In the latest Patch Tuesday release from Microsoft, the tech giant has rolled out vital updates, fortifying a total of 67 vulnerabilities. This comprehensive security overhaul addresses actively exploited zero-days, critical flaws, and publicly disclosed vulnerabilities, urging swift action from administrators to bolster system defenses. This month’s update takes a focused approach to three actively exploited Windows zero-days, underscoring the necessity for immediate deployment. Let’s delve into the specifics of these vulnerabilities.
Actively Exploited Windows Zero-Days
- CVE-2023-36033 (CVSS 7.8): Desktop Window Manager Core Library Elevation of Privilege
- Impact: Allows attackers to gain SYSTEM privileges without user interaction.
- Affected Systems: Windows 10, Windows 11, Windows Server 2016, and newer.
- CVE-2023-36036 (CVSS 7.8): Cloud Files Mini Filter Driver Elevation of Privilege
- Impact: Enables attackers to gain SYSTEM privileges without user interaction.
- Affected Systems: Windows Server 2008 and later, including the latest Windows desktop and server versions.
- CVE-2023-36025 (CVSS 8.8): SmartScreen Security Feature Bypass
- Impact: Allows attackers to bypass Windows Defender SmartScreen checks by convincing users to click on a crafted URL.
- Affected Systems: All Windows OS versions dating back to Server 2008.
Publicly Disclosed Vulnerabilities
- CVE-2023-36038 (CVSS 8.2): ASP.NET Core Denial of Service
- Impact: Could lead to a service disruption.
- Affected Systems: .NET 8.0, Microsoft Visual Studio 2022, and ASP.NET Core 8.0.
- CVE-2023-36413 (CVSS 6.5): Microsoft Office Security Feature Bypass
- Impact: Exploitation more likely; requires user interaction for successful exploitation.
Exchange Server Fixes and Additional Updates
- Microsoft has addressed four vulnerabilities in Exchange Server, including three spoofing issues and a critical remote-code execution flaw (CVE-2023-36439). Administrators are advised to update Exchange instances promptly due to the platform’s susceptibility to sophisticated attacks.
Curl Vulnerabilities Resolved
- Addressing vulnerabilities in the open-source Curl tool, Microsoft distributed Curl version 8.4.0 to fix issues related to SOCKS5 heap buffer overflow (CVE-2023-38545) and HTTP headers consuming excessive memory (CVE-2023-38039).
Immediate Action Required
The severity of these vulnerabilities demand quick actions from administrators and organizations. Several steps can be taken to mitigate the risks associated with these vulnerabilities:
- Patch Systems: The most effective way to safeguard these vulnerabilities is to apply the Microsoft patches promptly.
- Conduct Vulnerability Scanning: Proactively identify and assess security weaknesses, like these vulnerabilities and more, in your systems, networks, and applications, allowing you to address these vulnerabilities before cybercriminals can exploit them.
- Routine Security Assessments: Routine security assessments, such as external and internal penetration testing, are crucial to identify vulnerabilities and weaknesses in an organization’s network and systems.
- Inventory Assessment: Organizations should conduct a detailed inventory of all their enterprise assets. This can help identify vulnerable systems that require immediate attention.
- Log Collection and Correlation: By analyzing logs from various sources and identifying patterns or anomalies, you can respond to threats, mitigate risks, and improve overall security posture.
- Validate Incident Response Capabilities: Conduct tabletop exercises to simulate real-world scenarios, evaluate their preparedness, and refine response plans. Updating or creating an incident response policy and having an incident response team on retainer ensures a structured and efficient response to security incidents, reducing potential damage and minimizing downtime in the event of a breach.
Microsoft’s November Patch Tuesday is a critical update, emphasizing the ongoing threats faced by Windows systems. Administrators are strongly encouraged to prioritize these patches to protect their systems against potential exploits and enhance overall cybersecurity.