Patch Tuesday – 5 critical CVEs & 2 zero-day vulnerabilities

Microsoft released its monthly security updates on September 12, 2023. The updates fixed two zero-day vulnerabilities that were known to be exploited in the wild. Five of the 66 vulnerabilities patched were rated as critical and 58 as important. September’s Patch Tuesday includes several important updates for vulnerabilities in Microsoft Office and components, Microsoft Azure Kubernetes Service, Microsoft Dynamics, Microsoft Visual Studio and others.

Let’s take a closer look at the most interesting updates for this month. 

⭕ Notable Critical Microsoft Vulnerabilities

 ⭕ Critical |Internet Connection Sharing (ICS) Remote Code Execution Vulnerability

• CVE-2023-38148 is a critical vulnerability affecting Internet Connection Sharing (ICS) which is a feature in Windows that allows a computer with an active internet connection to distribute its connectivity to other devices within a local area network (LAN). Fortunately this only applies to devices where this functionality is enabled. If it is enabled, an attacker could end up executing code by sending a specially crafted network pack to the ICS Service. Attacks can be conducted only to systems connected to the same network segment, the attacks cannot be performed across multiple networks.
  

⭕ Critical | Visual Studio Remote Code Execution Vulnerability

• CVE-2023-36792, CVE-2023-36793, CVE-2023-36796 are Remote Code Execution (RCE) vulnerabilities having the highest CVSS score for this month’s Patch Tuesday. To exploit this vulnerability an attacker would need to persuade an user to initiate a malicious crafted package file in Visual Studio.  
  

⭕ Critical | Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability

• CVE-2023-29332 impacts Azure Kubernetes Service (AKS) which can be targeted from distance through a straightforward method without the attacker needing any specific privileges. If exploited successfully this would grant the attacker Cluster Administrator privileges.

September's Patch Tuesday Addressing Zero-day Flaws

Microsoft Word Information Disclosure Vulnerability

• CVE-2023-36761 – Microsoft rolled out OS patches to tackle the vulnerability that can be used to steal NTLM hashes when opening a document, even when it’s opened in the preview pane. NTLM hashes can be cracked or used in NTLM relay attacks to gain access to the account. 

Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability

• CVE-2023-36802 – This vulnerability affects the Microsoft Streaming Service Proxy which is related to Microsoft Stream, a video service that uses the power of intelligent enterprise video to enable knowledge sharing, easier communication, and connectivity in a secure enterprise environment. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. 

‍

CISA has also added these two zero-days vulnerabilities to its Known Exploited Vulnerabilities Catalog, requesting users to patch them before October 3, 2023.

Runecast Analyzer covers all 21 vulnerabilities, mentioned above, that affect Windows operating systems.

Runecast protects you against all of these vulnerabilities

At Runecast we ensure that all OS vulnerabilities are covered, so you can focus on mitigating threats and ensuring your system is running safe and secure. We keep you updated about the latest vulnerabilities, exploits and security compliance research and pride ourselves on responding quickly and decisively to key news in the IT Security and Operations spaces.

Runecast is an AI-powered platform that gives you complete visibility and proactive control over potential vulnerabilities in your environment. It provides best practices, risk-based vulnerability management, and security and continuous compliance audits to ensure that every aspect of your environment is protected. Additionally, Runecast provides explicit instructions and generates custom remediation scripts, to help IT teams maintain continuous compliance within the environment. The Runecast platform can be deployed to AWS, Azure, Kubernetes, and VMware environments and can operate entirely on-premises or via our new SaaS offering.

‍