET did not properly implement the QUIC stream limit in HTTP/3. An attacker could possibly use this issue to cause a denial of service. It was discovered that .NET did not properly handle the disconnection of potentially malicious clients interfacing with a Kestrel server. An attacker could possibly use this issue to cause a denial of service.

GHSA-vmch-3w2x-vhgq: .NET Denial of Service Vulnerability

# Microsoft Security Advisory CVE-2023-38180: .NET Denial of Service Vulnerability ## <a name="executive-summary"></a>Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 2.1, .NET 6.0, and .NET 7.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in Kestrel where, on detecting a potentially malicious client, Kestrel will sometimes fail to disconnect it, resulting in denial of service. ## Announcement Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/269 ### <a name="mitigation-factors"></a>Mitigation factors If your application is running behind a reverse proxy, or Web Application Firewall, which has its own mitigations against HTTP based attacks this issue may be mitigated by the proxy or WAF ## <a name="affected-software"></a>Affected software * Any .NET 7.0 applicat...

Microsoft Releases Patches for 74 New Vulnerabilities in August Update

Microsoft has patched a total of 74 flaws in its software as part of the company's Patch Tuesday updates for August 2023, down from the voluminous 132 vulnerabilities the company fixed last month. This comprises six Critical and 67 Important security vulnerabilities. Also released by the tech giant are two defense-in-depth updates for Microsoft Office (ADV230003) and the Memory Integrity System

Microsoft Patch Tuesday, August 2023 Edition

Microsoft Corp. today issued software updates to plug more than 70 security holes in its Windows operating systems and related products, including a patch that addresses multiple zero-day vulnerabilities currently being exploited in the wild.

CVE-2023-38180

.NET and Visual Studio Denial of Service Vulnerability

CVE-2023-35385

Microsoft Message Queuing Remote Code Execution Vulnerability

CVE-2023-36900

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVE-2023-36895

Microsoft Outlook Remote Code Execution Vulnerability

CVE-2023-36896

Microsoft Excel Remote Code Execution Vulnerability

CVE-2023-36910

Microsoft Message Queuing Remote Code Execution Vulnerability

CVE-2023-35372

Microsoft Office Visio Remote Code Execution Vulnerability

CVE-2023-35359

Windows Kernel Elevation of Privilege Vulnerability

CVE-2023-36866

Microsoft Office Visio Remote Code Execution Vulnerability

CVE-2023-36865

Microsoft Office Visio Remote Code Execution Vulnerability

CVE-2023-29330

Microsoft Teams Remote Code Execution Vulnerability

CVE-2023-35368

Microsoft Exchange Remote Code Execution Vulnerability

CVE-2023-29328

Microsoft Teams Remote Code Execution Vulnerability

CVE-2023-36911

Microsoft Message Queuing Remote Code Execution Vulnerability

CVE-2023-35388

Microsoft Exchange Server Remote Code Execution Vulnerability

CVE-2023-35386

Windows Kernel Elevation of Privilege Vulnerability

CVE-2023-35382

Windows Kernel Elevation of Privilege Vulnerability

CVE-2023-35380

Windows Kernel Elevation of Privilege Vulnerability

CVE-2023-35371

Microsoft Office Remote Code Execution Vulnerability

CVE-2023-38185

Microsoft Exchange Server Remote Code Execution Vulnerability

CVE-2023-38182

Microsoft Exchange Server Remote Code Execution Vulnerability

TALOS: Latest News

Malicious QR Codes: How big of a problem is it, really?