Microsoft has released its security update for August, addressing a total of 74 vulnerabilities. Among these, one particular vulnerability is actively being exploited by attackers. The company has identified six critical vulnerabilities and 67 other important vulnerabilities that organizations should prioritize patching.
The security update covers various types of vulnerabilities, including remote code execution, privilege escalation, security bypass, and information disclosure or denial-of-service issues. The affected Microsoft technologies include Windows, Office, Azure Active Directory, and other related products.
Compared to the July update, the workload for security administrators is significantly lighter this month. July’s update addressed a whopping 130 unique vulnerabilities, including five zero-day bugs. As usual, security experts highlighted the zero-day bug in this month’s release as a high-priority issue that organizations should address promptly.
The zero-day vulnerability, known as CVE-2023-38180, is a denial-of-service flaw affecting multiple versions of .Net and Visual Studio. Microsoft has confirmed that attackers are actively exploiting this vulnerability in the wild. The flaw has a network attack vector with a low complexity of attack, requiring no privileges or user interaction. While its CVSS rating is 7.5, which is not categorized as high, it can result in a denial of service, causing system crashes.
To exploit CVE-2023-38180, an attacker must be on the same network as the target system. However, user privileges are not required for successful exploitation, making it a significant concern for organizations.
In addition to this zero-day bug, Microsoft’s August security update also included a defense-in-depth update for a previously disclosed remote code execution vulnerability. Tracked as CVE-2023-36884, this vulnerability allows attackers to compromise affected systems using malicious Word documents. Microsoft disclosed this vulnerability in July, following reports of Russian threat group Storm-0978 utilizing it to drop a backdoor called RomCom on government and military systems in Ukraine, Europe, and parts of North America. Applying the update can help organizations protect against the attack chain associated with CVE-2023-36884.
The August update also addresses several remote code execution vulnerabilities assessed as critical by Microsoft. Among them are CVE-2023-36910, CVE-2023-36911, and CVE-2023-35385. CVE-2023-36910 affects Microsoft Message Queuing on various Windows systems and allows remote attackers to run arbitrary code without user privileges. While MSMQ is no longer enabled by default, any enabled device remains at risk.
CVE-2023-36911 and CVE-2023-35385 are two other critical remote code execution vulnerabilities in Microsoft Message Queuing. Like CVE-2023-36910, these vulnerabilities exploit the network and require no user interaction or privileges. However, there are mitigations available to reduce the risk associated with these vulnerabilities.
Additionally, the August update addresses several elevation-of-privilege vulnerabilities in the Windows kernel. These vulnerabilities allow attackers to escalate privileges on compromised machines, gaining full control over them. The flaws affect multiple versions of Windows, including Windows Server 2008 to Windows Server 2022 and Windows 11. Attackers commonly exploit these vulnerabilities after a phishing attack or exploiting a vulnerable service. Some of the vulnerabilities in this category include CVE-2023-35359, CVE-2023-35380, CVE-2023-35382, and CVE-2023-35386.
Furthermore, Microsoft has patched six vulnerabilities in Microsoft Exchange Server in the August update. One of these, CVE-2023-21709, has a high CVSS score of 9.8. However, the threat level depends on the strength of the password requirements in the environment. The vulnerability can only be exploited through brute-force attacks targeting valid user accounts. Strong passwords considerably reduce the risk of successful brute-force attempts. The remaining five vulnerabilities in Exchange Server include a spoofing flaw and remote code execution bugs, with the most severe requiring credentials for a valid account.
Overall, organizations should prioritize patching the identified vulnerabilities without delay. As cyber threats evolve continuously, prompt security updates are crucial to maintaining a robust defense against potential exploitation. By keeping their systems up to date, organizations can mitigate the risks associated with these vulnerabilities and bolster their cybersecurity posture.