Headline
Microsoft patches 12 critical vulnerabilities, nine of which are in Layer 2 Tunneling Protocol
Two other vulnerabilities that Microsoft is fixing Tuesday — CVE-2023-36563 in Microsoft WordPad and CVE-2023-41763 in the Skype communication platform — have already been publicly exploited in the wild and have proof-of-concept code available.
Wednesday, October 11, 2023 07:10
Microsoft disclosed 104 vulnerabilities in its extensive range of software and services, the most in a single Patch Tuesday since July.
What is most notable is that this batch of vulnerabilities includes 12 that are considered “critical,” nine of which are remote code execution vulnerabilities in the Layer 2 Tunneling Protocol.
Two other vulnerabilities that Microsoft is fixing Tuesday — CVE-2023-36563 in Microsoft WordPad and CVE-2023-41763 in the Skype communication platform — have already been publicly exploited in the wild and have proof-of-concept code available, making it more likely that attackers will try to exploit unpatched versions of these pieces of software. However, these issues are only considered “important.”
The nine Layer 2 Tunneling Protocol vulnerabilities all require an attacker to win a race condition. A race condition is when two threads in a piece of code try to reach the same piece of data at the same time, and thus one action must be completed before the other.
In this scenario, an attacker could exploit the Tunneling Protocol by sending a specially crafted protocol message to a Routing and Remote Access Service (RAS) server, which could lead to remote code execution on the RAS server machine. The vulnerabilities Microsoft disclosed and patched on Tuesday are:
- CVE-2023-38166
- CVE-2023-41765
- CVE-2023-41767
- CVE-2023-41768
- CVE-2023-41769
- CVE-2023-41770
- CVE-2023-41771
- CVE-2023-41773
- CVE-2023-41774
The Layer 2 Tunneling Protocol allows remote users to connect to a machine, or site-to-site connectivity via a VPN. Vulnerabilities involving VPNs have come under a microscope since the discovery of the VPNFilter malware in 2018 that affected thousands of devices across the globe.
A vulnerability in Fortinet’s SSL VPN, CVE-2018-13379, topped the U.S. Cybersecurity and Infrastructure Security Agency’s list of the most-exploited vulnerabilities in 2022, despite being disclosed back in 2018. U.S. officials also warned earlier this year of Volt Typhoon, a large APT believed to be backed by China’s government that is targeting networking devices to possibly gain a foothold onto U.S. military networks and critical infrastructure.
Another critical remote execution vulnerability disclosed Tuesday, CVE-2023-35349, exists in the Microsoft Message Queuing service. An unauthenticated attacker could exploit this vulnerability to execute code on the targeted server.
However, this vulnerability is only exploitable if the user has Message Queuing enabled. Microsoft stated in its advisory that users should check to see if there is a service running named “Message Queuing” and if TCP port 1801 is listening on the machine.
One of the other critical vulnerabilities fixed this month is CVE-2023-36718, a remote code execution vulnerability in the Microsoft Virtual Trusted Platform Module. An attacker who exploits this vulnerability could perform a contained execution environment escape.
The attack complexity is considered “high” and therefore less likely to be exploited, Microsoft said, because exploitation relies on complex memory shaping techniques and the attacker must at least be authenticated as a guest first.
A complete list of all the other vulnerabilities Microsoft disclosed this month is available on its update page.
In response to these vulnerability disclosures, Talos is releasing a new Snort rule set that detects attempts to exploit some of them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Cisco Secure Firewall customers should use the latest update to their ruleset by updating their SRU. Open-source Snort Subscriber Rule Set customers can stay up-to-date by downloading the latest rule pack available for purchase on Snort.org.
The rules included in this release that protect against the exploitation of many of these vulnerabilities are 62486 - 62493 and 62508 - 62511, and Snort 3 signatures 300719 - 300722.
Related news
The second zero-day vulnerability found in Windows NTLM in the past two months paves the way for relay attacks and credential theft. Microsoft has no patch, but released updated NTLM cyberattack mitigation advice.
Introduction In February 2024, we released an update to Exchange Server which contained a security improvement referenced by CVE-2024-21410 that enabled Extended Protection for Authentication (EPA) by default for new and existing installs of Exchange 2019. While we’re currently unaware of any active threat campaigns involving NTLM relaying attacks against Exchange, we have observed threat actors exploiting this vector in the past.
Based on a comprehensive review of more than a dozen prominent ransomware groups, we identified several commonalities in TTPs, along with several notable differences and outliers.
The threat actors behind the Play ransomware are estimated to have impacted approximately 300 entities as of October 2023, according to a new joint cybersecurity advisory from Australia and the U.S. "Play ransomware actors employ a double-extortion model, encrypting systems after exfiltrating data and have impacted a wide range of businesses and critical infrastructure organizations in North
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is urging manufacturers to get rid of default passwords on internet-exposed systems altogether, citing severe risks that could be exploited by malicious actors to gain initial access to, and move laterally within, organizations. In an alert published last week, the agency called out Iranian threat actors affiliated with
Dell vApp Manger, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote attacker could potentially exploit this vulnerability to read arbitrary files from the target system.
