overview
This week, Microsoft patched six vulnerabilities tracked as CVE-2023-36025, CVE-2023-36033, CVE-2023-36036, CVE-2023-36038, CVE-2023-36052, and CVE-2023-36413. Microsoft addressed a total of 63 security bugs but the previously mentioned are the most significant.
The Vulnerabilities:
- CVE-2023-36036 (CVSS score: 7.8): Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability. Attackers can obtain system-level privileges. This vulnerability has a PoC and is being exploited in the wild.
- CVE-2023-36033 (CVSS score: 7.8): Windows DWM Core Library Elevation of Privilege Vulnerability. This vulnerability allows local attackers to access system-level privileges with ease. This vulnerability has a PoC and is being exploited in the wild.
- CVE-2023-36025 (CVSS score: 8.8): Windows SmartScreen Security Feature Bypass Vulnerability. Attackers can bypass Windows Defender SmartScreen checks. This vulnerability is being exploited in the wild.
- CVE-2023-36038 (CVSS score: 8.2): ASP.NET Core Denial of Service Vulnerability. This vulnerability has not been exploited in the wild yet.
- CVE-2023-36413 (CVSS score: 6.5): Microsoft Office Security Feature Bypass Vulnerability. This vulnerability has not been exploited in the wild yet.
Microsoft states that CVE-2023-36052, an information disclosure flaw in an Azure component, is critical and should be prioritized for patching. If the vulnerability is successfully exploited, an attacker can retrieve plain-text passwords and usernames from log files generated by the impacted CLI commands and disclosed through Azure DevOps and/or GitHub Actions. So far, the vulnerability has not been exploited in the wild. Please note that other vendors have also released security updates to address vulnerabilities. Ensure that your entire software ecosystem is up-to-date.
Vendors with Security Updates:
|
Adobe |
AMD (including CacheWarp) |
Android |
|
Apache Projects |
Apple |
Aruba Networks |
|
Arm |
ASUS |
Atlassian |
|
Cisco |
CODESYS |
Dell |
|
Drupal |
F5 |
Fortinet |
|
GitLab |
Google Chrome |
Hitachi Energy |
|
HP |
IBM |
Intel (including Reptar) |
|
Jenkins |
Juniper Networks |
Lenovo |
|
Linux distributions: Debian, Oracle Linux, Red Hat, SUSE, and Ubuntu |
MediaTek |
Mitsubishi Electric |
|
NETGEAR |
NVIDIA |
Palo Alto Networks |
|
Qualcomm |
Samsung |
SAP |
|
Schneider Electric |
Siemens |
SolarWinds |
|
SonicWall |
SysAid |
Trend Micro |
|
Veeam |
Veritas |
VMware |
|
WordPress |
Zimbra |
Zyxel |
avertium’s recommendationS
Avertium recommends following Microsoft’s patch guidance within the following links for CVE-2023-36025, CVE-2023-36033, CVE-2023-36036, CVE-2023-36038, CVE-2023-36052, and CVE-2023-36413.
INDICATORS OF COMPROMISE (IoCs)
Domain
- asp[.]net
Avertium remains vigilant in locating IoCs for our customers. Should any more be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.
How Avertium is Protecting Our CUSTOMERS
- Fusion MXDR for Microsoft combines Avertium’s Fusion MXDR approach with Microsoft Security Solutions, creating the first MDR offering that integrates all aspects of security operations into an active and threat-informed XDR solution. Leveraging Microsoft’s comprehensive and cost-effective technology, Fusion MXDR for Microsoft delivers a release of cyber energy, encompassing implementation, optimization, ongoing management, and tuning.
- Avertium offers Vulnerability Management (VM) to provide a deeper understanding and control over organizational information security risks. If your enterprise is facing challenges with the scope, resources, or skills required to implement a vulnerability management program with your team, outsourced solutions can help you bridge the gap.
- Note: We highly value your feedback. Kindly spare a moment to complete our feedback form, allowing us to enhance our services for our valued customers.
SUPPORTING DOCUMENTATION