Black Arrow Cyber Advisory 15 March 2023 – Microsoft Patch Tuesday, Fortinet, Adobe, SAP, Android and Chrome Security Updates Summary

Executive Summary

Security updates have been released for Microsoft, Fortinet, Adobe, SAP, Google Chrome and Android to fix a range of security issues.

Microsoft

Microsoft’s March Patch Tuesday provides updates to address 74 security issues across its product range, including two actively exploited vulnerabilities (CVE-2023-23397 and CVE-2023-24880). The two exploited vulnerabilities include an elevation of privilege vulnerability and a security bypass feature. Also among the updates provided by Microsoft were 9 critical vulnerabilities.

What’s the risk to me or my business?

The actively exploited vulnerabilities could allow an attacker to bypass security features to upload malicious files, remotely execute code and gain SYSTEM privileges; all of which could compromise the confidentiality, integrity and availability of data stored by an organisation.

What can I do?

Security updates are available for all supported versions of Windows impacted. The updates should be applied as soon as possible for the actively exploited vulnerabilities and all other vulnerabilities that have a critical severity rating.

Technical Summary

The following is a breakdown of the actively exploited vulnerabilities which affected Microsoft Operating Systems:

CVE-2023-23397: A vulnerability which allows specially crafted emails to force a victim device to connect to an external location of attacker control, providing the attacker with the victims’ authentication details. The email does not need to be read in the preview pane as the vulnerability is triggered when it is received and processed by the email server.

Please see our earlier advisory on this particular actively exploited vulnerability.

CVE-2023-24880: A vulnerability that allows an attacker to craft a malicious file which evades mark of the web (MOTW) security features and is actively being exploited in ransomware attacks.

Along with Microsoft’s patch Tuesday, the following vendors have also addressed vulnerabilities this month:

Fortinet

As reported in our blog previously, Fortinet disclosed 15 vulnerabilities this month; this includes the actively exploited vulnerability CVE-2022-41328. This vulnerability is a path transversal vulnerability in FortiOS which can allow a privileged actor to read and write files via crafted command line interface commands. The vulnerability is actively being exploited against governments and large organisations.

Adobe

This month, Adobe released fixes for 105 vulnerabilities across Adobe Creative Cloud Desktop, ColdFusion, Dimension, Experience Manager, Illustrator and Photoshop. At current, Adobe is not aware of any of these vulnerabilities being actively exploited. The vulnerabilities include remote code execution, memory leak, privilege escalation and security bypass.

SAP

Sap have released fixes for 21 vulnerabilities, including code injection and improper access control vulnerabilities. A total of 9 vulnerabilities were given the “Hot News” priority, which is the highest priority according to SAP.

Google

-Android

Android addressed 60 vulnerabilities this month. Amongst the vulnerabilities are two critical remote code execution vulnerabilities CVE-2023-20951 and CVE-2023-20954.

-Chrome

Google addressed 40 vulnerabilities in the Chrome Web Browser, with 8 vulnerabilities rated as high-severity.

Further details of the updates within Microsoft’s March patch Tuesday can be found here: https://www.ghacks.net/2023/03/14/microsoft-windows-security-updates-march-2023-what-you-need-to-know-before-installation/

Further details of CVE-2023-23397 can be found here: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-23397

Further details of CVE-2023-24880 can be found here: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-24880

Further details of CVE-2022-41328 can be found here: https://www.fortinet.com/blog/psirt-blogs/fg-ir-22-369-psirt-analysis

Further details of the vulnerabilities addressed by Fortinet can be found here: https://www.fortiguard.com/psirt-monthly-advisory/march-2023-vulnerability-advisories

Further details of the vulnerabilities addressed by SAP can be found here: https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10

Further details of the vulnerabilities addressed by Adobe Creative Cloud Desktop can be found here: https://helpx.adobe.com/security/products/creative-cloud/apsb23-21.html

Further details of the vulnerabilities addressed in Adobe ColdFusion can be found here: https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html

Further details of the vulnerabilities addressed in Adobe Dimension can be found here: https://helpx.adobe.com/security/products/dimension/apsb23-20.html

Further details of the vulnerabilities addressed in Adobe Experience Manager can be found here: Adobe Security Bulletin

Further details of the vulnerabilities addressed in Adobe Illustrator can be found here: https://helpx.adobe.com/security/products/illustrator/apsb23-19.html

Further details of the vulnerabilities addressed in Adobe Photoshop can be found here: https://helpx.adobe.com/security/products/photoshop/apsb23-23.html

Further details of the vulnerabilities addressed in Adobe Substance 3D Stager can be found here: https://helpx.adobe.com/security/products/substance3d_stager/apsb23-22.html

Further details of the Android vulnerabilities can be found here: https://source.android.com/docs/security/bulletin/2023-03-01#2023-03-05-security-patch-level-vulnerability-details

Further details of the vulnerabilities addressed by Google can be found here: https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html

 Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity