overview

This week, Microsoft patched six vulnerabilities tracked as CVE-2023-36025, CVE-2023-36033, CVE-2023-36036, CVE-2023-36038, CVE-2023-36052, and CVE-2023-36413. Microsoft addressed a total of 63 security bugs but the previously mentioned are the most significant.  

The Vulnerabilities:

  • CVE-2023-36036 (CVSS score: 7.8): Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability. Attackers can obtain system-level privileges. This vulnerability has a PoC and is being exploited in the wild.  
  • CVE-2023-36033 (CVSS score: 7.8): Windows DWM Core Library Elevation of Privilege Vulnerability. This vulnerability allows local attackers to access system-level privileges with ease. This vulnerability has a PoC and is being exploited in the wild.  
  • CVE-2023-36025 (CVSS score: 8.8): Windows SmartScreen Security Feature Bypass Vulnerability. Attackers can bypass Windows Defender SmartScreen checks. This vulnerability is being exploited in the wild.  
  • CVE-2023-36038 (CVSS score: 8.2): ASP.NET Core Denial of Service Vulnerability. This vulnerability has not been exploited in the wild yet.  
  • CVE-2023-36413 (CVSS score: 6.5): Microsoft Office Security Feature Bypass Vulnerability. This vulnerability has not been exploited in the wild yet.  

Microsoft states that CVE-2023-36052, an information disclosure flaw in an Azure component, is critical and should be prioritized for patching. If the vulnerability is successfully exploited, an attacker can retrieve plain-text passwords and usernames from log files generated by the impacted CLI commands and disclosed through Azure DevOps and/or GitHub Actions. So far, the vulnerability has not been exploited in the wild. Please note that other vendors have also released security updates to address vulnerabilities. Ensure that your entire software ecosystem is up-to-date.  

Vendors with Security Updates:

Adobe 

AMD (including CacheWarp) 

Android 

Apache Projects 

Apple 

Aruba Networks 

Arm 

ASUS 

Atlassian 

Cisco 

CODESYS 

Dell 

Drupal 

F5 

Fortinet 

GitLab 

Google Chrome 

Hitachi Energy 

HP 

IBM 

Intel (including Reptar) 

Jenkins 

Juniper Networks 

Lenovo 

Linux distributions: Debian, Oracle Linux, Red Hat, SUSE, and Ubuntu 

MediaTek 

Mitsubishi Electric 

NETGEAR 

NVIDIA 

Palo Alto Networks 

Qualcomm 

Samsung 

SAP 

Schneider Electric 

Siemens 

SolarWinds 

SonicWall 

SysAid 

Trend Micro 

Veeam 

Veritas 

VMware 

WordPress 

Zimbra 

Zyxel 

 

 

avertium's recommendationS

Avertium recommends following Microsoft’s patch guidance within the following links for CVE-2023-36025, CVE-2023-36033, CVE-2023-36036, CVE-2023-36038, CVE-2023-36052, and CVE-2023-36413 

 

 

INDICATORS OF COMPROMISE (IoCs)

Domain 

  • asp[.]net 

Avertium remains vigilant in locating IoCs for our customers. Should any more be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.   

 

 

How Avertium is Protecting Our CUSTOMERS

  •  Fusion MXDR for Microsoft combines Avertium's Fusion MXDR approach with Microsoft Security Solutions, creating the first MDR offering that integrates all aspects of security operations into an active and threat-informed XDR solution. Leveraging Microsoft's comprehensive and cost-effective technology, Fusion MXDR for Microsoft delivers a release of cyber energy, encompassing implementation, optimization, ongoing management, and tuning. 
  • Avertium offers Vulnerability Management (VM) to provide a deeper understanding and control over organizational information security risks.  If your enterprise is facing challenges with the scope, resources, or skills required to implement a vulnerability management program with your team, outsourced solutions can help you bridge the gap.  
  • Note: We highly value your feedback. Kindly spare a moment to complete our feedback form, allowing us to enhance our services for our valued customers. 


 

 

SUPPORTING DOCUMENTATION

Microsoft Zero-Days Allow Defender Bypass, Privilege Escalation (darkreading.com) 

Alert: Microsoft Releases Patch Updates for 5 New Zero-Day Vulnerabilities (thehackernews.com) 

CVE-2023-36025 - Security Update Guide - Microsoft - Windows SmartScreen Security Feature Bypass Vulnerability 

CVE-2023-36033 - Security Update Guide - Microsoft - Windows DWM Core Library Elevation of Privilege Vulnerability 

CVE-2023-36036 - Security Update Guide - Microsoft - Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability 

CVE-2023-36038 - Security Update Guide - Microsoft - ASP.NET Core Denial of Service Vulnerability 

CVE-2023-36413 - Security Update Guide - Microsoft - Microsoft Office Security Feature Bypass Vulnerability 

CVE-2023-36052 - Security Update Guide - Microsoft - Azure CLI REST Command Information Disclosure Vulnerability 

 
Chat With One of Our Experts



Zero-Day Vulnerability Flash Notice Microsoft Vulnerability Microsoft Zero-Day Blog