Patch Tuesday is here again with a whole host of patches for August. This month sees a reduction in patched vulnerabilities with only 76 being patched, a significant decrease from the 130 reported last month. A total of 6 critical, 68 important, and 2 moderate vulnerabilities were patched while 5 were publicly disclosed and 6 were seen exploited in the wild.
To exploit these critical vulnerabilities an attacker would be required to trick the victim into joining a Teams meeting which would enable them to perform remote code execution in the context of the victim user. The attacker does not need privileges to attempt to exploit this vulnerability. An attacker who successfully exploits this vulnerability could perform a remote attack that could enable access to the victim's information and the ability to alter information. Successful exploitation could also potentially cause downtime for the client machine. Fortunately both these vulnerabilities haven’t been exploited in the wild or publicly disclosed.
Microsoft Message Queuing (MSMQ) technology enables applications running at different times to communicate across heterogeneous networks and systems that may be temporarily offline by maintaining a message queue of undelivered messages. To exploit this critical vulnerability, an attacker would need to send a specially crafted malicious MSMQ packet to an MSMQ server. This could result in remote code execution on the server side. This vulnerability is yet to be seen in the wild and hasn’t been publicly disclosed by Microsoft.
A vulnerability present in .NET and Visual Studio could allow an attacker to conduct a denial-of-service attack on a target system in a low-complexity attack without special privileges. This has been reported as exploited in the wild however has not been publicly disclosed by Microsoft.
In an email or instant message attack scenario, the attacker could send the targeted user a specially crafted file that is designed to exploit this important remote code execution vulnerability. In any case, an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could entice a user to either click a link that directs the user to the attacker's site or send a malicious attachment. An attacker can plant a malicious file evading Mark of the Web (MOTW) defences which can result in code execution on the victim system. This vulnerability has been publicly disclosed and reported by Microsoft to be exploited in the wild.
For a full list of this month’s updates please see the links below:
Patch Tuesday release notes: https://msrc.microsoft.com/update-guide/releaseNote/2023-Aug
Security update guide: https://msrc.microsoft.com/update-guide/
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
