Microsoft Addresses Over 100 Vulnerabilities; Some Exploited in the Wild
No attachments for this post
On Tuesday, Microsoft released a substantial set of updates addressing over 100 vulnerabilities throughout the Windows platform. The company highlighted that three of these flaws are currently under active exploitation.
During this Patch Tuesday roll-out, Microsoft collaborated with tech powerhouses such as AWS, Google, and Cloudflare to tackle the 'HTTP/2 Rapid Reset' zero-day vulnerability, which posed a significant risk of massive DDoS attacks on the internet.
Microsoft also spotlighted two zero-day flaws located within WordPad and Skype for Business, both of which are reportedly exploited in real-world attacks. The WordPad vulnerability, labeled CVE-2023-36563, is an information disclosure bug that can reveal NTLM hashes. This flaw, detected by Microsoft's internal threat intelligence team, can be exploited through maliciously crafted URLs or files. Notably, Microsoft's advisory did not offer any indicators of compromise (IOCs) or data to help cybersecurity professionals detect breaches.
Additionally, a Skype for Business vulnerability, CVE-2023-41763, allows attackers to enhance their permissions on compromised Windows systems. Microsoft explained, "Attackers could make a uniquely crafted network call to a Skype for Business server, potentially unveiling IP addresses, port numbers, or both."
In some scenarios, the revealed sensitive information might grant intruders access to internal systems.
Overall, the updates covered around 110 vulnerabilities impacting various Windows components, such as Exchange Server, Microsoft Office, Visual Studio, ASP.NET Core, Microsoft Dynamics, and the Message Queuing technology.
The Message Queuing technology was notably impacted, with 20 bulletins highlighting significant security flaws. One such flaw, CVE-2023-35349, has a severe CVSS rating of 9.8/10 and is considered wormable in certain conditions. ZDI, a vulnerability disclosure firm, advised, "An external attacker could execute arbitrary codes without user interaction, making this flaw wormable. Systems with Message Queuing enabled should be reviewed, and consider blocking TCP port 1801."
Additionally, ZDI emphasized the importance of CVE-2023-36434, a vulnerability in the Windows IIS Server. This flaw could allow attackers to log in as another user on a compromised IIS server. Although not labeled as 'Critical' by Microsoft since it necessitates a brute-force attack, ZDI warns that such attacks can now be easily automated and suggests treating this flaw as critical.
Comments on this post
No comments have been added for this post.
You must be logged in to make a comment.