Microsoft‘s October Patch Tuesday: Addressing Critical Vulnerabilities
In the latest Patch Tuesday update from Microsoft, the computing giant has flagged two zero-day vulnerabilities that are under active attack. These vulnerabilities impact Microsoft WordPad and Skype for Business and pose significant risks to vulnerable systems. Additionally, a critical-rated bug in Message Queuing could have severe consequences for system administrators.
Zero-Day Vulnerabilities in WordPad and Skype for Business
The first vulnerability, CVE-2023-36563, is an information-disclosure bug in WordPad. This vulnerability could lead to NTLM relay attacks by exposing NTLM hashes. To exploit this vulnerability, an attacker would need to gain access to the system and run a specially crafted application or convince a user to open a malicious file. Microsoft recommends applying the patch and, for Windows 11 users, blocking outbound NTLM over SMB to mitigate the risk.
The second vulnerability, CVE-2023-41763, affects Skype for Business and can result in the disclosure of sensitive information, including IP addresses and port numbers. While it is listed as an elevation-of-privilege issue, it should be treated as an information disclosure problem. Attackers can exploit this vulnerability by initiating a specially crafted network call to the targeted Skype for Business server. Like the previous vulnerability, patching is crucial to mitigate the risk.
Facing the Menace of Microsoft Message Queuing Vulnerabilities
Of particular concern in this Patch Tuesday update are the 20 different vulnerabilities related to Microsoft Message Queuing (MSMQ). One of these vulnerabilities, CVE-2023-35349, holds the distinction of being the most severe issue of the month, earning a CVSS critical score of 9.8 out of 10. This vulnerability allows unauthenticated remote code execution (RCE) without user interaction, making it wormable on systems where Message Queuing is enabled.
MSMQ is a communication tool that facilitates the exchange of information between servers and hosts. While it is not enabled by default, Microsoft Exchange Server can enable it during installation. Enterprises should immediately patch this vulnerability and consider blocking communications on TCP Port 1801 from untrusted connections via the firewall for additional mitigation.
Other Critical Vulnerabilities to Address
Aside from the WordPad and Skype for Business vulnerabilities and the MSMQ issues, there are several other critical vulnerabilities that organizations should prioritize.
CVE-2023-36434, an elevation-of-privilege vulnerability in Windows IIS Server, allows an attacker to log on to an affected server as another user. Despite the need for an existing presence in the network, brute force attacks can easily automate the exploitation of this vulnerability. Organizations using IIS should treat this update as critical and patch promptly.
Nine RCE vulnerabilities in the Layer 2 Tunneling Protocol with CVSS scores of 8.1 also demand attention. These vulnerabilities have a network-based attack vector and require no user interaction. Exploiting them involves overcoming a race condition, which can be achieved by sending a carefully crafted protocol message to a Routing and Remote Access Service (RRAS) server.
CVE-2023-36577, an RCE vulnerability in Microsoft Windows Data Access Components (WDAC) OLE DB provider for SQL Server, allows an attacker to execute arbitrary code by convincing a user to connect to a malicious database. Organizations can mitigate this risk by configuring the environment to connect only to trusted servers and enforcing certificate validation.
Addressing End-of-Life Software and Newly Disclosed Vulnerabilities
This Patch Tuesday update also includes the last updates for Windows 11 21H2 and Microsoft Server 2012/2012 R2, which will enter Extended Security Support (ESU) starting in November. Organizations relying on these versions should plan to upgrade to newer versions or subscribe to ESU to receive ongoing updates.
Additionally, the update covers a patch for the recently disclosed HTTP/2 Rapid Reset distributed denial of service (DDoS) vulnerability and an external Chromium flaw affecting Microsoft Edge.
Conclusion
Microsoft‘s October Patch Tuesday addresses critical vulnerabilities that pose significant risks to various components of their software portfolio. System administrators and users must prioritize patching and implementing recommended mitigations to protect against potential exploitation. It is crucial to regularly update software and systems to stay ahead of evolving cyber threats and ensure the overall security and integrity of digital environments.
<< photo by Henry Be >>
The image is for illustrative purposes only and does not depict the actual situation.
You might want to read !
- Endpoint Malware Volumes Decline as Campaigns Push Boundaries: WatchGuard Threat Lab Report
- The New California Delete Act: Data Broker Regulations Reinforced
- Chinese APT Tied to Atlassian Confluence Attacks: Microsoft Exposes the Source
- ICS Patch Tuesday: Examining the Impact of Nozomi Component Flaws on Siemens Ruggedcom Devices
- ICS Patch Tuesday: Examining the Security Vulnerabilities Impacting Siemens Ruggedcom Devices
- “Microsoft’s Patch Tuesday: A Challenging Battle Against Zero-Days and a Wormable Bug”
- Why iPhone Users Must Update Immediately to Patch 2 Zero-Day Vulnerabilities
- A Closer Look: Uncovering Two Critical Flaws in Curl Library’s Security Patch
- iOS 16 Update: Strengthening Security with Apple’s Latest Release
