Microsoft’s Patch Tuesday for September 2023 includes 59 vulnerabilities, five of them rated critical and two currently being exploited in the wild.
The two vulnerabilities currently being exploited are CVE-2023-36761, an information disclosure flaw in Microsoft Word with a CVSS score of 6.2; and CVE-2023-36802, an elevation of privilege flaw in Microsoft Streaming Service with a CVSS score of 7.8 that could provide an attacker with system privileges.
Natalie Silva, lead cyber security engineer at Immersive Labs, told eSecurity Planet that the Word vulnerability in particular poses a high risk, noting that the Preview Pane is a potential attack vector.
“Attackers could specially craft documents or files that contain malicious code or exploit vulnerabilities in the software rendering engine used by the Preview Pane,” Silva said. “When a user previews or opens such a document in the Preview Pane, malicious code can be executed, leading to potential compromise of the system.”
Exploiting the vulnerability could lead to the disclosure of Net-NTLMv2 hashes, she added. “Net-NTLMv2 hashes are used for authentication in Windows environments, and their disclosure can enable attackers to gain unauthorized access to sensitive information or systems via a relay attack or cracked offline to recover user credentials.”
Five Critical Vulnerabilities
The five critical flaws are as follows:
- CVE-2023-29332, an elevation of privilege vulnerability in Microsoft Azure Kubernetes with a CVSS score of 7.5
- CVE-2023-36792, CVE-2023-36793, and CVE-2023-36796, three remote code execution vulnerabilities in Microsoft Visual Studio with a CVSS score of 7.8
- CVE-2023-38148, a remote code execution vulnerability in Internet Connection Sharing (ICS) with a CVSS score of 8.8
Action1 vice president of vulnerability and threat research Mike Walters noted in a blog post that while CVE-2023-38148 seems particularly threatening due to its low attack complexity and since it requires no privileges or user interaction, it can only target systems in the same network segment as the attacker.
“Crossing network boundaries, such as a WAN, is not possible; it remains limited to systems connected to the same network switch or virtual network,” he wrote.
To exploit the vulnerability, Walters said, “an unauthorized attacker would send a specially crafted network packet to the ICS service, subsequently allowing for the execution of arbitrary code on the targeted system.”
“While Microsoft has not yet confirmed active exploitation of this vulnerability, they consider it highly likely,” he added. “Therefore, applying the provided security updates promptly is strongly recommended to mitigate potential risks.”
See the top Patch and Vulnerability Management products
Visual Studio and Azure Kubernetes Flaws
Cisco’s Jonathan Munshaw wrote in a blog post that the three flaws in Visual Studio, which can be triggered if a user opens a specially crafted file, are noteworthy since Lazarus Group hackers are apparently using that method to target security developers and researchers on social media.
Immersive Labs cyber security engineer Nikolas Cemerkic told eSecurity Planet that the flaw in Microsoft Azure Kubernetes could provide attackers with Cluster Administration privileges, enabling them to compromise or disrupt services.
“It is worth noting that any application housed within the cluster that has to follow strict, stringent regulatory compliance measures, such as PCI, could cause them to become in violation,” Cemerkic said. “This could result in legal consequences and reputational damage.”
“While updating the Kubernetes Service is a crucial step in remediating this vulnerability, it is also essential to implement robust security measures and monitor for any suspicious activity,” he added. “Additionally, it’s important to have an incident response plan in place to swiftly detect and mitigate any security breaches to minimize the potential impact.”
Read next: 8 Container Security Best Practices & Tips