September 21, 2023

Microsoft patched 80 CVEs in its March 2023 Patch Tuesday Release, with 9 rated as critical, 79 rated as important and one rated as moderate.

Two actively exploited zero-day vulnerabilities we will highlight later in this blog  were reported by the vendor: an elevation of privilege within Microsoft Outlook (CVE-2023-23397) rated as Critical and a security feature bypass within Windows SmartScreen (CVE-2023-24880) rated as Moderate

This month’s update includes patches for:

  • Azure
  • Client Server Run-time Subsystem (CSRSS)
  • Internet Control Message Protocol (ICMP)
  • Microsoft Bluetooth Driver
  • Microsoft Dynamics
  • Microsoft Edge (Chromium-based)
  • Microsoft Graphics Component
  • Microsoft Office Excel
  • Microsoft Office Outlook
  • Microsoft Office SharePoint
  • Microsoft OneDrive
  • Microsoft PostScript Printer Driver
  • Microsoft Printer Drivers
  • Microsoft Windows Codecs Library
  • Office for Android
  • Remote Access Service Point-to-Point Tunnelling Protocol
  • Role: DNS Server
  • Role: Windows Hyper-V
  • Service Fabric
  • Visual Studio
  • Windows Accounts Control
  • Windows Bluetooth Service
  • Windows Central Resource Manager
  • Windows Cryptographic Services
  • Windows Defender
  • Windows HTTP Protocol Stack
  • Windows HTTP.sys
  • Windows Internet Key Exchange (IKE) Protocol
  • Windows Kernel
  • Windows Partition Management Driver
  • Windows Point-to-Point Protocol over Ethernet (PPPoE)
  • Windows Remote Procedure Call
  • Windows Remote Procedure Call Runtime
  • Windows Resilient File System (ReFS)
  • Windows Secure Channel
  • Windows SmartScreen
  • Windows TPM
  • Windows Win32K
Advertisements

Remote code execution (RCE) vulnerabilities accounted for 32.9% of the vulnerabilities patched this month, followed by elevation of privilege (EoP) vulnerabilities at 26.3%.

Microsoft Outlook Elevation of Privilege Vulnerability (Zero Day)

CVE-2023-23397 is an elevation of privilege vulnerability in Microsoft Outlook that was assigned a CVSSv3 score of 9.8 and was exploited in the wild. The vulnerability can be exploited by sending a malicious email to a vulnerable version of Outlook. When the email is processed by the server, a connection to an attacker-controlled device can be established to leak the Net-NTLMv2 hash of the email recipient. The attacker can use this hash to authenticate as the victim recipient in an NTLM relay attack.

Microsoft notes that this exploitation can occur before the email is viewed in the Preview Pane, meaning no interaction from the victim recipient is needed for a successful attack.

Windows SmartScreen Security Feature Bypass Vulnerability (Zero Day)

CVE-2023-24880 is a Windows SmartScreen Security Feature Bypass vulnerability in Windows operating systems that was assigned a CVSSv3 score of 5.4. The vulnerability has been publicly disclosed and was exploited in the wild. To be exploited, a malicious file needs to be opened by a user on an affected version of Windows. When the email is opened, the Mark of the Web (MoTW) functionality is bypassed, meaning that security features that rely on MoTW tagging are not triggered and could allow for malicious payloads within the file to be executed on the target.

Windows Cryptographic Services Remote Code Execution Vulnerability

CVE-2023-23416 is a RCE vulnerability in Windows operating systems that was assigned a CVSSv3 score of 8.4. The vulnerability exists in Windows Cryptographic Services, a suite of cryptographic tools in Windows operating systems. Exploitation is performed by importing a malicious certificate onto a vulnerable target, requiring the attacker to authenticate to the target or entice an authenticated user into importing the malicious certificate. As per the Microsoft Exploitability Index this was given a rating of Exploitation More Likely.

