Microsoft fixed 75 security flaws in its second Patch Tuesday of 2023, including 3 that were exploited in the wild. 9 Common Vulnerabilities and Exposures (CVEs) were rated ‘Critical’ and 66 rated as ‘Important’ which includes two undisclosed vulnerabilities that are already being exploited by attackers.
Below is a summary of some of the patched vulnerabilities.
Notable and Critical Microsoft Vulnerabilities
Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution:
- CVE-2023-21689, CVE-2023-21690 and CVE-2023-21692 are RCE vulnerabilities in Windows OS and have been allocated a CVSSv3 score of 9.8. Microsoft PEAP is a secure implementation of Extensible Authentication Protocol (EAP) that provides encryption and authenticated Transport Layer Security (TLS) tunnel to establish secure connections with wireless clients. Successful exploitation allows a remote, unauthenticated attacker to execute arbitrary code. For the target to be vulnerable, it must be running Network Policy Server and configured with a network policy that allows PEAP. All 3 vulnerabilities do not require special privileges or user interaction.
Windows iSCSI Discovery Service Remote Code Execution Vulnerability:
- CVE-2023-21803 affects only 32 bit versions of Windows. This vulnerability can be exploited by sending a malicious crafted DHCP discovery request to a Windows Host running iSCSI Discovery Service. In case of successful exploitation, the attacker will be able to execute code remotely. The vulnerability can only be exploited if the iSCSI initiator client application is running. The iSCSI client application is not enabled by default.
Windows Common Log File System Driver Elevation of Privilege Vulnerability
- CVE-2023-23376 is an Elevation of Privilege Vulnerability in Windows OS that has been exploited in the wild. The vulnerability exists in the Common Log File System (CLFS) Driver, a logging service used by kernel-mode and user-mode applications. It can be exploited after an attacker has gained access to a vulnerable target in order to gain SYSTEM privileges.
Windows Graphics Component Elevation of Privilege Vulnerability
- CVE-2023-21823 is another Elevation of Privilege Vulnerability that has been exploited in the wild as a zero day. It affects Windows Graphics components used in various products such as Windows OS, Office desktop and Mobile apps. Exploitation of this flaw requires an attacker to log onto a vulnerable system and execute a specially crafted application. Successful exploitation will help the attacker gain and execute code with SYSTEM privileges.
Nearly half of the CVEs disclosed by Microsoft this month are Remote Code Execution (RCE) Vulnerabilities. The impact of an RCE vulnerability can range from malware execution to an attacker gaining full control over a compromised system. It is highly recommended to keep all systems up to date in order to mitigate or minimize the risk of an unfortunate event.
Runecast protects you against all of these
At Runecast we ensure that all the operating systems vulnerabilities are covered, so you can focus on mitigating threats and ensuring your system is running safe and secure. We keep you updated about the latest vulnerabilities, exploits and security compliance research and pride ourselves on responding quickly and decisively to key news in the IT Security and Operations spaces.
Runecast is an AI-powered platform that gives you complete visibility and control over potential vulnerabilities in your environment. It provides best practices, risk-based vulnerability management, security and compliance to ensure every aspect of your environment is protected. In addition, Runecast also provides explicit instructions and generates custom remediation scripts, ensuring rapid compliance within the environment. The Runecast platform can be deployed to AWS, Azure, Google Cloud, Kubernetes, and VMware environments and operates securely on-premises.
Meet other Runecasters here:
Run Secure and Compliant Workloads Anywhere
Detect and assess risks and be fully compliant in minutes.