Patch Tuesday – August 2023

Home / Threat Intelligence bulletins / Patch Tuesday - August 2023

Target Industry

Indiscriminate, opportunistic targeting.

Overview

Microsoft Patch Tuesday for August 2023: One zero-day flaw and five critical remote code execution (RCE) vulnerabilities were addressed as part of 86 total security issues addressed by Microsoft.

The zero-day vulnerability pertains to a denial-of-service (DoS) issue in .NET, ASP.NET Core 2.1 and Visual Studio. The flaw, tracked as CVE-2023-38180 (CVSSv3 score: 7.5), has been reportedly exploited in the wild and, as such, the relevant security update should be applied as a matter of urgency.

Two RCE flaws have been disclosed as relating to Microsoft Teams. The vulnerabilities are tracked as CVE-2023-29330 and CVE-2023-29328, both of which have received a CVSSv3 score of 8.8. Microsoft, however, has assessed these security issues as critical as exploitation would allow a threat actor to execute code against any user that joins a Teams meeting set up by the threat actor.

Three critical RCE flaws pertain to the Windows Message Queuing Service (MSMQ). The flaws are being tracked as CVE-2023-36910, CVE-2023-36911 and CVE-2023-35385, all of which have received a CVSSv3 score of 9.8. With regards to these flaws, the Microsoft Message Queueing Service must be enabled and listening on port 1801 for an asset to be declared as vulnerable.

An RCE vulnerability has also been discovered within Microsoft Outlook in which a threat actor could execute code on a victim machine if they successfully convince the user to open a specially crafted malicious file. The flaw is being tracked as CVE-2023-36895 and has received a CVSSv3 score of 7.8. However, Microsoft has classified the issue as critical due to the potential impact of successful exploitation.

Finally, a critical privilege escalation flaw was discovered in Exchange. The flaw tracked as CVE-2023-21709 (CVSSv3 score: 9.8) allows a threat actor to authenticate as a different user. Exploitation also involved the implementation of brute-forcing techniques.

In addition to the vulnerability disclosures mentioned above, Microsoft also provided a security patch for CVE-2023-36884, a zero-day issue released within the July 2023 Patch Tuesday disclosure. The patches supersede the mitigation strategies that were previously laid out regarding the vulnerability.

Impact

  • Successful exploitation of CVE-2023-38180 could allow a threat actor to create a DoS condition on a vulnerable server
  • Successful exploitation of CVE-2023-29330 and CVE-2023-29328 could allow a threat actor to perform a remote attack that could enable access to the data of the victim; successful exploitation could also possibly cause downtime for the victim’s machine
  • Successful exploitation of CVE-2023-36910, CVE-2023-36911 and CVE-2023-35385 could result in RCE attempts on the server side of vulnerable related product versions
  • Successful exploitation of CVE-2023-36895 could allow a threat actor to implement RCE attempts on the machine of a user that has opened a malicious file
  • Successful exploitation of CVE-2023-21709 could allow a threat actor to log into an Exchange account as another user, thus compromising the integrity of the account

In summary, exploitation of the vulnerabilities outlined above could lead to a total loss of confidentiality, availability, and integrity of data.

Vulnerability Detection

Security patches for these vulnerabilities have been released by Microsoft. Previous product versions therefore remain vulnerable to potential exploitation.

Affected Products

A full list of the affected products pertaining to the August 2023 Patch Tuesday can be found on the Microsoft August 2023 Security Update page.

Containment, Mitigations & Remediations

It is strongly recommended that the relevant security patches are applied to the respective Microsoft products as soon as possible. The patches can be found directly at the Microsoft Patch Tuesday August 2023 Security Guide.

Indicators of Compromise

No specific Indicators of Compromise (IoCs) are available currently.

Threat Landscape

Last month, Microsoft published remediations for 130 security flaws in the July 2023 Patch Tuesday release, including eight RCE vulnerabilities. Moving into the August disclosure, leading attack vectors continue to be those of RCE and privilege escalation (accounting for a combined 47.1% of patched vulnerabilities). Further, information disclosure, DoS and spoofing vulnerabilities cases continues to account for a similar proportion of reported security flaws, compared to July 2023.

Threat Group

No attribution to specific threat actors or groups has been identified at the time of writing.

Mitre Methodologies

Tactics:

TA0002 – Execution

TA0004 – Privilege Escalation

Further Information

Microsoft August 2023 Patch Tuesday Security Update

An Intelligence Terminology Yardstick to showing the likelihood of events