Cookie Consent by Free Privacy Policy Generator 📌 The August 2023 Security Update Review

🏠 Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeiträge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden Überblick über die wichtigsten Aspekte der IT-Sicherheit in einer sich ständig verändernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch übersetzen, erst Englisch auswählen dann wieder Deutsch!

Google Android Playstore Download Button für Team IT Security



📚 The August 2023 Security Update Review


💡 Newskategorie: Hacking
🔗 Quelle: thezdi.com

Greetings from hacker summer camp! Black Hat and DEFCON start this week, but let’s kick everything off with Patch Tuesday and the latest security offerings from Adobe and Microsoft. Take a break from your regularly scheduled activities and join us as we review the details of their latest advisories. If you’d rather watch the video recap, you can check it out here.

Adobe Patches for August 2023

For August, Adobe released four patches addressing 37 CVEs in Adobe Acrobat and Reader, Commerce, Dimension, and the Adobe XMP Toolkit SDK. A total of 28 of these CVEs came through the ZDI program. The update for Reader is the largest, clocking in with 30 CVEs. The most severe of these are rated Critical and would allow code execution when opening a specially crafted PDF. The update for Commerce fixes three CVEs, including an OS command injection bug rated at a CVSS 9.1. The update for Dimension also fixes three CVEs. Similar to reader, and attacker could gain code execution if an affected system opened a specially crafted file. The final patch for the Adobe XMP Toolkit SDK corrects a single Denial-of-Service (DoS) bug.

None of the bugs fixed by Adobe this month are listed as publicly known or under active attack at the time of release. Adobe categorizes these updates as a deployment priority rating of 3.

Microsoft Patches for August 2023

This month, Microsoft released 74 new patches and two new advisories addressing CVES in Microsoft Windows and Windows Components; Edge (Chromium-Based); Exchange Server; Office and Office Components; .NET and Visual Studio; ASP.NET; Azure DevOps and HDInsights; Teams; and Windows Defender. Three of these CVEs were reported through the ZDI program and based on our upcoming page, many others are coming in the near future. Once you include the 11 fixes from the Chromium group for Edge (Chromium-Based) and the fix for AMD, it brings the total number of CVEs to 86.

Of the new patches released today, six are rated Critical and 67 are rated Important in severity. This is on the lower side for an August release, but perhaps Microsoft was distracted by other security problems.

None of the CVEs released today are listed as being publicly known or under active attack at the time of release. Let’s take a closer look at some of the more interesting updates for this month, starting with the fix that’s not a fix:

-       ADV230003 - Microsoft Office Defense in Depth Update
This advisory does not provide a fix for CVE-2023-36884, but it does (allegedly) break the exploit chain currently being used in active attacks. Microsoft released an advisory last month providing some details about this bug, but not a patch to fix it. Surprisingly, there still isn’t a patch – just this mitigation. Hopefully, a full patch to thoroughly address this bug under exploit will be released soon.

[UPDATE] Microsoft has now revised CVE-2023-36844 to include patches for all 33 affected products. You should apply the patch and consider this advisory as a temporary fix only.

-       CVE-2023-38181 - Microsoft Exchange Server Spoofing Vulnerability
This is a patch bypass of CVE-2023-32031, which itself was a bypass of CVE-2023-21529, which was a bypass of CVE-2022-41082, which was under active attack. This exploit does require authentication, but if exploited, an attacker could use this to perform an NTLM relay attack to authenticate as another user. It could also allow an attacker to get a PowerShell remoting session to the server. This is one of six CVEs fixed in Exchange this month, and each seems more severe than the next. Definitely take the time to test and deploy the cumulative update quickly.

-       CVE-2023-35385/36910/36911 - Microsoft Message Queuing Remote Code Execution Vulnerability
All three of these are rated at a CVSS of 9.8 and could allow a remote anonymous attacker to execute their code on an affected server at the level of the Message Queuing service. There are 11 total bugs impacting Message Queuing getting fixed this month, and it’s clear that the research community is paying close attention to this service. While we haven’t detected active exploits targeting Message Queuing yet, it’s like just a matter of time as example PoCs exist. You can block TCP port 1801 as a mitigation, but the better choice is to test and deploy the update quickly.