Advertisements

Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability

CVE-2023-23415 is a RCE vulnerability in Windows operating systems and was assigned a CVSSv3 score of 9.8. The vulnerability lies in the way the operating system handles ICMP packets when an application running on the vulnerable Windows host is bound to a raw socket. Exploitation is performed by sending a malicious fragmented IP packet to a vulnerable target, leading to arbitrary code execution. As per the Microsoft Exploitability Index this was given a rating of Exploitation More Likely.

HTTP Protocol Stack Remote Code Execution Vulnerability

CVE-2023-23392 is a RCE vulnerability in Microsoft operating systems that was given a CVSSv3 score of 9.8 and as per the Microsoft Exploitability Index this was given a rating of Exploitation More Likely. The vulnerability exists in the HTTP. sys component of Windows operating systems. Exploitation can be performed by a remote, unauthenticated attacker sending a malicious packet to the target server. For a server to be vulnerable, it must have HTTP/3 enabled and use buffered I/O. The Microsoft advisory notes that HTTP/3 support is a new feature for Windows Server 2022 and must be enabled with a registry key.

Trusted Platform Module (TPM) Module Library

CVE-2023-1017 and CVE-2023-1018, rated as Critical, are vulnerabilities affecting the TPM2.0 Module Library. An out-of-bounds write vulnerability allows the writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service (crashing the TPM chip/process or rendering it unusable) and/or arbitrary code execution in the TPM context

Windows Point-to-Point Tunnelling Protocol Remote Code Execution

CVE-2023-23404, a RCE vulnerability affecting the P2P Tunnelling Protocol, is rated as Critical. An unauthenticated attacker could send a specially crafted connection request to a remote access server (RAS), which could lead to remote code execution (RCE) on the RAS machine. As per the Microsoft Exploitability Index this was given a rating of Exploitation less Likely as it requires the attacker to win a race condition.

Advertisements

Windows Hyper-V Denial of Service

CVE-2023-23411, a Denial-of-Service vulnerability affecting Windows Hyper-V, is rated as Critical. Successful exploitation of this vulnerability could allow a Hyper-V guest to affect the functionality of the Hyper-V host. As per the Microsoft Exploitability Index this was given a rating of Exploitation less Likely.

