overview
This week, Microsoft released security updates for several vulnerabilities, honing in on four in particular. CVE-2023-29357, CVE-2023-32014, and CVE-2023-32015 are three vulnerabilities found in Windows Pragmatic General Multicast (PGM), which is used to deliver packets between multiple network members. All the vulnerabilities have a CVSS score of 9.8/10.
Unauthenticated attackers can exploit CVE-2023-29357, CVE-2023-32014, and CVE-2023-32015 by remotely executing code on an affected system. Although the flaws have not been exploited, Windows network administrators should keep an eye on them since they don’t have a patch yet.
According to Microsoft, all three vulnerabilities have a low attack complexity. In a PGM Server environment running a Windows message queuing service, an attacker could exploit the vulnerabilities and achieve remote code execution by sending a specifically crafted file over the network and attempting to trigger malicious code.
Additionally, Microsoft has addressed a critical vulnerability (CVE-2023-29357) discovered in Microsoft SharePoint Server. This bug, with a CVSS score of 9.8, can be exploited by an unauthenticated remote attacker who is on the same network. If successfully exploited, the attacker could gain administrative privileges on an internal SharePoint server. Please see the recommendations below for mitigations and patch guidance.
INDICATORS OF COMPROMISE (IoCs)
At this time, there are no known IoCs associated with CVE-2023-29357, CVE-2023-32014, CVE-2023-32015, and CVE-2023-29357. Avertium’s threat hunters remain vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.
SUPPORTING DOCUMENTATION