Microsoft Patch Tuesday: 74 CVEs plus 2 “Exploit Detected” advisories
The August 2023 Microsoft security updates have been released, addressing a total of 74 CVE-numbered bugs. This month’s Patch Tuesday comes early, as the first day of the month falls on a Tuesday. Notably, the official bug listing page features two special items labeled “Exploitation Detected.” These items, Microsoft Office: ADV230003 and Memory Integrity System Readiness Scan Tool: ADV230004, are typically referred to as zero-day vulnerabilities, indicating that they were discovered and exploited by cyber attackers before being patched. However, these items do not align directly with any of this month’s CVE numbers.
Mark of the Web Problems
The first advisory, ADV230003, is related to security improvements in Office to address the CVE-2023-36884 vulnerability. This vulnerability was classified as a zero-day until it was patched in the July 2023 security updates. The bug is related to Microsoft‘s Mark of the Web (MotW) system, which tags files that are downloaded from the internet as untrusted. This system aims to protect users from opening potentially harmful files. However, attackers often find ways to bypass the MotW labeling system to deliver untrusted content in a way that users may not remember later on. While this bug was patched last month, it still counts as an Exploitation Detected issue due to historical exploitation before the patch was available.
The second advisory, ADV230004, does not mention any CVE numbers. It addresses a vulnerability in the Memory Integrity System Readiness Scan Tool, which checks for compatibility issues with memory integrity. The original version of this tool was published without a RSRC section, which contains resource information for a module. It is unclear how the original version was able to run without this key component, how it passed quality assurance tests in an incomplete state, and why the missing resource section made the file vulnerable to exploitation.
Other Noteworthy Fixes
Aside from the Exploitation Detected advisories, there are three notable updates this month with high cybersecurity danger scores on the CVSS scale. These include:
- Microsoft Exchange Server: CVE-2023-21709, with a CVSS danger score of 9.8/10.
- Microsoft Teams: CVE-2023-29328, with a CVSS danger score of 8.8/10.
- Microsoft Teams: CVE-2023-29330, with a CVSS danger score of 8.8/10.
The Exchange Server vulnerability may not directly allow attackers to run untrusted code, but it does provide a way for them to attack and recover passwords for other users, potentially gaining unauthorized access to legitimate accounts. The two Teams vulnerabilities are critical, as they could lead to remote code execution. However, exploiting these vulnerabilities requires luring victims into joining booby-trapped Teams meetings.
Beware Rogue Meeting Invitations
To defend against the Teams vulnerabilities, it is crucial to not only apply patches promptly but also exercise caution when accepting online meeting invitations. Even if you trust the sender, it is important to consider their computer’s security and the possibility of their account being compromised. If there is any doubt, it is best to decline the invitation. Additionally, if you suspect someone’s account has been hijacked, it is not advisable to ask them via the same service if the request is genuine. Attackers could impersonate the affected user and provide false reassurances.
Conclusion
Keeping software up to date with the latest security patches is essential for protecting against known vulnerabilities and mitigating the risk of exploitation. Although the two Exploitation Detected advisories may not align directly with this month’s CVE numbers, the historical exploitation of these vulnerabilities underscores the importance of promptly applying patches. As cyber threats continue to evolve, it is crucial for individuals and organizations to prioritize cybersecurity measures and stay vigilant against potential risks.
<< photo by Hatice Baran >>
The image is for illustrative purposes only and does not depict the actual situation.
You might want to read !
- Russian Hackers’ New Tactics: Shifting from Disruption to Subversion
- Bridging the Digital Divide: Bridging the Gap Between Customers and the Cloud
- Replying to the question: “Planting ideas in a computer’s head: Researchers find new attack on AMD computer chips”
Title: Unleashing the Mindscape: Unveiling a Novel Attack on AMD Computer Chips
- Patch Tuesday Unveils Critical Adobe Acrobat and Reader Updates to Fix 30 Vulnerabilities
- Microsoft’s Patch Tuesday: Key Insights and Learnings
- Adobe’s Patch Tuesday: Addressing Critical Flaws in InDesign and ColdFusion
- Unraveling the Web: Enhancing DDoS Detection through Network Chaos Analysis
- The Cyber Frontier: How North Korea’s Espionage Breach Puts Russian Rocket Bureau at Risk
- Microsoft’s August Update: A Comprehensive Fix for 74 CVEs
- Securing Critical Infrastructure: Siemens Addresses Vulnerabilities in Ruggedcom Products
- Vulnerability Trends in Critical Infrastructure Sector: Insights by SynSaber and ICS Advisory Project
- US Internet Hosting Company: A Breeding Ground for Global Cybercrime?