-       CVE-2023-29328/29330 - Microsoft Teams Remote Code Execution Vulnerability
These bugs allow an attacker to gain code execution on a target system by convincing someone to a malicious Teams meeting set up by the attacker. Microsoft doesn’t specifically state what level the code execution occurs, but they do note the attacker could provide “access to the victim's information and the ability to alter information,” so that implies at the logged-on user level. We’ve seen similar exploits demonstrated at Pwn2Own, so don’t skip this update.

-       CVE-2023-21709 - Microsoft Exchange Server Elevation of Privilege Vulnerability
I know I already brought up Exchange, but I couldn’t let this CVE pass without a mention. This vulnerability allows a remote, unauthenticated attacker to log in as another user. In this case, you’re elevating from no permissions to being able to authenticate to the server, which makes all of those post-authentication exploits (see above) viable. Although rated Important, I would consider this bug rated Critical and act accordingly.

Here’s the full list of CVEs released by Microsoft for August 2023:

CVE Title Severity CVSS Public Exploited Type
CVE-2023-35385 Microsoft Message Queuing Remote Code Execution Vulnerability Critical 9.8 No No RCE
CVE-2023-36910 Microsoft Message Queuing Remote Code Execution Vulnerability Critical 9.8 No No RCE
CVE-2023-36911 Microsoft Message Queuing Remote Code Execution Vulnerability Critical 9.8 No No RCE
CVE-2023-29328 Microsoft Teams Remote Code Execution Vulnerability Critical 8.8 No No RCE
CVE-2023-29330 Microsoft Teams Remote Code Execution Vulnerability Critical 8.8 No No RCE
CVE-2023-36895 Microsoft Outlook Remote Code Execution Vulnerability Critical 7.8 No No RCE
CVE-2023-20569 * AMD: CVE-2023-20569 Return Address Predictor Important N/A No No Info
CVE-2023-35390 .NET Core Remote Code Execution Vulnerability Important 8.4 No No RCE
CVE-2023-36899 .NET Framework Elevation of Privilege Vulnerability Important 7.5 No No EoP
CVE-2023-36873 .NET Framework Spoofing Vulnerability Important 5.9 No No Spoofing
CVE-2023-35391 ASP.NET Core and Visual Studio Information Disclosure Vulnerability Important 7.1 No No Info
CVE-2023-38178 ASP.NET Denial of Service Vulnerability Important 7.5 No No DoS
CVE-2023-38180 ASP.NET Denial of Service Vulnerability Important 7.5 No No DoS
CVE-2023-36881 Azure Apache Ambari Spoofing Vulnerability Important 4.5 No No Spoofing
CVE-2023-38188 Azure Apache Hadoop Spoofing Vulnerability Important 4.5 No No Spoofing
CVE-2023-35393 Azure Apache Hive Spoofing Vulnerability Important 4.5 No No Spoofing
CVE-2023-36877 Azure Apache Oozie Spoofing Vulnerability Important 4.5 No No Spoofing
CVE-2023-38176 Azure Arc-Enabled Servers Elevation of Privilege Vulnerability Important 8.5 No No EoP
CVE-2023-36869 Azure DevOps Server Spoofing Vulnerability Important 6.3 No No Spoofing
CVE-2023-35394 Azure HDInsight Jupyter Notebook Spoofing Vulnerability Important 4.5 No No Spoofing
CVE-2023-38170 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2023-35389 Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability Important 7.1 No No RCE
CVE-2023-38157 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability Important 3.9 No No SFB
CVE-2023-36896 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2023-35368 Microsoft Exchange Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2023-21709 Microsoft Exchange Server Elevation of Privilege Vulnerability Important 9.8 No No EoP
CVE-2023-35388 Microsoft Exchange Server Remote Code Execution Vulnerability Important 8 No No RCE
CVE-2023-38182 Microsoft Exchange Server Remote Code Execution Vulnerability Important 8 No No RCE
CVE-2023-38185 Microsoft Exchange Server Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2023-38181 Microsoft Exchange Server Spoofing Vulnerability Important 8.8 No No Spoofing
CVE-2023-35376 Microsoft Message Queuing Denial of Service Vulnerability Important 6.5 No No DoS
CVE-2023-35377 Microsoft Message Queuing Denial of Service Vulnerability Important 6.5 No No DoS
CVE-2023-36909 Microsoft Message Queuing Denial of Service Vulnerability Important 6.5 No No DoS
CVE-2023-36912 Microsoft Message Queuing Denial of Service Vulnerability Important 7.5 No No DoS
CVE-2023-38172 Microsoft Message Queuing Denial of Service Vulnerability Important 7.5 No No DoS
