I can’t and won’t back this up with any sort of proof, but it’s impossible to have a bad month of patching the month after we have six already exploited patched. With the science of my unsubstantiated beliefs backing us up, let’s look at this extremely light month.
Total exploits patched: 76
Critical patches: 6
Already known or exploited: 2
Wow, that is a super nice month! But even a good month has its lowlights. Let’s take a look (if for no other reason than I do this every month). BEHOLD!
Some highlights (or lowlights)
CVE-2023-36910: This 9.8 CVSS is the latest in the long line of message queueing exploits. By my count, this is 5 consecutive months that we’ve had a 9.8 for this optional feature. Just like all the other times, it requires no user interaction or privileges. And just like all the other times, if you’re not using MMQR or you’re not listening on TCP 1801, you’re safe. If you took precautions on any of the other times, you’re already safe. Still patch.
CVE-2023-21709: This is something I rarely see: an exploit that’s rated as a 9.8 but is not listed as critical. While this exchange exploit does have a network attack vector, it’s a brute force attack to get user credentials. If you’re enforcing common password security, brute force is going to take some time to be effective. If you’re using Exchange 2016 or 2019, then you are going to want to patch soon. There’s also some PowerShell you can run as a workaround.
CVE-2023-36884: This last lowlight is only a 7.5, but it’s already exploited and known, so I figured we would take a look. It’s a bypass exploit for the Windows Search Security Feature. While it does have a network attack vector and requires no privileges, it can’t run without a target clicking on a bad link or opening an corrupted attachment. So while there is a risk, the security rating is a bit lower. That being said, the end user is probably your biggest vulnerability, so make patching this one a priority (especially since it’s already out in the wild).
Join me next month when I sprinkle in more nonscientific methods to break down what’s happening in the exciting, action-packed world of patching systems.
Want to end with some peace of mind? No matter how many exploits we see patched in a month, your automation will never change. I show up every month preaching my doom and gloom knowing that you all laugh at my negativity as your patching gets done automatically with PDQ Connect or PDQ Deploy & Inventory. See you next month as we repeat this process once again.