Windows PGM Accounts for Half of Patch Tuesday’s Critical Flaws

本月的MicrosoftPatchTuesday修复了78个漏洞,其中6个为critical级别,包括.NET/.NETFramework/VisualStudio的远程代码执行漏洞、SharePointServer的提升权限漏洞以及WindowsPGM的多个漏洞。专家建议尽快安装补丁以防止潜在攻击。
摘要由CSDN通过智能技术生成

目录

Flaws in SharePoint, .NET, Visual Studio

Other Noteworthy Flaws


Microsoft’s Patch Tuesday for June 2023 addresses 78 vulnerabilities, a significant increase from last month’s total of 37. While six of the flaws are critical, Microsoft says none are currently being exploited in the wild.

The six critical vulnerabilities are as follows:

  • CVE-2023-24897, a remote code execution vulnerability in .NET, .NET Framework, and Visual Studio, with a CVSS score of 7.8
  • CVE-2023-29357, an elevation of privilege vulnerability in Microsoft SharePoint Server, with a CVSS score of 9.8
  • CVE-2023-29363, CVE-2023-32014 and CVE-2023-32015, three remote code execution vulnerabilities in Windows Pragmatic General Multicast (PGM), each with a CVSS score of 9.8
  • CVE-2023-32013, a denial of service vulnerability in Windows Hyper-V, with a CVSS score of 6.5

Dustin Childs, head of threat awareness at Trend Micro’s Zero Day Initiative, noted in a blog post that this is the third month in a row in which Windows Pragmatic General Multicast (PGM) has had a flaw addressed with a CVSS score of 9.8. “While not enabled by default, PGM isn’t an uncommon configuration,” he wrote. “Let’s hope these bugs get fixed before any active exploitation starts.”

Action1 vice president of vulnerability and threat research Mike Walters separately observed that the three PGM flaws can be exploited over the network without requiring privileges or user interaction.

“To mitigate this vulnerability, consider checking if the Message Queuing service is running on TCP port 1801 and disable it if not needed,” Walters advised. “However, be cautious as this may impact system functionality. It is generally recommended to install the available patch instead of relying solely on mitigation strategies.”

Flaws in SharePoint, .NET, Visual Studio

Exploitation of the SharePoint Server flaw CVE-2023-29357, Walters noted, also requires no privileges or user interaction. “Customers using Microsoft Defender and the AMSI integration feature in their SharePoint Server farm(s) are protected against this vulnerability,” he wrote. “While there are no confirmed cases of exploitation yet, Microsoft warns that the likelihood of exploitation is high. It is essential for organizations using SharePoint 2019 to apply the patch to mitigate this serious vulnerability.”

Rapid7 lead software engineer Adam Barnett pointed out by email that while the FAQ provided with Microsoft’s advisory for CVE-2023-29357 states that both SharePoint Enterprise Server 2016 and SharePoint Server 2019 are vulnerable, no related patches are listed for SharePoint 2016.

“Defenders responsible for SharePoint 2016 will no doubt wish to follow up on this one as a matter of some urgency,” Barnett wrote. “Microsoft also explains that there may be more than one patch listed for a particular version of SharePoint, and that every patch must be installed to remediate this vulnerability (although order of patching doesn’t matter).”

Regarding CVE-2023-24897, Barnett observed that exploitation of the flaw in .NET, .NET Framework and Visual Studio requires the attacker to trick a victim into opening a specially-crafted malicious file.

“Although Microsoft has no knowledge of public disclosure or exploitation in the wild, and considers exploitation less likely, the long list of patches – going back as far as .NET Framework 3.5 on Windows 10 1607 – means that this vulnerability has been present for years,” he wrote.

See the Best Patch Management Software & Tools

Other Noteworthy Flaws

Ivanti vice president of security products Chris Goettl noted by email that two lower-severity flaws were also patched in Microsoft Exchange Server.

CVE-2023-32031 could potentially trigger malicious code in the context of the server’s account through a network call,” Goettl wrote. “CVE-2023-28310 could allow the attacker to execute code via a PowerShell remoting session. Neither have been disclosed or exploited, but given the sophistication of threat actors who specialize in targeting Exchange Server, it is recommended not to let these linger for long.”

And Silverfort senior research tech lead Dor Segal said by email that CVE-2023-29362, a remote code execution vulnerability in Remote Desktop Client with a CVSS score of 8.8 is also worth noting.

“Using an RDP client can give admins a false sense of security: they can see what’s going on in a remote server or that client’s computer, but they believe themselves to be protected from malicious activity on the client’s end thanks to the RDP,” Segal said. “This vulnerability unfortunately proves that wrong.”

“CVE-2023-29362 allows an attacker who has compromised a Windows machine to attack and spread to any RDP client connected to that same machine,” Segal added. “In the case of admins or other privileged machines, this could potentially lead to compromise of the entire domain. It’s worth noting that patching is needed on the client’s side – not the server’s – so we recommend first patching privileged clients before moving on to the rest of the clients in the organization.”

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值