Patch Tuesday - 9 kritische CVEs und 2 Zero-Day-Schwachstellen

For March, Microsoft released 76 CVEs new patches which is still more than expected for the third month of 2023. Out of all patches released, 9 are rated critical and 2 have been seen exploited in the wild. It’s also a bit unusual that half of them are addressing remote code execution (RCE) bugs. 

Werfen wir einen genaueren Blick auf die interessantesten Aktualisierungen in diesem Monat. 

Bemerkenswerte kritische Microsoft-Sicherheitslücken

Windows Hyper-V Denial of Service Vulnerability:

• CVE-2023-23411 is a Denial of Service Vulnerability affecting Hyper-V. Successful exploitation of this vulnerability could allow a Hyper-V guest to affect the functionality of the Hyper-V host. 
  

Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability:   

• CVE-2023-23415 is a RCE vulnerability affecting ICMP that could be exploited by attackers through the use of a low-level protocol error containing a fragmented IP packet embedded with another ICMP packet in the header, directed towards the target machine. To activate the vulnerable code path, an application on the target system must be bound to a raw socket. 
  

Windows Point-to-Point (P2P) Tunneling Protocol Remote Code Execution Vulnerability

• CVE-2023-23404 is a RCE affecting P2P tunneling protocol. An unauthenticated attacker has the potential to exploit this vulnerability by sending a connection request specially crafted to a remote access server (RAS). This could potentially lead to a remote code execution on the targeted RAS machine.
  

Windows Cryptographic Services Remote Code Execution Vulnerability

• CVE-2023-23416 is a RCE Vulnerability that can be exploited if a malicious certificate is imported on an affected system. It has been rated as “less likely exploitable” because an attacker could achieve this by either uploading a certificate to a service that processes or imports certificates, or by persuading an authenticated user to import into their system.    
  

HTTP Protocol Stack Remote Code Execution Vulnerability

• CVE-2023-23392 is another RCE Vulnerability affecting HTTP Protocol Stack in Windows 11 and Windows Server 2022. By utilizing the HTTP Protocol Stack (http.sys) to process packets, an unauthenticated attacker could send a specifically tailored packet to the targeted server.
  

Remote Procedure Call (RPC) Runtime Remote Code Execution Vulnerability

• CVE-2023-21708 is a RCE Vulnerability impacting RPC that could result in remote code execution on the server-side with the same permissions as the operating RPC service.   
  

TPM2.0 Module Library Elevation of Privilege Vulnerability 

• CVE-2023-1017 and CVE-2023-1018 are affecting the TPM2.0 Module Library. An out-of-bound write vulnerability allows the writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. If successfully exploited, an attacker can execute arbitrary code in the TPM context that can lead to denial of service by crashing the TPM chip/process or rendering it inoperable. 
  

An actively exploited zero-day vulnerability covered by Runecast Analyzer is CVE-2023-24880 which is rated as Moderate and affects Windows SmartScreen. An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of security features like Protected View in Microsoft Office which depend on MOTW tagging. Microsoft explained: “When you download a file from the internet, Windows adds the zone identifier or Mark of the Web as an NTFS stream to the file. So, when you run the file, Windows SmartScreen checks if there is a zone identifier Alternate Data Stream (ADS) attached to the file. If the ADS indicates ZoneId=3 which means that the file was downloaded from the internet, the SmartScreen does a reputation check.”

It is highly recommended to keep all systems up to date in order to mitigate or minimize the risk of an unfortunate event.

Details of all 76 vulnerabilities are shown in the table below.

Runecast schützt Sie vor all dem

Bei Runecast stellen wir sicher, dass alle Schwachstellen von Betriebssystemen abgedeckt sind, damit Sie sich auf die Eindämmung von Bedrohungen konzentrieren und sicherstellen können, dass Ihr System sicher und geschützt läuft. Wir halten Sie über die neuesten Schwachstellen, Exploits und Untersuchungen zur Einhaltung von Sicherheitsvorschriften auf dem Laufenden und sind stolz darauf, schnell und entschlossen auf wichtige Neuigkeiten in den Bereichen IT-Sicherheit und Betrieb zu reagieren.

Runecast ist eine KI-gestützte Plattform, die Ihnen vollständige Transparenz und Kontrolle über potenzielle Schwachstellen in Ihrer Umgebung bietet. Sie bietet Best Practices, risikobasiertes Schwachstellenmanagement, Sicherheit und Compliance, um sicherzustellen, dass jeder Aspekt Ihrer Umgebung geschützt ist. Darüber hinaus liefert Runecast explizite Anweisungen und generiert benutzerdefinierte Abhilfeskripte, die eine schnelle Einhaltung der Vorschriften in der Umgebung gewährleisten. Die Runecast-Plattform kann in AWS-, Azure-, Google Cloud-, Kubernetes- und VMware-Umgebungen implementiert werden und arbeitet sicher vor Ort.