*Important note: These are not the only vulnerabilities that were recently released; however, these are the vulnerabilities RedLegg has identified as critical and require immediate attention. Vulnerabilities are indexed in order according to evidence of active exploitation and level of severity.
VULNERABILITIES
Microsoft WordPad Information Disclosure Vulnerability
Identifier: CVE-2023-36563
Exploit or POC: Yes (Active Exploitation Detected)
Update Guide: CVE-2023-36563 – Security Update GuideDescription: CVE-2023-36563 could allow unauthorized system information to be disclosed, specifically NTLM hashes. User interaction is not required for successful exploitation. An adversary could exploit this vulnerability by running a specially crafted application on a target system or employ social engineering tactics by convincing a user to click on an ill-intended link via email or instant message.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions mentioned in the CVE-2023-36563 – Security Update Guide.
MITRE: CVE-2023-44487 HTTP/2
Rapid Reset Attack
Identifier: CVE-2023-44487
Exploit or POC: Yes (Active Exploitation Detected)
Update Guide: CVE-2023-44487 – Security Update GuideDescription: CVE-2023-44487 allows for denial of service. The HTTP/2 protocol could result in server resource consumption due to request cancellation, allowing many streams to be reset quickly.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions mentioned in the CVE-2023-44487 – Security Update Guide.
Skype for Business Elevation of Privilege Vulnerability
Identifier: CVE-2023-41763
Exploit or POC: Yes (Active Exploitation Detected)
Update Guide: CVE-2023-41763 – Security Update GuideDescription: CVE-2023-41763 allows for elevation of privileges. User interaction is not required for successful exploitation. This vulnerability could allow an adversary to send specially crafted network calls to a targeted Skype for Business server, thereby allowing the http request to be parsed to an arbitrary address. Subsequently, disclosing IP addresses and/or port numbers to the adversary.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions mentioned in the CVE-2023-41763 – Security Update Guide.
Microsoft Message Queuing Remote Code Execution Vulnerability
Identifier: CVE-2023-35349
Exploit or POC: No evidence of exploitation detected.
Update Guide: CVE-2023-35349 – Security Update GuideDescription: CVE-2023-35349 allows for remote code execution. Authentication and user interaction are not required to exploit this vulnerability. Successful exploitation could allow an adversary to execute code arbitrarily on a target server.
Mitigation recommendation: Mitigation steps are included in the CVE-2023-35349 – Security Update Guide.
Windows IIS Server Elevation of Privilege Vulnerability
Identifier: CVE-2023-36434
Exploit or POC: No evidence of exploitation detected.
Update Guide: CVE-2023-36434 – Security Update GuideDescription: CVE-2023-26434 allows for elevation of user privileges. User interaction is not required for successful exploitation. CVE-2023-36434 could allow an adversary to carry out a brute force attack and obtain user account passwords.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions mentioned in the CVE-2023-36434 – Security Update Guide.
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
Identifier: CVE-2023-36577
Exploit or POC: No evidence of exploitation detected.
Update Guide: CVE-2023-36577 – Security Update GuideDescription: CVE-2023-36577 allows for remote code execution. User interaction is required to exploit this vulnerability. An adversary could employ social engineering tactics to convince a target user to establish a connection with a malicious SQL database via SQL client application to send specific replies and permit execution of remote code.
Mitigation recommendation: Mitigation steps are included in the CVE-2023-36577 – Security Update Guide.
Microsoft Office Elevation of Privilege Vulnerability
Identifier: CVE-2023-36569
Exploit or POC: No evidence of exploitation detected.
Update Guide: CVE-2023-36569 – Security Update GuideDescription: CVE-2023-36569 allows for elevation of privileges. User interaction is not required for successful exploitation. CVE-2023-36569 could allow an adversary to achieve SYSTEM level privileges.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions mentioned in the CVE-2023-36569 – Security Update Guide.
Layer 2 Tunneling Protocol Remote Code Execution Vulnerability
Identifier: CVE-2023-38166
Exploit or POC: No evidence of exploitation detected.
Update Guide: CVE-2023-38166 – Security Update GuideDescription: CVE-2023-38166 allows for remote code execution. Authentication and user interaction are not required for successful exploitation. CVE-2023-38166 can be exploited by sending specially crafted protocol messages to a Routing and Remote Access Service (RRAS) server, allowing for remote code execution on the RAS server. An adversary attempting to exploit this vulnerability would need to win a race condition for successful exploitation.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions mentioned in the CVE-2023-38166 – Security Update Guide.
Layer 2 Tunneling Protocol Remote Code Execution Vulnerability
Identifier: CVE-2023-41765
Exploit or POC: No evidence of exploitation detected.
Update Guide: CVE-2023-41765 – Security Update GuideDescription: CVE-2023-41765 allows for remote code execution. Authentication and user interaction are not required for successful exploitation. CVE-2023-41765 can be exploited by sending specially crafted protocol messages to a Routing and Remote Access Service (RRAS) server, allowing for remote code execution on the RAS server. An adversary attempting to exploit this vulnerability would need to win a race condition for successful exploitation.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions mentioned in the CVE-2023-41765 – Security Update Guide.
