In a consistent bid to maintain the security of its software, Microsoft patched a total of 74 vulnerabilities as part of its regular Patch Tuesday updates for August 2023. This was remarkable decrease in the number of fixes when compared to the previous month's 132. These latest patches include six vulnerabilities rated as 'Critical' and 67 as 'Important'.
In addition to these fixes, Microsoft took further defensive steps by releasing updates for Microsoft Office (ADV230003), and the Memory Integrity System Readiness Scan Tool (ADV230004). Interestingly, since the release of Patch Tuesday in July 2023, Microsoft's Chromium-based Edge browser found and resolved 31 different issues, maintaining a robust stance on cybersecurity.
Among the numerous issues resolved, an already known bug tracked as CVE-2023-36884, held special prominence. This remote code execution flaw had been affecting Office and Windows HTML, and was actively exploited by the Russian-linked threat group named RomCom. Typically active in Ukraine, Eastern Europe and North America, the group targeted their strikes heavily towards pro-Ukraine entities.
Microsoft has stressed the importance of installing their most recent updates to disrupt the attack chain that leads to the exploitation of this remote code execution flaw. The Memory Integrity System Readiness scan tool received an update too, addressing a publicly known issue where the version was first published without a RSRC section, a point vital for the resource information of a module.
Microsoft also targeted remote code execution flaws in their teams and Microsoft Message Queuing (MSMQ) alongside spoofing vulnerabilities prevalent in Azure Apache Hadoop, Azure Apache Hive, Azure Apache Oozie, Azure DevOps Server, Azure HDInsight Jupyter, Azure Apache Ambari and .NET Framework. Besides, six DoS and two information disclosure flaws in MSMQ were rectified, following the identification of several other problems in the service.
Remote code execution vulnerabilities in Exchange Server were identified as CVE-2023-35388, CVE-2023-38182, and CVE-2023-38185. Notably, the first two come with an "Exploitation More Likely" assessment. Natalie Silva from Immersive Labs has explained that the exploitation is restricted due to the need for an adjacent attack vector and valid exchange credentials, meaning that the attacker needs to be connected to the targeted network and authenticate as a valid Exchange user before exploiting these vulnerabilities. A skilled attacker who manages to achieve this can carry out remote code execution via a PowerShell remoting session.
A proof-of-concept (PoC) exploit for a DoS vulnerability in .NET, and Visual Studio (CVE-2023-38180) was also recognized by Microsoft, although it's not functional in all situations and would require substantial modification by a skilled attacker to be effective. The update ended with patches for five privilege escalation flaws in the Windows Kernel which could be exploited locally to gain SYSTEM privileges by a competent threat actor.
Beyond Microsoft's enduring commitment to software security, several other vendors have also released updates to resolve numerous vulnerabilities in the recent past. Stay updated and secure: subscribing to daily cyber security news, insights and tips can help you stay one step ahead in this digital environment.
At Darksteel Technologies, we are an Orlando based business that can handle all aspects of your IT security. Providing compliance, training, malware protection, cloud security, devsecops, vulnerability management, penetration testing, architecture design and any other information security requirement your business needs. We focus on your cybersecurity so you don't have to.