Flash Notice: Microsoft Patches High-Severity and Critical Vulnerabilities

overview

This week, Microsoft released security updates for several vulnerabilities, honing in on four in particular. CVE-2023-29357, CVE-2023-32014, and CVE-2023-32015 are three vulnerabilities found in Windows Pragmatic General Multicast (PGM), which is used to deliver packets between multiple network members. All the vulnerabilities have a CVSS score of 9.8/10.  

Unauthenticated attackers can exploit CVE-2023-29357, CVE-2023-32014, and CVE-2023-32015 by remotely executing code on an affected system. Although the flaws have not been exploited, Windows network administrators should keep an eye on them since they don’t have a patch yet.  

According to Microsoft, all three vulnerabilities have a low attack complexity. In a PGM Server environment running a Windows message queuing service, an attacker could exploit the vulnerabilities and achieve remote code execution by sending a specifically crafted file over the network and attempting to trigger malicious code. 

Additionally, Microsoft has addressed a critical vulnerability (CVE-2023-29357) discovered in Microsoft SharePoint Server. This bug, with a CVSS score of 9.8, can be exploited by an unauthenticated remote attacker who is on the same network. If successfully exploited, the attacker could gain administrative privileges on an internal SharePoint server. Please see the recommendations below for mitigations and patch guidance.  

avertium's recommendationS

• For further details and for patch guidance for CVE-2023-29357, CVE-2023-32014, and CVE-2023-32015, please see the following links:  
  • CVE-2023-29357 
  • CVE-2023-32014 
  • CVE-2023-32015 
• To mitigate CVE-2023-29357, CVE-2023-32014, and CVE-2023-32015, Microsoft recommends the following: 
  • The Windows message queuing service, which is a Windows component, needs to be enabled for a system to be exploitable by this vulnerability. This feature can be added via the Control Panel. 
  • You can check to see if there is a service running named Message Queuing and TCP port 1801 is listening on the machine. 
• For further details regarding mitigation and patch guidance for CVE-2023-29357, please see the following link:  
  • CVE-2023-29357 

INDICATORS OF COMPROMISE (IoCs)

How Avertium is Protecting Our CUSTOMERS

• Expanding endpoints, cloud computing environments, and accelerated digital transformation have decimated the perimeter in an ever-expanding attack surface. Avertium offers Attack Surface Management, so you’ll have no more blind spots, weak links, or fire drills. 
• Fusion MXDR is the first MDR offering that fuse together all aspects of security operations into a living, breathing, threat-resistant XDR solution. By fusing insights from threat intelligence, security assessments, and vulnerability management into our MDR approach, Fusion MXDR offers a more informed, robust, and cost-effective approach to cybersecurity – one that is greater than the sum of its parts. 

SUPPORTING DOCUMENTATION