August Patch Tuesday stops actively exploited attack chain and more
August’s Patch Tuesday is a lot quieter than it was last month, when Microsoft patched a whopping 130 vulnerabilities. That number went down to 87 this month but it does include two actively exploited vulnerabilities.
Let’s start by looking at those two:
CVE-2023-38180 (CVSS score 7.5 out of 10): a .NET and Visual Studio Denial of Service (DoS) vulnerability. Although there is a Proof of Concept (PoC) available to exploit this vulnerability, Microsoft notes that the code or technique is not functional in all situations and may require substantial modification by a skilled attacker, probably because the attacker would need to be on the same network as the target system.
CVE-2023-36884 (CVSS score 7.5 out of 10): a Windows Search Remote Code Execution (RCE) vulnerability. We discussed it last month in detail when Microsoft offered mitigation advice. The CVSS score and scope of the vulnerability have been changed since then. Microsoft has issued a security advisory about this and recommends installing the Office updates it discusses, as well as installing the Windows updates from August 2023..
Other vulnerabilities that deserve some attention are six vulnerabilities in Microsoft Exchange Server including:
CVE-2023-21709 (CVSS score 9.8 out of 10): a Microsoft Exchange Server Elevation of Privilege (EoP) vulnerability which could allow an attacker to login as another user. In the FAQ about the vulnerability Microsoft says that additional steps are needed to protect against this vulnerability.
In addition to installing the updates a script must be run. Alternatively you can accomplish the same by running commands from the command line in a PowerShell window or some other terminal.
Follow these steps:
(Strongly recommended) Install Exchange Server 2016 or 2019 August SU (or later)
Do one of the following:
Apply the solution for the CVE automatically on your servers, run the CVE-2023-21709.ps1 script. You can find the script and the documentation here: https://aka.ms/CVE-2023-21709ScriptDoc.
or
Apply the solution for the CVE manually on each server, by running the following command from an elevated PowerShell window:
Clear-WebConfiguration -Filter "/system.webServer/globalModules/add[@name='TokenCacheModule']" -PSPath "IIS:\"
To roll-back the solution for the CVE manually on each server, run the following:
New-WebGlobalModule -Name "TokenCacheModule" -Image "%windir%\System32\inetsrv\cachtokn.dll"
Although Microsoft recommends installing the security updates as soon as possible, running the script or the commands on a supported version of Exchange Server prior to installing the updates will address this vulnerability.
Other vendors
Other vendors have synchronized their periodic updates with Microsoft. Here are few major ones that you may find in your environment.
Adobe has issued a critical security update for Acrobat and Reader.
Android’s August updates were released by Google.
Cisco released security updates for Cisco Secure Web Appliance and Cisco AnyConnect.
Fortinet has released a security update to address a vulnerability (CVE-2023-29182).
Ivanti has patched a second zero-day vulnerability (CVE-2023-35081).
SAP has released its August 2023 Patch Day updates.
We don’t just report on vulnerabilities—we identify them, and prioritize action.
Cybersecurity risks should never spread beyond a headline. Keep vulnerabilities in tow by using Malwarebytes Vulnerability and Patch Management.