Windows Security

In the latest Patch Tuesday release from Microsoft, the tech giant has rolled out vital updates, fortifying a total of 67 vulnerabilities. This comprehensive security overhaul addresses actively exploited zero-days, critical flaws, and publicly disclosed vulnerabilities, urging swift action from administrators to bolster system defenses. This month’s update takes a focused approach to three actively exploited Windows zero-days, underscoring the necessity for immediate deployment. Let’s delve into the specifics of these vulnerabilities.

Actively Exploited Windows Zero-Days

• CVE-2023-36033 (CVSS 7.8): Desktop Window Manager Core Library Elevation of Privilege
  • Impact: Allows attackers to gain SYSTEM privileges without user interaction.
  • Affected Systems: Windows 10, Windows 11, Windows Server 2016, and newer.
    
• CVE-2023-36036 (CVSS 7.8): Cloud Files Mini Filter Driver Elevation of Privilege
  • Impact: Enables attackers to gain SYSTEM privileges without user interaction.
  • Affected Systems: Windows Server 2008 and later, including the latest Windows desktop and server versions.
    
• CVE-2023-36025 (CVSS 8.8): SmartScreen Security Feature Bypass
  • Impact: Allows attackers to bypass Windows Defender SmartScreen checks by convincing users to click on a crafted URL.
  • Affected Systems: All Windows OS versions dating back to Server 2008.
    
    

Publicly Disclosed Vulnerabilities

• CVE-2023-36038 (CVSS 8.2): ASP.NET Core Denial of Service
  • Impact: Could lead to a service disruption.
  • Affected Systems: .NET 8.0, Microsoft Visual Studio 2022, and ASP.NET Core 8.0.
    
• CVE-2023-36413 (CVSS 6.5): Microsoft Office Security Feature Bypass
  • Impact: Exploitation more likely; requires user interaction for successful exploitation.

Exchange Server Fixes and Additional Updates

• Microsoft has addressed four vulnerabilities in Exchange Server, including three spoofing issues and a critical remote-code execution flaw (CVE-2023-36439). Administrators are advised to update Exchange instances promptly due to the platform’s susceptibility to sophisticated attacks.

Curl Vulnerabilities Resolved

• Addressing vulnerabilities in the open-source Curl tool, Microsoft distributed Curl version 8.4.0 to fix issues related to SOCKS5 heap buffer overflow (CVE-2023-38545) and HTTP headers consuming excessive memory (CVE-2023-38039).

Immediate Action Required

The severity of these vulnerabilities demand quick actions from administrators and organizations. Several steps can be taken to mitigate the risks associated with these vulnerabilities:

1. Patch Systems: The most effective way to safeguard these vulnerabilities is to apply the Microsoft patches promptly.
2. Conduct Vulnerability Scanning: Proactively identify and assess security weaknesses, like these vulnerabilities and more, in your systems, networks, and applications, allowing you to address these vulnerabilities before cybercriminals can exploit them.
3. Routine Security Assessments: Routine security assessments, such as external and internal penetration testing, are crucial to identify vulnerabilities and weaknesses in an organization’s network and systems.  
4. Inventory Assessment: Organizations should conduct a detailed inventory of all their enterprise assets. This can help identify vulnerable systems that require immediate attention.
5. Log Collection and Correlation: By analyzing logs from various sources and identifying patterns or anomalies, you can respond to threats, mitigate risks, and improve overall security posture.
6. Validate Incident Response Capabilities: Conduct tabletop exercises to simulate real-world scenarios, evaluate their preparedness, and refine response plans. Updating or creating an incident response policy and having an incident response team on retainer ensures a structured and efficient response to security incidents, reducing potential damage and minimizing downtime in the event of a breach.

Microsoft’s November Patch Tuesday is a critical update, emphasizing the ongoing threats faced by Windows systems. Administrators are strongly encouraged to prioritize these patches to protect their systems against potential exploits and enhance overall cybersecurity.