This month patch Tuesday summary

CVE IDCVE TitleSeverity
CVE-2023-23415Internet Control Message Protocol (ICMP) Remote Code Execution VulnerabilityCritical
CVE-2023-23397Microsoft Outlook Elevation of Privilege VulnerabilityCritical
CVE-2023-23404Windows Point-to-Point Tunneling Protocol Remote Code Execution VulnerabilityCritical
CVE-2023-23411Windows Hyper-V Denial of Service VulnerabilityCritical
CVE-2023-23416Windows Cryptographic Services Remote Code Execution VulnerabilityCritical
CVE-2023-23392HTTP Protocol Stack Remote Code Execution VulnerabilityCritical
CVE-2023-21708Remote Procedure Call Runtime Remote Code Execution VulnerabilityCritical
CVE-2023-1017CERT/CC: CVE-2023-1017 TPM2.0 Module Library Elevation of Privilege VulnerabilityCritical
CVE-2023-1018CERT/CC: CVE-2023-1018 TPM2.0 Module Library Elevation of Privilege VulnerabilityCritical
CVE-2023-23408Azure Apache Ambari Spoofing VulnerabilityImportant
CVE-2023-23409Client Server Run-Time Subsystem (CSRSS) Information Disclosure VulnerabilityImportant
CVE-2023-23394Client Server Run-Time Subsystem (CSRSS) Information Disclosure VulnerabilityImportant
CVE-2023-23388Windows Bluetooth Driver Elevation of Privilege VulnerabilityImportant
CVE-2023-24920Microsoft Dynamics 365 (on-premises) Cross-site Scripting VulnerabilityImportant
CVE-2023-24879Microsoft Dynamics 365 (on-premises) Cross-site Scripting VulnerabilityImportant
CVE-2023-24919Microsoft Dynamics 365 (on-premises) Cross-site Scripting VulnerabilityImportant
CVE-2023-24891Microsoft Dynamics 365 (on-premises) Cross-site Scripting VulnerabilityImportant
CVE-2023-24922Microsoft Dynamics 365 Information Disclosure VulnerabilityImportant
CVE-2023-24921Microsoft Dynamics 365 (on-premises) Cross-site Scripting VulnerabilityImportant
CVE-2023-24892Microsoft Edge (Chromium-based) Webview2 Spoofing VulnerabilityImportant
CVE-2023-24910Windows Graphics Component Elevation of Privilege VulnerabilityImportant
CVE-2023-23398Microsoft Excel Spoofing VulnerabilityImportant
CVE-2023-23396Microsoft Excel Denial of Service VulnerabilityImportant
CVE-2023-23399Microsoft Excel Remote Code Execution VulnerabilityImportant
CVE-2023-23395Microsoft SharePoint Server Spoofing VulnerabilityImportant
CVE-2023-24890Microsoft OneDrive for iOS Security Feature Bypass VulnerabilityImportant
CVE-2023-24930Microsoft OneDrive for MacOS Elevation of Privilege VulnerabilityImportant
CVE-2023-24882Microsoft OneDrive for Android Information Disclosure VulnerabilityImportant
CVE-2023-24923Microsoft OneDrive for Android Information Disclosure VulnerabilityImportant
CVE-2023-24907Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution VulnerabilityImportant
CVE-2023-24857Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure VulnerabilityImportant
CVE-2023-24868Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution VulnerabilityImportant
CVE-2023-24872Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution VulnerabilityImportant
CVE-2023-24876Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution VulnerabilityImportant
CVE-2023-24913Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution VulnerabilityImportant
CVE-2023-24864Microsoft PostScript and PCL6 Class Printer Driver Elevation of Privilege VulnerabilityImportant
CVE-2023-24866Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure VulnerabilityImportant
CVE-2023-24906Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure VulnerabilityImportant
CVE-2023-24867Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution VulnerabilityImportant
CVE-2023-24863Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure VulnerabilityImportant
CVE-2023-24858Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure VulnerabilityImportant
CVE-2023-24911Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure VulnerabilityImportant
CVE-2023-24870Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure VulnerabilityImportant
CVE-2023-24909Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution VulnerabilityImportant
CVE-2023-23406Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution VulnerabilityImportant
CVE-2023-23413Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution VulnerabilityImportant
CVE-2023-24856Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure VulnerabilityImportant
CVE-2023-24865Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure VulnerabilityImportant
CVE-2023-23403Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution VulnerabilityImportant
CVE-2023-23401Windows Media Remote Code Execution VulnerabilityImportant
CVE-2023-23402Windows Media Remote Code Execution VulnerabilityImportant
CVE-2023-23391Office for Android Spoofing VulnerabilityImportant
CVE-2023-23400Windows DNS Server Remote Code Execution VulnerabilityImportant
CVE-2023-23383Service Fabric Explorer Spoofing VulnerabilityImportant
CVE-2023-23618GitHub: CVE-2023-23618 Git for Windows Remote Code Execution VulnerabilityImportant
CVE-2023-22743GitHub: CVE-2023-22743 Git for Windows Installer Elevation of Privilege VulnerabilityImportant
CVE-2023-23946GitHub: CVE-2023-23946 mingit Remote Code Execution VulnerabilityImportant
CVE-2023-22490GitHub: CVE-2023-22490 mingit Information Disclosure VulnerabilityImportant
CVE-2023-23412Windows Accounts Picture Elevation of Privilege VulnerabilityImportant
CVE-2023-24871Windows Bluetooth Service Remote Code Execution VulnerabilityImportant
CVE-2023-23393Windows BrokerInfrastructure Service Elevation of Privilege VulnerabilityImportant
CVE-2023-23389Microsoft Defender Elevation of Privilege VulnerabilityImportant
CVE-2023-23410Windows HTTP.sys Elevation of Privilege VulnerabilityImportant
CVE-2023-24859Windows Internet Key Exchange (IKE) Extension Denial of Service VulnerabilityImportant
CVE-2023-23420Windows Kernel Elevation of Privilege VulnerabilityImportant
CVE-2023-23422Windows Kernel Elevation of Privilege VulnerabilityImportant
CVE-2023-23421Windows Kernel Elevation of Privilege VulnerabilityImportant
CVE-2023-23423Windows Kernel Elevation of Privilege VulnerabilityImportant
CVE-2023-23417Windows Partition Management Driver Elevation of Privilege VulnerabilityImportant
CVE-2023-23407Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution VulnerabilityImportant
CVE-2023-23385Windows Point-to-Point Protocol over Ethernet (PPPoE) Elevation of Privilege VulnerabilityImportant
CVE-2023-23414Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution VulnerabilityImportant
CVE-2023-23405Remote Procedure Call Runtime Remote Code Execution VulnerabilityImportant
CVE-2023-24869Remote Procedure Call Runtime Remote Code Execution VulnerabilityImportant
CVE-2023-24908Remote Procedure Call Runtime Remote Code Execution VulnerabilityImportant
CVE-2023-23419Windows Resilient File System (ReFS) Elevation of Privilege VulnerabilityImportant
CVE-2023-23418Windows Resilient File System (ReFS) Elevation of Privilege VulnerabilityImportant
CVE-2023-24862Windows Secure Channel Denial of Service VulnerabilityImportant
CVE-2023-24861Windows Graphics Component Elevation of Privilege VulnerabilityImportant
CVE-2023-24880Windows SmartScreen Security Feature Bypass VulnerabilityModerate

