Cyber Security Threat Summary:
As part of the September Patch Tuesday, Microsoft addressed 59 flaws, including two zero-days that were exploited in attacks in the wild. In total, Microsoft released fixes for 3 Security Feature Bypass Vulnerabilities, 24 Remote Code Execution Vulnerabilities, 9 Information Disclosure Vulnerabilities, 3 Denial of Service Vulnerabilities, 5 Spoofing Vulnerabilities, and 5 Edge - Chromium Vulnerabilities. Out of the 59 flaws addressed, five have been rated critical in severity:
- CVE-2023-36796, CVE-2023-36792, CVE-2023-36793: Visual Studio Remote Code Execution Vulnerability
- CVE-2023-29332: Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability
- CVE-2023-38148: Internet Connection Sharing (ICS) Remote Code Execution Vulnerability
- Apple fixed a new zero-day exploit chain called BLASTPASS that was used in attacks to install the Pegasus spyware.
- Atlas VPN to fix a zero-day in the Linux client that can expose the user's actual IP address.
- Asus fixed three critical remote code execution bugs in the SUS RT-AX55, RT-AX56U_V2, and RT-AC86U routers.
- Cisco released security updates for various products and warned of a zero-day in Cisco ASA devices.
- Google released the Android September 2023 and Chrome updates to fix actively exploited vulnerabilities.
- MSI released BIOS updates to fix 'UNSUPPORTED_PROCESSOR' errors in Windows.
- Notepad++ 8.5.7 was released to fix four security vulnerabilities.
- SAP has released its September 2023 Patch Day updates.
- VMware fixed a VMware Tools vulnerability.
The actively exploited zero-days addressed by Microsoft are being tracked as CVE-2023-36802 and CVE-2023-36761 and were uncovered by the Microsoft Threat Intelligence group with the help of researchers at IBM X-Force. CVE-2023-36802 relates to an elevation of privilege vulnerability in the Microsoft Streaming Service Proxy. A successful exploit of this flaw could enable actors to gain SYSTEM-level privileges on the targeted system. The second flaw tracked as CVE-2023-36802, concerns an Information disclosure vulnerability impacting Microsoft Word. According to Microsoft, threat actors can exploit this flaw to steal NTLM hashes when the victim opens a document, including in the preview pane. Although Microsoft stated both vulnerabilities were exploited in the wild, details of such attacks have yet to be released.
Organizations should review the list of vulnerabilities resolved and apply the relevant patches as needed. To access the full list of vulnerabilities addressed, please use the link down below: