*Important note: These are not the only vulnerabilities that have been recently released; however, these are the vulnerabilities RedLegg has identified as critical and require immediate attention.
VULNERABILITIES
Microsoft Exchange Server Elevation of Privilege Vulnerability
Identifier: CVE-2023-21709
Exploit or POC: No
Update Guide: CVE-2023-21709 – Security Update Guide
Description: CVE-2023-21709 allows for an elevation of privilege where an attacker could be able to login as another user successfully. User interaction is not required for successful exploitation. This vulnerability could allow an adversary to brute force the password for a user account.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions mentioned in the CVE-2023-21709 – Security Update Guide.
Microsoft Teams Remote Code Execution Vulnerability
Identifier: CVE-2023-29328
Exploit or POC: No
Update Guide: CVE-2023-29328 – Security Update Guide
Description: CVE-2023-29328 allows for remote code execution. User interaction is required for successful exploitation. This vulnerability could allow an adversary to lure a user into joining a malicious Teams meeting. An adversary who has successfully exploited this vulnerability may be able to access victim information and modify it. Successful exploitation may also lead to a temporary Denial of Service.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions mentioned in the CVE-2023-29328 – Security Update Guide.
Microsoft Teams Remote Code Execution Vulnerability
Identifier: CVE-2023-29330
Exploit or POC: No
Update Guide: CVE-2023-29330 – Security Update Guide
Description: CVE-2023-29330 allows for remote code execution. User interaction is required for successful exploitation. This vulnerability could allow an adversary to lure a user into joining a malicious Teams meeting. An adversary who has successfully exploited this vulnerability may be able to access victim information and modify it. Successful exploitation may also lead to a temporary Denial of Service.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions mentioned in the CVE-2023-29330 – Security Update Guide.
Microsoft Exchange Remote Code Execution Vulnerability
Identifier: CVE-2023-35368
Exploit or POC: No
Update Guide: CVE-2023-35368 – Security Update Guide
Description: CVE-2023-35368 allows for remote code execution. User interaction is not required for successful exploitation. An adversary who successfully exploits this vulnerability may be able retrieve the Net-NTLMv2 hash and leverage it for further attacks, such as an NTLM relay attack.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions mentioned in the CVE-2023-35368 – Security Update Guide.
Windows Fax Service Remote Code Execution Vulnerability
Identifier: CVE-2023-35381
Exploit or POC: No
Update Guide: CVE-2023-35381 – Security Update Guide
Description: CVE-2023-35381 allows for remote code execution. User interaction is required for successful exploitation. An adversary may be able to craft a file designed to exploit a vulnerability in the Windows Fax Service to achieve remote code execution.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions mentioned in the CVE-2023-35381 – Security Update Guide.
Microsoft Message Queuing Remote Code Execution Vulnerability
Identifier: CVE-2023-35385
Exploit or POC: No
Update Guide: CVE-2023-35385 – Security Update Guide
Description: CVE-2023-35385 allows for remote code execution. User interaction is not required for successful exploitation. An adversary may be able to remotely execute code on an affected endpoint without authenticating to it.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions mentioned in the CVE-2023-35385 – Security Update Guide.
Windows Bluetooth A2DP driver Elevation of Privilege Vulnerability
Identifier: CVE-2023-35387
Exploit or POC: No
Update Guide: CVE-2023-35387 – Security Update Guide
Description: CVE-2023-35387 allows for elevation of privileges. User interaction is required for successful exploitation. An adversary may be able to exploit the Windows Bluetooth driver by pairing with the victim endpoint over Bluetooth and exploiting this vulnerability and elevating user permissions to the SYSTEM.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions mentioned in the CVE-2023-35387 – Security Update Guide.
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
Identifier: CVE-2023-36882
Exploit or POC: No
Update Guide: CVE-2023-36882 – Security Update Guide
Description: CVE-2023-36882 allows for remote code execution. User interaction is required for successful exploitation. An adversary may be able to remotely execute code by enticing a user to visit a malicious SQL database.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions mentioned in the CVE-2023-36882 – Security Update Guide.
Microsoft Message Queuing Remote Code Execution Vulnerability
Identifier: CVE-2023-36910
Exploit or POC: No
Update Guide: CVE-2023-36910 – Security Update Guide
Description: CVE-2023-36910 allows for remote code execution. User interaction is not required for successful exploitation. An adversary may be able to remotely execute code by sending a malicious MSMQ packet to the message queuing server.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions mentioned in the CVE-2023-36910 – Security Update Guide.
Microsoft Message Queuing Remote Code Execution Vulnerability
Identifier: CVE-2023-36911
Exploit or POC: No
Update Guide: CVE-2023-36911 – Security Update Guide
Description: CVE-2023-36911 allows for remote code execution. User interaction is not required for successful exploitation. Successful exploitation of this vulnerability may allow an adversary to remotely execute code on an affected endpoint.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions mentioned in the CVE-2023-36911 – Security Update Guide.
Microsoft Exchange Server Spoofing Vulnerability
Identifier: CVE-2023-38181
Exploit or POC: No
Update Guide: CVE-2023-38181 – Security Update Guide
Description: CVE-2023-38181 allows for spoofing. User interaction is not required for successful exploitation. An authenticated adversary could exploit this vulnerability by leveraging PowerShell remoting to retrieve a copy of a user’s Net-NTLMv2 hash for further misuse. This vulnerability can be remotely leveraged.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions mentioned in the CVE-2023-38181 – Security Update Guide.
Microsoft Exchange Server Remote Code Execution Vulnerability
Identifier: CVE-2023-38185
Exploit or POC: No
Update Guide: CVE-2023-38185 – Security Update Guide
Description: CVE-2023-38185 allows for remote code execution. User interaction is not required for successful exploitation. An authenticated adversary could exploit this vulnerability by executing malicious code via a network call initiated by the server account.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions mentioned in the CVE-2023-38185 – Security Update Guide.
