[ad_1]
Microsoft right this moment launched updates to repair almost 100 safety flaws in its Windows working methods and different software program. Highlights from the primary Patch Tuesday of 2023 embody a zero-day vulnerability in Windows, printer software program flaws reported by the U.S. National Security Agency, and a vital Microsoft SharePoint Server bug that permits a distant, unauthenticated attacker to make an nameless connection.
At least 11 of the patches launched right this moment are rated “Critical” by Microsoft, that means they could possibly be exploited by malware or malcontents to grab distant management over susceptible Windows methods with little or no assist from customers.
Of specific concern for organizations working Microsoft SharePoint Server is CVE-2023-21743. This is a Critical safety bypass flaw that might enable a distant, unauthenticated attacker to make an nameless connection to a susceptible SharePoint server. Microsoft says this flaw is “more likely to be exploited” sooner or later.
But patching this bug might not be so simple as deploying Microsoft updates. Dustin Childs, head of risk consciousness at Trend Micro’s Zero Day Initiative, stated sysadmins must take further measures to be totally shielded from this vulnerability.
“To fully resolve this bug, you must also trigger a SharePoint upgrade action that’s also included in this update,” Childs stated. “Full details on how to do this are in the bulletin. Situations like this are why people who scream ‘Just patch it!’ show they have never actually had to patch an enterprise in the real world.”
Eighty-seven of the vulnerabilities earned Redmond’s barely much less dire “Important” severity score. That designation describes vulnerabilities “whose exploitation could result in compromise of the confidentiality, integrity, or availability of user data, or of the integrity or availability of processing resources.”
Among the extra Important bugs this month is CVE-2023-21674, which is an “elevation of privilege” weak spot in most supported variations of Windows that has already been abused in lively assaults.
Satnam Narang, senior workers analysis engineer at Tenable, stated though particulars concerning the flaw weren’t obtainable on the time Microsoft printed its advisory on Patch Tuesday, it seems this was probably chained along with a vulnerability in a Chromium-based browser reminiscent of Google Chrome or Microsoft Edge so as to get away of a browser’s sandbox and acquire full system entry.
“Vulnerabilities like CVE-2023-21674 are typically the work of advanced persistent threat (APT) groups as part of targeted attacks,” Narang stated. “The likelihood of future widespread exploitation of an exploit chain like this is limited due to auto-update functionality used to patch browsers.”
By the way in which, when was the final time you utterly closed out your Web browser and restarted it? Some browsers will robotically obtain and set up new safety updates, however the safety from these updates normally solely occurs after you restart the browser.
Speaking of APT teams, the U.S. National Security Agency is credited with reporting CVE-2023-21678, which is one other “important” vulnerability within the Windows Print Spooler software program.
There have been so many vulnerabilities patched in Microsoft’s printing software program over the previous 12 months (together with the dastardly PrintNightmare assaults and borked patches) that KrebsOnSecurity has joked about Patch Tuesday stories being sponsored by Print Spooler. Tenable’s Narang factors out that that is the third Print Spooler flaw the NSA has reported within the final 12 months.
Kevin Breen at Immersive Labs known as particular consideration to CVE-2023-21563, which is a safety function bypass in BitLocker, the info and disk encryption know-how constructed into enterprise variations of Windows.
“For organizations that have remote users, or users that travel, this vulnerability may be of interest,” Breen stated. “We rely on BitLocker and full-disk encryption tools to keep our files and data safe in the event a laptop or device is stolen. While information is light, this appears to suggest that it could be possible for an attacker to bypass this protection and gain access to the underlying operating system and its contents. If security teams are not able to apply this patch, one potential mitigation could be to ensure Remote Device Management is deployed with the ability to remotely disable and wipe assets.”
There are additionally two Microsoft Exchange vulnerabilities patched this month — CVE-2023-21762 and CVE-2023-21745. Given the rapidity with which risk actors exploit new Exchange bugs to steal company e-mail and infiltrate susceptible methods, organizations utilizing Exchange ought to patch instantly. Microsoft’s advisory says these Exchange flaws are certainly “more likely to be exploited.”
Adobe launched 4 patches addressing 29 flaws in Adobe Acrobat and Reader, InDesign, InCopy, and Adobe Dimension. The replace for Reader fixes 15 bugs with eight of those being ranked Critical in severity (permitting arbitrary code execution if an affected system opened a specifically crafted file).
For a extra granular rundown on the updates launched right this moment, see the SANS Internet Storm Center roundup. Nearly 100 updates is rather a lot, and there are sure to be just a few patches that trigger issues for organizations and finish customers. When that occurs, AskWoody.com normally has the lowdown.
Please take into account backing up your knowledge and/or imaging your system earlier than making use of any updates. And please pontificate within the feedback if you happen to expertise any issues on account of these patches.