*Important note: These are not the only vulnerabilities that have been recently released; however, these are the vulnerabilities RedLegg has identified as critical and require immediate attention.
VULNERABILITIES
Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability
Identifier: CVE-2023-36802
Exploit or POC: Yes (Active Exploitation Detected)
Update Guide: CVE-2023-36802 – Security Update Guide
Description: CVE-2023-36802 allows for system level of elevated privileges. Successful exploitation could allow an adversary to achieve elevated SYSTEM permissions.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions mentioned in the CVE-2023-36802 – Security Update Guide.
Microsoft Word Information Disclosure Vulnerability
Identifier: CVE-2023-36761
Exploit or POC: Yes (Active Exploitation Detected)
Update Guide: CVE-2023-36761 – Security Update Guide
Description: CVE-2023-36761 allows for authentication protocol data leak. Successful exploitation could allow NTLM hashes to be exposed and accessible to an adversarial threat.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions mentioned in the CVE-2023-36761 – Security Update Guide.
Internet Connection Sharing (ICS) Remote Code Execution Vulnerability
Identifier: CVE-2023-38148
Exploit or POC: No evidence of exploitation detected.
Update Guide: CVE-2023-38148 – Security Update Guide
Description: CVE-2023-38148 allows for remote code execution. User interaction is not required to successfully exploit this vulnerability. This vulnerability could allow an adversary to send specifically crafted network packets to the Internet Connection Sharing (ICS) Service.
Mitigation recommendation: Mitigation steps listed here: CVE-2023-38148 – Security Update Guide.
Azure DevOps Server Remote Code Execution Vulnerability
Identifier: CVE-2023-33136
Exploit or POC: No evidence of exploitation detected.
Update Guide: CVE-2023-33136 – Security Update Guide
Description: CVE-2023-33136 allows for remote code execution. User interaction is not required to successfully exploit this vulnerability. Successful exploitation of this vulnerability requires an adversary to have previously acquired Queue Build permissions on an Azure DevOps pipeline that has an overridable variable. This could allow an adversary to perform remote code execution by injecting malicious code via a runtime parameter.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions mentioned in the CVE-2023-33136 – Security Update Guide.
Microsoft SharePoint Server Elevation of Privilege Vulnerability
Identifier: CVE-2023-36764
Exploit or POC: No evidence of exploitation detected.
Update Guide: CVE-2023-36764 – Security Update Guide
Description: CVE-2023-36764 allows for elevation of privileges. User interaction is not required. However, authentication is a perquisite to successfully exploit this vulnerability. This vulnerability can be exploited by the creation of an ASP.NET page with specially crafted declarative markup. Successful exploitation could allow an adversary to execute remote code that could allow access to a target victim’s information and make changes to the compromised data.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions mentioned in the CVE-2023-36764 – Security Update Guide.
Microsoft Exchange Server Remote Code Execution Vulnerability
Identifier: CVE-2023-36744, CVE-2023-36745, CVE-2023-36756
Exploit or POC: No evidence of exploitation detected.
Update Guide: CVE-2023-36744 – Security Update Guide, CVE-2023-36745 – Security Update Guide, and CVE-2023-36756 – Security Update Guide
Description: CVE-2023-36744, CVE-2023-36745, and CVE-2023-36756 allow for remote code execution. User interaction and authentication are required to successfully exploit this vulnerability. This vulnerability could allow an adversary to perform execute remote code to allow access to a target victim’s information and the ability to modify data. Successful exploitation could potentially cause downtime for the target environment.
Mitigation recommendation: Patching is currently the only method of mitigation. Update to the latest software versions mentioned in the CVE-2023-36744 – Security Update Guide, CVE-2023-36745 – Security Update Guide, and CVE-2023-36756 – Security Update Guide.