CVE-2023-38254 Microsoft Message Queuing Denial of Service Vulnerability Important 6.5 No No DoS
CVE-2023-35383 Microsoft Message Queuing Information Disclosure Vulnerability Important 7.5 No No Info
CVE-2023-36913 Microsoft Message Queuing Information Disclosure Vulnerability Important 6.5 No No Info
CVE-2023-35371 Microsoft Office Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2023-35372 Microsoft Office Visio Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2023-36865 Microsoft Office Visio Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2023-36866 Microsoft Office Visio Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2023-38169 Microsoft OLE DB Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2023-36893 Microsoft Outlook Spoofing Vulnerability Important 6.5 No No Spoofing
CVE-2023-36890 Microsoft SharePoint Server Information Disclosure Vulnerability Important 6.5 No No Info
CVE-2023-36894 Microsoft SharePoint Server Information Disclosure Vulnerability Important 6.5 No No Info
CVE-2023-36891 Microsoft SharePoint Server Spoofing Vulnerability Important 8 No No Spoofing
CVE-2023-36892 Microsoft SharePoint Server Spoofing Vulnerability Important 8 No No Spoofing
CVE-2023-36882 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2023-38175 Microsoft Windows Defender Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2023-35379 Reliability Analysis Metrics Calculation Engine (RACEng) Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2023-36898 Tablet Windows User Interface Application Core Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2023-36897 Visual Studio Tools for Office Runtime Spoofing Vulnerability Important 5.9 No No Spoofing
CVE-2023-35387 Windows Bluetooth A2DP driver Elevation of Privilege Vulnerability Important 8.8 No No EoP
CVE-2023-36904 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2023-36900 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2023-36906 Windows Cryptographic Services Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2023-36907 Windows Cryptographic Services Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2023-35381 Windows Fax Service Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2023-36889 Windows Group Policy Security Feature Bypass Vulnerability Important 5.5 No No SFB
CVE-2023-35384 Windows HTML Platforms Security Feature Bypass Vulnerability Important 5.4 No No SFB
CVE-2023-36908 Windows Hyper-V Information Disclosure Vulnerability Important 5.7 No No Info
CVE-2023-35359 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2023-35380 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2023-38154 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2023-35382 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2023-35386 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2023-38184 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability Important 7.5 No No RCE
CVE-2023-38186 Windows Mobile Device Management Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2023-35378 Windows Projected File System Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2023-36914 Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability Important 5.5 No No SFB
CVE-2023-36903 Windows System Assessment Tool Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2023-36876 Windows Task Scheduler Elevation of Privilege Vulnerability Important 7.1 No No EoP
CVE-2023-36905 Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2023-38167 Microsoft Dynamics Business Central Elevation Of Privilege Vulnerability Important 7.2 No No EoP
CVE-2023-4068 * Type Confusion in V8 High N/A No No RCE
CVE-2023-4069 * Type Confusion in V8 High N/A No No RCE
CVE-2023-4070 * Type Confusion in V8 High N/A No No RCE
CVE-2023-4071 * Heap buffer overflow in Visuals High N/A No No RCE
CVE-2023-4072 * Out of bounds read and write in WebGL High N/A No No RCE
CVE-2023-4073 * Out of bounds memory access in ANGLE High N/A No No RCE
CVE-2023-4074 * Use after free in Blink Task Scheduling High N/A No No RCE
CVE-2023-4075 * Use after free in Cas High N/A No No RCE
CVE-2023-4076 * Use after free in WebRTC High N/A No No RCE
CVE-2023-4077 * Insufficient data validation in Extensions Medium N/A No No SFB
CVE-2023-4078 * Inappropriate implementation in Extensions Medium N/A No No SFB

* Indicates this CVE had been released by a third party and is now being included in Microsoft releases.