Chromium Edge Updates

CVE IDCVE Title
CVE-2023-24880Windows SmartScreen Security Feature Bypass Vulnerability
CVE-2023-1236Chromium: CVE-2023-1236 Inappropriate implementation in Internals
CVE-2023-1235Chromium: CVE-2023-1235 Type Confusion in DevTools
CVE-2023-1213Chromium: CVE-2023-1213 Use after free in Swiftshader
CVE-2023-1234Chromium: CVE-2023-1234 Inappropriate implementation in Intents
CVE-2023-1223Chromium: CVE-2023-1223 Insufficient policy enforcement in Autofill
CVE-2023-1222Chromium: CVE-2023-1222 Heap buffer overflow in Web Audio API
CVE-2023-1221Chromium: CVE-2023-1221 Insufficient policy enforcement in Extensions API
CVE-2023-1229Chromium: CVE-2023-1229 Inappropriate implementation in Permission prompts
CVE-2023-1228Chromium: CVE-2023-1228 Insufficient policy enforcement in Intents
CVE-2023-1224Chromium: CVE-2023-1224 Insufficient policy enforcement in Web Payments API
CVE-2023-1220Chromium: CVE-2023-1220 Heap buffer overflow in UMA
CVE-2023-1216Chromium: CVE-2023-1216 Use after free in DevTools
CVE-2023-1215Chromium: CVE-2023-1215 Type Confusion in CSS
CVE-2023-1214Chromium: CVE-2023-1214 Type Confusion in V8
CVE-2023-1219Chromium: CVE-2023-1219 Heap buffer overflow in Metrics
CVE-2023-1218Chromium: CVE-2023-1218 Use after free in WebRTC
CVE-2023-1217Chromium: CVE-2023-1217 Stack buffer overflow in Crash reporting
CVE-2023-1230Chromium: CVE-2023-1230 Inappropriate implementation in WebApp Installs
CVE-2023-1232Chromium: CVE-2023-1232 Insufficient policy enforcement in Resource Timing
CVE-2023-1233Chromium: CVE-2023-1233 Insufficient policy enforcement in Resource Timing
CVE-2023-1231Chromium: CVE-2023-1231 Inappropriate implementation in Autofill

Leave a Reply

%d bloggers like this: