Patch Tuesday - 6 kritische CVEs und 2 Zero-Day-Schwachstellen
Microsoft released its monthly security updates on August 8, 2023. The updates fixed two zero-day vulnerabilities that were known to be exploited in the wild. Six of the 87 vulnerabilities patched were rated as critical and 68 as important. Remote code execution vulnerabilities increased again with 23 RCE vulnerabilities being fixed.
Werfen wir einen genaueren Blick auf die interessantesten Aktualisierungen in diesem Monat.
⭕ Notable Critical Microsoft Vulnerabilities
⭕ Critical |Microsoft Teams Remote Code Execution Vulnerability
- CVE-2023-29328, CVE-2023-29330 are notable security vulnerabilities that have been discovered in Microsoft Teams, allowing for potential remote code execution by malicious actors. The vulnerability can be exploited by tricking a victim into joining a Teams meeting organized by the attacker. Once the user joins the malicious meeting, the attacker can perform remote code execution, operating in the context of the victim's user session. If successfully exploited, the attacker can access, modify, or delete the victim's user data. This could lead to unauthorized information disclosure, potential data manipulation, and further malicious activities. An attacker does not need any special privileges on the victim's system to exploit this vulnerability.
Kritisch | Microsoft Message Queuing Remote Code Execution-Schwachstelle
- CVE-2023-36910, CVE-2023-36911, CVE-2023-35385 affects Microsoft's Message Queuing (MSMQ) which is a protocol designed for consistent communication between Windows systems on various networks. It retains a queue of undelivered messages, ensuring delivery even if a computer is momentarily offline. To leverage this vulnerability, an attacker has to dispatch a specifically tailored malicious MSMQ packet to the target MSMQ server. Successfully exploiting this vulnerability allows an unauthorized attacker to remotely execute code on the targeted server.
⭕ Critical | Microsoft Outlook Remote Code Execution Vulnerability
- CVE-2023-36895 – To take advantage of the vulnerability, an attacker needs to persuade a victim to download and launch a specifically designed file from a website, which can compromise the local machine.
August's Patch Tuesday Addressing Zero-day Flaws
Windows Search Remote Code Execution Vulnerability
- CVE-2023-36884 – Microsoft rolled out OS patches to tackle the vulnerability. This month, they've introduced a supplementary Defense in Depth Update (ADV230003) to counter the attack methodology linked to this vulnerability's exploitation. The title has been modified by Microsoft, transitioning from 'Office and Windows HTML Remote Code Execution Vulnerability' to 'Windows Search Remote Code Execution Vulnerability'. Potential attackers could target the vulnerability via emails or instant messages by transmitting a uniquely crafted file. Such a file, skirting the Mark of the Web (MOTW) safeguards, could enable code execution on the recipient's system."
.NET and Visual Studio Denial of Service Vulnerability
- CVE-2023-38180 – The vulnerability may allow an attacker to initiate a denial-of-service assault on a target machine with minimal complexity, even without specific privileges. In their recent advisory, Microsoft has remained silent on further details about this vulnerability.
Runecast Analyzer covers all the 37 vulnerabilities that affect Windows operating systems, all mentioned below:
Important | AMD: CVE-2023-20569 Return Address Predictor
CVE-2023-20569
Important | Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2023-36900
Important | Windows Cryptographic Services Information Disclosure Vulnerability
CVE-2023-36907
Important | Reliability Analysis Metrics Calculation (RacTask) Elevation of Privilege Vulnerability
CVE-2023-36876
Important | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
CVE-2023-38184
Important | Windows System Assessment Tool Elevation of Privilege Vulnerability
CVE-2023-36903
Important | Tablet Windows User Interface Application Core Remote Code Execution Vulnerability
CVE-2023-36898
Important | Microsoft Message Queuing Denial of Service Vulnerability
CVE-2023-35376
Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-35386
Important | Windows Mobile Device Management Elevation of Privilege Vulnerability
CVE-2023-38186
⭕ Critical | Microsoft Message Queuing Remote Code Execution Vulnerability
CVE-2023-35385
Important | Microsoft Message Queuing Denial of Service Vulnerability
CVE-2023-36909
Important | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2023-36882
Important | Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-35359
Important | Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-35380
Important | Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-35382
Important | Microsoft Message Queuing Information Disclosure Vulnerability
CVE-2023-35383
Important | Windows HTML Platforms Security Feature Bypass Vulnerability
CVE-2023-35384
Important | Microsoft Message Queuing Denial of Service Vulnerability
CVE-2023-36912
Important | Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability
CVE-2023-36905
Important | Windows Cryptographic Services Information Disclosure Vulnerability
CVE-2023-36906
Important | Windows Bluetooth A2DP driver Elevation of Privilege Vulnerability
CVE-2023-35387
Important | Microsoft Message Queuing Denial of Service Vulnerability
CVE-2023-35377
Important | Windows Projected File System Elevation of Privilege Vulnerability
CVE-2023-35378
Important | Reliability Analysis Metrics Calculation Engine (RACEng) Elevation of Privilege Vulnerability
CVE-2023-35379
Important | Windows Fax Service Remote Code Execution Vulnerability
CVE-2023-35381
Important | Windows Search Remote Code Execution Vulnerability
CVE-2023-36684
Important | Microsoft Message Queuing Information Disclosure Vulnerability
CVE-2023-36913
Important | Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability
CVE-2023-36914
Important | Microsoft Message Queuing Denial of Service Vulnerability
CVE-2023-38172
Important | Microsoft Message Queuing Denial of Service Vulnerability
CVE-2023-38254
Important | Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-38154
Important | Windows Hyper-V Information Disclosure Vulnerability
CVE-2023-36908
⭕ Critical | Microsoft Message Queuing Remote Code Execution Vulnerability
CVE-2023-36910
Important | Windows Group Policy Security Feature Bypass Vulnerability
CVE-2023-36889
⭕ Critical | Microsoft Message Queuing Remote Code Execution Vulnerability
CVE-2023-36911
Important | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVE-2023-36904
Runecast schützt Sie vor all dem
At Runecast we ensure that all OS vulnerabilities are covered, so you can focus on mitigating threats and ensuring your system is running safe and secure. We keep you updated about the latest vulnerabilities, exploits and security compliance research and pride ourselves on responding quickly and decisively to key news in the IT Security and Operations spaces.
Runecast is an AI-powered platform that gives you complete visibility and proactive control over potential vulnerabilities in your environment. It provides best practices, risk-based vulnerability management, security and continuous compliance audits to ensure that every aspect of your environment is protected. Additionally, Runecast provides explicit instructions and generates custom remediation scripts, to help IT teams maintain continuous compliance within the environment. The Runecast platform can be deployed to AWS, Azure, Google Cloud, Kubernetes, and VMware environments and can operate entirely on-premises or via our new SaaS offering.
Treffen Sie hier andere Runecaster:
Sichere und konforme Workloads überall ausführen
Let Runecast detect and assess risks, so you can be fully compliant in minutes.