 

There are only other Critical-rated patches being released today deals with Outlook. This is a bit odd since these types of open-and-own bugs are typically rated Important due to the needed user interaction. The exception is when the Preview Pane is an attack vector, but that’s not documented here. There’s clearly something that makes this bug stand out, but Microsoft offers no clues as to what that may be. Also note that if you use Outlook for Mac, you’ll have to wait for your update as Microsoft didn’t release it today.

Looking at the other remote code execution patches, many are the expected Important-rated Office bugs. There are additional Exchange RCEs as well, although they require the attacker to be network adjacent – meaning on the same LAN as the target. The concerning one is CVE-2023-38185, which does require authentication, but could allow an attacker to run elevated code through a network call. There are two separate bugs that require connecting to a malicious database. Also note that if you have installed Microsoft SQL Server 2022 for x64-based Systems (GDR) or Microsoft SQL Server 2019 for x64-based Systems (GDR), you are still vulnerable and need to apply this update. There’s a patch for LDAP that would allow an attacker to run code with the service’s permissions through a specially crafted LDAP call. The final RCE this month is a fix for Dynamics 365 that could be exploited by clicking a link in e-mail.

Moving on to the Elevation of Privilege (EoP) bugs receiving patches this month, the vast majority require an attacker to run a specially crafted program on an affected system. In most cases, this leads to attackers running code at SYSTEM level. The bug in Azure Arc-Enabled servers is somewhat interesting in that it affects both Linux and Windows servers. An attacker could elevate to root or administrator respectively. The bug in Windows Defender would allow an attacker to delete arbitrary files on a system. The Task Scheduler vulnerability also allows for the creation and deletion of files, but you wouldn’t be able to overwrite existing files – just delete them. The bug in .NET Framework would only yield the privileges on the application targeted. Lastly, the bug in Bluetooth would yield SYSTEM access, but only after you pair a Bluetooth device.

There are only four security feature bypass (SFB) fixes in this month’s release, and the most severe is likely the bug in the Windows Smart Card Resource Management Server. This flaw could allow an attacker to bypass the Fast Identity Online (FIDO) secure authentication feature, which effectively removes two-factor authentication. The SFB in HTML Platforms is similar to other bugs that have been exploited in the wild. An attacker could use this bug to have URLs map to the incorrect Security Zone. The SFB for Edge-Chromium is confusing as Microsoft states physical access and user interaction are required, but they don’t elaborate on either point. The bug in Group Policy would allow an attacker to read specific Group Policy configurations but not alter them.

In addition to the Exchange spoofing bug previously mentioned, there are 11 other spoofing fixes in the August release. The bugs in SharePoint act like cross-site scripting (XSS) bugs and require multiple patches to address. Be sure you install all applicable updates. The bug in Outlook could allow the disclosure of NetNTLMv2 hashes, which would allow an attacker to potentially authenticate as another user. Little information is available about the other fixes, although Microsoft notes user interaction is required for all of the other bugs. The Azure Apache cases (yes – that sounds odd to me too) require an administrator to open a malicious file.

The August release contains 10 total information disclosure fixes. Fortunately, the majority of these merely result in info leaks consisting of unspecified memory contents. One of the bugs in SharePoint could disclose the cryptically-named “sensitive information”. Thanks for narrowing that down. The other SharePoint bug could leak private property values. The bug in ASP.NET is interesting as it could be used to listen to any group or user with a specially crafted group/username. By exploiting this vulnerability, the attacker can now receive messages for group(s) that they are unauthorized to view. The Hyper-V bug could allow a guest to disclose info from the Hyper-V host, but no details on what information is available. Finally, the AMD return address predictor fix is also included in this release.

