Patch Tuesday – 6 critical CVEs & 2 zero-day vulnerabilities
Microsoft released its monthly security updates on August 8, 2023. The updates fixed two zero-day vulnerabilities that were known to be exploited in the wild. Six of the 87 vulnerabilities patched were rated as critical and 68 as important. Remote code execution vulnerabilities increased again with 23 RCE vulnerabilities being fixed.
Let’s take a closer look at the most interesting updates for this month.
⭕ Notable Critical Microsoft Vulnerabilities
⭕ Critical |Microsoft Teams Remote Code Execution Vulnerability
- CVE-2023-29328, CVE-2023-29330 are notable security vulnerabilities that have been discovered in Microsoft Teams, allowing for potential remote code execution by malicious actors. The vulnerability can be exploited by tricking a victim into joining a Teams meeting organized by the attacker. Once the user joins the malicious meeting, the attacker can perform remote code execution, operating in the context of the victim's user session. If successfully exploited, the attacker can access, modify, or delete the victim's user data. This could lead to unauthorized information disclosure, potential data manipulation, and further malicious activities. An attacker does not need any special privileges on the victim's system to exploit this vulnerability.
⭕ Critical | Microsoft Message Queuing Remote Code Execution Vulnerability
- CVE-2023-36910, CVE-2023-36911, CVE-2023-35385 affects Microsoft's Message Queuing (MSMQ) which is a protocol designed for consistent communication between Windows systems on various networks. It retains a queue of undelivered messages, ensuring delivery even if a computer is momentarily offline. To leverage this vulnerability, an attacker has to dispatch a specifically tailored malicious MSMQ packet to the target MSMQ server. Successfully exploiting this vulnerability allows an unauthorized attacker to remotely execute code on the targeted server.
⭕ Critical | Microsoft Outlook Remote Code Execution Vulnerability
- CVE-2023-36895 – To take advantage of the vulnerability, an attacker needs to persuade a victim to download and launch a specifically designed file from a website, which can compromise the local machine.
August's Patch Tuesday Addressing Zero-day Flaws
Windows Search Remote Code Execution Vulnerability
- CVE-2023-36884 – Microsoft rolled out OS patches to tackle the vulnerability. This month, they've introduced a supplementary Defense in Depth Update (ADV230003) to counter the attack methodology linked to this vulnerability's exploitation. The title has been modified by Microsoft, transitioning from 'Office and Windows HTML Remote Code Execution Vulnerability' to 'Windows Search Remote Code Execution Vulnerability'. Potential attackers could target the vulnerability via emails or instant messages by transmitting a uniquely crafted file. Such a file, skirting the Mark of the Web (MOTW) safeguards, could enable code execution on the recipient's system."
.NET and Visual Studio Denial of Service Vulnerability
- CVE-2023-38180 – The vulnerability may allow an attacker to initiate a denial-of-service assault on a target machine with minimal complexity, even without specific privileges. In their recent advisory, Microsoft has remained silent on further details about this vulnerability.
Runecast Analyzer covers all the 37 vulnerabilities that affect Windows operating systems, all mentioned below:
Runecast protects you against all of these
At Runecast we ensure that all OS vulnerabilities are covered, so you can focus on mitigating threats and ensuring your system is running safe and secure. We keep you updated about the latest vulnerabilities, exploits and security compliance research and pride ourselves on responding quickly and decisively to key news in the IT Security and Operations spaces.
Runecast is an AI-powered platform that gives you complete visibility and proactive control over potential vulnerabilities in your environment. It provides best practices, risk-based vulnerability management, security and continuous compliance audits to ensure that every aspect of your environment is protected. Additionally, Runecast provides explicit instructions and generates custom remediation scripts, to help IT teams maintain continuous compliance within the environment. The Runecast platform can be deployed to AWS, Azure, Google Cloud, Kubernetes, and VMware environments and can operate entirely on-premises or via our new SaaS offering.
Meet other Runecasters here:
Run Secure and Compliant Workloads Anywhere
Let Runecast detect and assess risks, so you can be fully compliant in minutes.