Hello everyone! October was an interesting and busy month for me. I started a new job, worked on my open source Vulristics project, and analyzed vulnerabilities using it. Especially Linux vulnerabilities as part of my new Linux Patch Wednesday project. And, of course, analyzed Microsoft Patch Tuesday as well. In addition, at the end of […]
Plus: Major vulnerability fixes are now available for a number of enterprise giants, including Cisco, VMWare, Citrix, and SAP.
Microsoft has released its Patch Tuesday updates for October 2023, addressing a total of 103 flaws in its software, two of which have come under active exploitation in the wild. Of the 103 flaws, 13 are rated Critical and 90 are rated Important in severity. This is apart from 18 security vulnerabilities addressed in its Chromium-based Edge browser since the second Tuesday of September. The two
Microsoft has released its Patch Tuesday updates for October 2023, addressing a total of 103 flaws in its software, two of which have come under active exploitation in the wild. Of the 103 flaws, 13 are rated Critical and 90 are rated Important in severity. This is apart from 18 security vulnerabilities addressed in its Chromium-based Edge browser since the second Tuesday of September. The two
Microsoft today issued security updates for more than 100 newly-discovered vulnerabilities in its Windows operating system and related software, including four flaws that are already being exploited. In addition, Apple recently released emergency updates to quash a pair of zero-day bugs in iOS.
Microsoft today issued security updates for more than 100 newly-discovered vulnerabilities in its Windows operating system and related software, including four flaws that are already being exploited. In addition, Apple recently released emergency updates to quash a pair of zero-day bugs in iOS.
Microsoft today issued security updates for more than 100 newly-discovered vulnerabilities in its Windows operating system and related software, including four flaws that are already being exploited. In addition, Apple recently released emergency updates to quash a pair of zero-day bugs in iOS.
October's CVE update is here. Here's which security vulnerabilities to patch now to exorcise your Microsoft systems demons.
Microsoft Message Queuing Remote Code Execution Vulnerability
Microsoft Virtual Trusted Platform Module Remote Code Execution Vulnerability
Microsoft WordPad Information Disclosure Vulnerability
Categories: Exploits and vulnerabilities Categories: News Tags: Zoho ManageEngine Tags: CVE-2021-40539 Tags: Log4Shell Tags: CVE-2021-44228 Tags: CVE-2021-13379 Tags: ProxyShell Tags: CVE-2021-34473 Tags: CVE-2021-31207 Tags: CVE-2021-34523 Tags: CVE-2021-26084 Tags: Atlassian Tags: CVE-2022-22954 Tags: CVE-2022-22960 Tags: CVE-2022-26134 Tags: CVE-2022-1388 Tags: CVE-2022-30190 Tags: Follina What can the routinely exploited vulnerabilities of 2022 tell us, and what do we think will make it on to next year's list? (Read more...) The post 2022's most routinely exploited vulnerabilities—history repeats appeared first on Malwarebytes Labs.
A four-year-old critical security flaw impacting Fortinet FortiOS SSL has emerged as one of the most routinely and frequently exploited vulnerabilities in 2022. "In 2022, malicious cyber actors exploited older software vulnerabilities more frequently than recently disclosed vulnerabilities and targeted unpatched, internet-facing systems," cybersecurity and intelligence agencies from the Five
The vulnerability, disclosed In October, gives an unauthenticated attacker a way to take control of an affected product.
While the ransomware-for-hire group works to create ever more efficient exploits, companies can protect themselves with structured vulnerability management processes. Prioritize threats based on severity and risk.
The authentication bypass flaw in FortiOS, FortiProxy and FortiSwitchManager is easy to find and exploit, security experts say.
The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Wednesday announced sweeping sanctions against ten individuals and two entities backed by Iran's Islamic Revolutionary Guard Corps (IRGC) for their involvement in ransomware attacks at least since October 2020. The agency said the cyber activity mounted by the individuals is partially attributable to intrusion sets tracked
The attack on Israeli organizations is the latest in a long line of attempts to compromise supply chains, as the APT looks to leverage that access to target a multitude of potential victims.
Microsoft on Thursday said it took steps to disable malicious activity stemming from abuse of OneDrive by a previously undocumented threat actor it tracks under the chemical element-themed moniker Polonium. In addition to removing the offending accounts created by the Lebanon-based activity group, the tech giant's Threat Intelligence Center (MSTIC) said it suspended over 20 malicious OneDrive
By Deeba Ahmed Cobalt Mirage is an Irani threat group believed to be linked to the Iranian Cobalt Illusion threat group,… This is a post from HackRead.com Read the original post: Iran’s COBALT MIRAGE Threat Group Behind Ransomware Attacks in US