System administrators breathed a sigh of relief yesterday when Microsoft issued a relatively light round of patch updates, no zero-day vulnerabilities, and only six critical CVEs on the list.
However, there was still some work to be done. Among his 78 CVEs that have been addressed is a critical SharePoint privilege escalation bug (CVE-2023-29357), which Adam Barnett, lead software engineer at Rapid7, said that the organization is aware of this. should be prioritized.
“Microsoft is not aware of any public or field exploitation, but we believe that exploitation is likely,” he added.
“At the time of this writing, the FAQ provided with Microsoft’s advisory indicates that both SharePoint Enterprise Server 2016 and SharePoint Server 2019 are vulnerable, but the advisory also states that the SharePoint 2016 release The history also does not list any relevant patches for SharePoint 2016. No doubt the people responsible for SharePoint 2016 would like to follow up on this issue as a matter of urgency.”
There may be multiple patches listed for a particular SharePoint version. If so, Burnett said, you’ll need to install them all to fix the flaw.
See Patch Tuesday for more details: Microsoft fixes zero-day bug in this Patch Tuesday.
It also lists three critical remote code execution (RCE) vulnerabilities for Windows Pragmatic General Multicast (PGM). This is the third Tuesday patch in a row to feature at least one critical RCE bug in PGM. These are CVE-2023-32015, CVE-2023-32014, and CVE-2023-29363.
Mike Walters, vice president of vulnerability and threat research at Action1, explained that the Windows PGM protocol is commonly used in video streaming and online gaming applications.
“These vulnerabilities have a high CVSS rating of 9.8 and pose a serious risk. They can be exploited over the network without requiring privileges or user interaction. Affected systems include Windows Server All versions from 2008 onwards and Windows 10 onwards,” he warned.
“If the Windows Message Queuing service is running in a PGM Server environment, an attacker could send a specially crafted file to cause remote code execution. To mitigate this vulnerability, use Message Queuing Please check if the service is running on TCP port 1801 and consider disabling it if it is not needed, but be careful as it may affect the functionality of your system.”
Editorial image credit: monticello / Shutterstock.com
