Sign up for the Patch Tuesday webinar series:
September 2023 Patch Tuesday has a lot of activity. The theme this month: “Everyone has a zero-day release!”
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
Chris Goettl hosts Patch Tuesdays and is the Vice President of Product Management for security products at Ivanti. Chris has over 15 years of experience working in IT, where he supports and implements security solutions for Ivanti customers and guides the security strategy and vision for Ivanti security products.
Microsoft has resolved 63 total vulnerabilities including two exploited zero-days (CVE-2023-36761 and CVE-2023-36802). Google Chrome resolved one zero-day vulnerability (CVE-2023-4863) on September 11, which is also included in the Microsoft Edge Chromium release. Adobe resolved a zero-day vulnerability in Acrobat and Reader (APSB23-34 CVE-2023-26369) on September 12. Apple resolved two zero-days on September 7 (CVE-2023-41064 and CVE-2023-41061). There aren’t any recent zero-day vulnerabilities on the Linux side, but there are three recent vulnerabilities that are affecting some core capabilities in the Linux Kernel that warrant some attention.
Microsoft updates
Microsoft has resolved a total of 63 vulnerabilities this month, including two exploited vulnerabilities. The zero-day vulnerabilities are in Word (CVE-2023-36761) and the Windows OS (CVE-2023-36802). Microsoft Edge (Chromium) should be releasing shortly and will include a fix for the Chrome zero-day CVE-2023-4863.
Microsoft has resolved an Information Disclosure vulnerability in Word (CVE-2023-36761) that has been exploited in the wild. The vulnerability is only rated as Important by Microsoft and has a CVSSv3.1 score of 6.2, but the confirmed exploitation should raise this on your priority list. The Preview Pane can also be used as an attack vector, making it easier to target users to exploit the vulnerability. If exploited, the attacker could gain access to NTLM hashes.
Microsoft has resolved an Elevation of Privilege vulnerability in the Microsoft Streaming Service Proxy (CVE-2023-36802). The vulnerability is only rated as Important by Microsoft and has a CVSSv3.1 score of 7.8, but the confirmed exploitation should raise this on your priority list. If exploited the attacker could gain SYSTEM privileges on the target system.
Third-party update
Google has resolved a Critical heap buffer overflow vulnerability in the Chrome browser (CVE-2023-4863). Google is aware that an exploit for CVE-2023-4863 exists in the wild. Windows instances should update to 116.0.5845.187/.188 and for MacOS and Linux 116.0.5845.187.
Adobe Acrobat and Reader released APSB23-34, resolving one critical vulnerability (CVE-2023-26369) that is confirmed to be exploited in the wild. The vulnerability is an out-of-bounds write vulnerability that could allow an attacker to execute arbitrary code.
Mozilla has released updates for Firefox and Firefox ESR. No zero-days, just a decent lineup of CVEs resolved.
Linux update
There are three CVEs of note on the Linux platforms:
CVE-2023-3111 is a use after free vulnerability in btrfs in the Linux Kernel affecting all versions of Linux. A use after free vulnerability could allow an attacker to leak data from memory, overwrite critical information, execute arbitrary code and bypass Address Space Layout Randomization (ASLR).
CVE-2023-3390 is a vulnerability in the Linux Kernel’s nftables API in the netfilter subsystem that could allow privilege escalation. The vulnerability affects Debian and Ubuntu.
CVE-2023-35001 is an out of bounds readwrite vulnerability in nftables. These types of vulnerabilities can cause a crash, data corruption, code execution, or allow attackers to read sensitive information from other memory locations.
The changes affect two commonly used components in the Linux Kernel. These components are also used by a variety of solutions from Firewalls to SANs and could affect foundational capabilities.
Btrfs is the filesystem utilized by most Enterprise Linux distributions (Ubuntu, Debian, Redhat, etc.).
Nftables is used by any modern firewall solution. Regardless of distribution, it will either be built in through the system itself or third-party applications it will use. The component provides high-performance packet inspection and routing.
None of the vulnerabilities are currently exploited so there is time, but you should take advantage to ensure you are testing the changes across your environment adequately…
[ad_2]
source
