Executive summary

Microsoft’s September Patch Tuesday provides updates to address 59 security issues across its product range, including two actively exploited zero-day vulnerabilities. The exploited zero-days have both been added to the US Cybersecurity and Infrastructure Security Agency’s (CISA) “Known Exploited Vulnerabilities Catalog”. Of the 59 security issues addressed by Microsoft , 5 were rated critical.

What’s the risk to me or my business?

The actively exploited vulnerabilities could allow an attacker to gain SYSTEM privileges or capture and relay hashes of user passwords to gain access to that users account. Both compromise the confidentiality, integrity and availability of data stored by an organisation.

What can I do?

Security updates are available for all supported versions of Windows impacted. The updates should be applied as soon as possible for the actively exploited vulnerabilities and all other vulnerabilities that have a critical severity rating.

Technical Summary

CVE-2023-36802: The actively exploited allows a local attacker to gain SYSTEM privileges.

CVE-2023-36761: This actively exploited vulnerability can allow an attacker to steal user password NTLM hashes of users who open a document, even if just in the preview plane.

Adobe

This month, Adobe released fixes for 5 vulnerabilities, including 1 critical vulnerability, across Adobe Acrobat & Reader (1), Adobe Connect (2) and Adobe Experience Manager (2).  The critical vulnerability, tracked as CVE-2023-26369, impacts both Windows and macOS versions of Adobe Acrobat & Reader and if exploited, can allow an attacker to execute malicious code.

Chrome

A new update for Google Chrome is available for Windows, Linux and macOS. The update addresses 16 security fixes, including one critical and actively exploited vulnerability which could cause for denial of service or allow code execution.

Mozilla

Mozilla released fixes for two critical vulnerabilities, impacting Firefox and Thunderbird. The vulnerabilities could allow an attacker to perform code execution.

SAP

Enterprise software vendor SAP has addressed 13 vulnerabilities in several of its products, including two critical-severity vulnerabilities that impact SAP BusinessObjects Business Intelligence Platform. 66Including remote execution and authentication bypass. A total of 5 vulnerabilities were given the “Hot News” priority, which is the highest priority according to SAP.

further details on other specific updates within this patch Tuesday can be found here:

https://www.ghacks.net/2023/09/12/the-windows-september-2023-security-updates-are-now-available/

Further information on Adobe Acrobat and Reader can be found here:

https://helpx.adobe.com/security/products/acrobat/apsb23-34.html

Further information on Adobe Connect can be found here:

https://helpx.adobe.com/security/products/connect/apsb23-33.html

Further information on Adobe Experience Manager can be found here:

https://helpx.adobe.com/security/products/experience-manager/apsb23-43.html

Further information on the patches by SAP can be found here:

https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10

Further information on Google Chrome can be found here:

https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html

Further information on Mozilla can be found here:

https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Executive summary

Microsoft’s August Patch Tuesday provides updates to address 86 security issues across its product range, including two zero-day vulnerabilities (CVE-2023-36884, CVE-2023-38180). The vulnerabilities allow remote code execution and denial of service. Among the updates provided by Microsoft, 6 addressed critical vulnerabilities.

What’s the risk to me or my business?

The vulnerabilities allow an attacker to remotely execute code and cause a denial-of-service, impacting the confidentiality, integrity and availability of data held by an organisation. CVE-2023-38180, which is a denial-of-service vulnerability has been recorded by the US Cybersecurity and Infrastructure Security Agency (CISA) in its “Known Exploited Vulnerabilities” Catalogue.

What can I do?

Security updates are available for all supported versions of Windows impacted. The updates should be applied immediately for the zero-day vulnerabilities and as soon as possible for all other vulnerabilities.  Microsoft has also published an separate advisory for CVE-2023-36884.

Technical Summary

CVE-2023-36884: This vulnerability, if exploited allows threat actors to create specially crafted documents which bypass Mark of the Web (MoTW) security features, causing files to be opened with no warning, allowing a threat actor to perform remote code execution.

CVE-2023-38180: The actively exploited vulnerability allows an attacker to cause a denial-of-service attack on .NET applications and Visual Studio.

Adobe

In addition to Microsoft’s Patch Tuesday Adobe released fixes for 36 vulnerabilities, of which 19 were rated critical. The critical vulnerabilities spanned across Adobe Acrobat and Reader (16), Adobe Commerce and  Adobe Dimension (2). At current, Adobe is not aware of any of these vulnerabilities being actively exploited. The vulnerabilities include remote code execution, memory leak and security bypass.

further details on other specific updates within this patch Tuesday can be found here:

https://www.ghacks.net/2023/08/08/the-windows-august-2023-security-updates-fix-critical-vulnerabilities-and-internet-explorer/

Further details about CVE-2023-38180 can be found here:                     

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38180

Further details about CVE-2023-36884 can be found here:                     

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884  

The advisory from Microsoft can be found here:

Further information on CISA’s Known Exploited Vulnerabilities Catalog can be found here:

https://www.cisa.gov/known-exploited-vulnerabilities-catalog

https://msrc.microsoft.com/update-guide/vulnerability/ADV230003

Further details of the vulnerabilities addressed in Adobe Acrobat DC and Reader can be found here: https://helpx.adobe.com/security/products/acrobat/apsb23-30.html

Further details of the vulnerabilities addressed in Adobe Commerce can be found here: https://helpx.adobe.com/security/products/magento/apsb23-42.html

Further details of the vulnerabilities addressed in Adobe Dimension can be found here: https://helpx.adobe.com/security/products/dimension/apsb23-44.html

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity