www.belgium.be Logo of the federal government

Warning: Microsoft’s August 2023 Microsoft Patch Tuesday, patches 73 vulnerabilities (6 CRITICAL, 2 0-DAY, 2 ACTIVELY EXPLOITED), Patch Immediately!

Référence: 
Advisory #2023-98
Version: 
1.0
Logiciels concernés : 
For a full overview consult: https://msrc.microsoft.com/update- guide/releaseNote/2023-Aug
Type: 
Several types, ranging from Information Disclosure to Remote Code Execution and Privilege Escalation.
CVE/CVSS: 

Microsoft patched 73 CVEs in its August 2023 Patch Tuesday release. Including 2 0- day vulnerabilities being actively exploited. Of the 73 vulnerabilities 6 are rated as critical and 67 are rated as important.

Number of CVE by type:

  • 23 Remote Code Execution vulnerabilities 18 Elevation of Privilege vulnerabilities
  • 12 Information Disclosure vulnerabilities 12 Spoofing vulnerability
  • 8 Denial of Service vulnerabilities
  • 3 Security Feature Bypass vulnerabilities
Date: 
10/08/2023

Sources

https://msrc.microsoft.com/update-guide/releaseNote/2023-Aug
https://msrc.microsoft.com/update-guide/vulnerability/ADV230003

Risques

Microsoft’s May 2023 Patch Tuesday includes 6 critical and 67 important vulnerabilities for a wide range of Microsoft products and technologies.

Microsoft fixed 2 zero-day vulnerabilities with two of them actively exploited in the wild:

  • CVE-2023-36884: Microsoft released a defense-in-depth update for Microsoft Office Related to 2023-36884, a Windows Search security feature bypass vulnerability Issued in July 2023. The patch prevents exploitation of a remote code execution (RCE) vulnerability.
  • CVE-2023-38180: .NET and Visual Studio Denial of Service Vulnerability Microsoft has not yet disclosed the details on this vulnerability.

The Centre for Cyber security Belgium has launched multiple spear warning campaigns and advised Belgian organizations frequently to patch their servers.

Description

Overview of the critical and more likely to be exploited vulnerabilities.

ADV230003 - Microsoft Office Defense in Depth Update CVSS: 7.5

Microsoft has released an update for Microsoft Office that stops the attack chain leading to the Windows Search Remote Code Execution Vulnerability (CVE-2023-36884) that was part of the July 2023 Patch Tuesday updates.

This vulnerability has been actively exploited by the RomCom group.

CVE-2023-38180 - .NET and Visual Studio Denial of Service Vulnerability CVSS: 7.5

Microsoft fixed an actively exploited vulnerability that can cause a DoS attack on .NET applications and Visual Studio. Microsoft has not yet disclosed the details of this attack.

CVE-2023-35385, CVE-2023-36910, CVE-2023-36911 - Microsoft Message Queuing Remote Code Execution Vulnerability CVSS: 9.8

Microsoft patched multiple RCE vulnerabilities in the Microsoft Message Queuing (MSMQ) of Windows. All vulnerabilities have a CVSS score of 9.8.

An unauthenticated attacked could exploit these vulnerabilities by sending malicious MSMQ packets to a vulnerable server.

CVE-2023-36895 - Microsoft Outlook Remote Code Execution Vulnerability CVSS: 7.8

Microsoft patched a RCE vulnerability In Microsoft Outlook. The vulnerability requires user Interactions, but Microsoft has not specified what kind of user Interaction (opening a mail, attachment, ...)

CVE-2023-29328, CVE-2023-29330 - Microsoft Teams Remote Code Execution Vulnerability CVSS: 8.8

Microsoft patched 2 RCE vulnerabilities in Microsoft Teams. A user would need to join a malicious Microsoft Teams meeting set up by the attacker. Awareness is key to prevent social engineering.

CVE-2023-21709 - Microsoft Exchange Server Elevation of Privilege Vulnerability CVSS 9.8

An attacker could exploit this vulnerability in a network-based attack. The attacker could then brute force user account passwords and log in as that user. The advisory has additional steps required to protect against this vulnerability. After applying the patch, you have to run a PowerShell script.

Check the advisory for details https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-21709.

CVE-2023-38181,CVE-2023-38185, CVE-2023-35368, CVE-2023-38182, CVE- 2023-35388 - Microsoft Exchange Server Vulnerabilities CVSS: 8.0-8.8

Microsoft patched multiple vulnerabilities in Microsoft Exchange Server. These vulnerabilities could allow an authenticated attacker to execute code using a remote PowerShell session. The attacker needs LAN access and valid Exchange user credentials.

CVE-2023-35359, CVE-2023-35380, CVE-2023-35382, CVE-2023-35386, CVE- 2023-38154 - Windows Kernel Elevation of Privilege Vulnerability CVSS: 7.8

Microsoft patched multiple EoP vulnerabilities in the Windows kernel. The vulnerabilities could be used by an attacker with local access to gain SYSTEM level privileges.

CVE-2023-36900 - Windows Common Log File System Driver Elevation of Privilege Vulnerability CVSS: 7.8

Microsoft patched another Windows CLFS EoP vulnerability. Similar vulnerabilities have been fixed in previous Patch Tuesdays, including two zero-days (CVE-2023-23376, CVE- 2023-28252).

Actions recommandées

The Centre for Cyber security Belgium recommends system administrators to patch vulnerable systems as soon as possible and to analyse system and network logs for any suspicious activity. If your organization has already identified an intrusion or incident, please report it via: https://cert.be/en/report-incident.

Références

https://www.tenable.com/blog/microsofts-august-2023-patch- tuesday-addresses-73-cves-cve-2023-38180
https://www.bleepingcomputer.com/news/microsoft/microsoft- august-2023-patch-tuesday-warns-of-2-zero-days-87-flaws/