September’s Patch Tuesday provides fixes for 61 vulnerabilities, a slight reduction of last month’s 76. These are separated into 5 critical, 55 important, and 1 moderate vulnerability patched while 2 were detected to be exploited in the wild and only 1 publicly disclosed.
This important, publicly disclosed, and exploited in the wild vulnerability could allow an attacker to steal NTLM hashes which can be cracked or used in relay or pass-the-hash attacks. This discovery came from the Microsoft Threat Intelligence team who disclosed this vulnerability. The preview pane has been reported to be an attack vector meaning that a victim only has to preview the document to be exploited.
This important vulnerability is the second seen exploited in the wild this month. An attacker may exploit a vulnerability present in Microsoft Streaming Service Proxy, a service related to Microsoft Stream, to elevate their privileges to the highest level in Windows, SYSTEM.
An unauthorized attacker could exploit this critical Internet Connection Sharing (ICS) vulnerability by sending a specially crafted network packet to the Internet Connection Sharing (ICS) Service to conduct remote code execution. This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks and would be limited to systems on the same network switch or virtual network.
An attacker who successfully exploited this critical vulnerability could gain Cluster Administrator privileges. This attack can be done through the internet and has a low complexity because an attacker does not require significant prior knowledge of the cluster/system and can achieve repeatable success when attempting to exploit this vulnerability.
Three critical remote code execution vulnerabilities were present in Visual Studio this month. An attacker would need to convince a user to open a maliciously crafted package file in Visual Studio that would exploit the code locally on a victim's machine. This would then allow the attack to execute custom code that was present in that specially crafted file. Exploitation has been deemed less likely by Microsoft for these vulnerabilities.
For a full list of this month’s updates please see the links below:
Patch Tuesday release notes: https://msrc.microsoft.com/update-guide/releaseNote/2023-Sep
Security update guide: https://msrc.microsoft.com/update-guide/
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