Wrapping things up, there are eight fixes for Denial-of-Service (DoS) bugs, with six of these being for the Message Queuing service. Microsoft notes user interaction is required for some of these bugs in that the bug is triggered “when a user on the target machine accesses message queuing.” However, users may not be aware which application use message queuing and unintentionally create a DoS condition on the system. No further information is available regarding the two ASP.NET DoS bugs.

The other new advisory (ADV230004) is a defense-in-depth update for the Memory Integrity System Readiness scan tool. Also known as the hypervisor-protected code integrity (HVCI), this tool for ARM64 and AMD64 processors checks for compatibility issues with memory integrity. The release update takes care of a publicly known bug. The latest servicing stack updates can be found in the revised ADV990001.

Looking Ahead

The next Patch Tuesday will be on September 12, and I’ll return with details and patch analysis then. Until then, stay safe, happy patching, and may all your reboots be smooth and clean!

...



📌 August View review: August smart doorbell has an easy-breezy install


📈 22.04 Punkte

📌 The August 2023 Security Update Review


📈 21.66 Punkte

📌 The August 2019 Security Update Review


📈 18.66 Punkte

📌 The August 2020 Security Update Review


📈 18.66 Punkte

📌 The August 2021 Security Update Review


📈 18.66 Punkte

📌 The August 2022 Security Update Review


📈 18.66 Punkte

📌 Apple's August 2023 in review - Vision Pro grows nearer, Apple TV+ gets Messi, iPhone end call button drama


📈 17.24 Punkte

📌 LifeLock Review (2023): Privacy Wizards Publish Review of Norton LifeLock Identity Theft Protection Services


📈 15.83 Punkte

📌 Steam Year in Review 2023: How to view your stats and get around 'this account's Year in Review is not shared' error


📈 15.83 Punkte

📌 Apple's August 2022 in review: iPhone 14 event looms, roaming AirTags, and more


📈 14.23 Punkte

📌 Android Security Update for August 2019 Now Rolling Out with 26 Security Fixes


📈 14.16 Punkte

📌 The January 2023 Security Update Review


📈 13.85 Punkte

📌 The March 2023 Security Update Review


📈 13.85 Punkte

📌 The April 2023 Security Update Review


📈 13.85 Punkte

📌 The May 2023 Security Update Review


📈 13.85 Punkte

📌 The October 2023 Security Update Review


📈 13.85 Punkte

📌 The September 2023 Security Update Review


📈 13.85 Punkte

📌 The July 2023 Security Update Review


📈 13.85 Punkte

📌 The June 2023 Security Update Review


📈 13.85 Punkte

📌 The November 2023 Security Update Review


📈 13.85 Punkte

📌 The December 2023 Security Update Review


📈 13.85 Punkte

📌 Outlook: Desktop-App zeigt keine Bilder; Besprechungstext schreibgeschützt (Fix für August 2023-Update)


📈 13.34 Punkte

📌 Windows 10: Update-Probleme nach August-Update


📈 12.84 Punkte

📌 Windows 10: Update-Probleme nach August-Update


📈 12.84 Punkte

📌 Windows 10: August-Update sorgt für Update-Probleme


📈 12.84 Punkte

📌 Paginated Reports August 2019 Feature Update – Report Builder Update, SaaS embedding support and what’s coming soon


📈 12.84 Punkte

📌 Android: Erstes Update für Pixel 6-Smartphones rollt aus – Google System Updates & August-Update verzögert


📈 12.84 Punkte

📌 Ubuntu Budgie 18.04 Review - Linux Distro Review


📈 12.83 Punkte

📌 Review that! Fake TripAdvisor review peddler sent to jail


📈 12.83 Punkte

📌 Filmora9 Review: A Hands-on Honest Review


📈 12.83 Punkte

📌 HPR3099: Linux Inlaws S01E08 The review of the review


📈 12.83 Punkte

📌 Kyocera DuraForce Ultra 5G UW review review: Verizon rugged smartphone built to get work done everywhere


📈 12.83 Punkte











matomo