I can’t think of a better way to prep for the first day of summer than patching exploits. </sarcasm> Apparently Microsoft is very aware that we have better places to be, so they came out with a relatively light month of exploits closed. Let's look at that raw data.
Total exploits patched: 74
Critical patches: 5
Already known or exploited: 0
No already known exploits closed? That’s a relief. And since my Slip and Slide is almost set up, there’s no time for nonsense. ON TO THE LOWLIGHTS!
Some highlights (or lowlights)
CVE-2023-29357: This 9.8 is an Elevation of Privilege vulnerability for SharePoint Server. The attacker needs no privileges or user interactions. If the attacker can spoof a JSON web token, they can elevate to full admin rights. But if you have AMSI integration and use Windows Defender, you are not at risk.
CVE-2023-29363: PGM has returned with a new 9.8 critical exploit! The streak now stands at two in a row. This has all the same indicators as last month’s. No privileges or users are required, and it’s achieved by sending a specific type of file that can execute malicious code. If you’re wondering whether you’re at risk with this one, you can check if the Message Queue service is running and listening on TCP port 1801. If so, you are less at risk — but either way, if you are running PGM, please patch ASAP!
CVE-2023-24897: This is a critical exploit with a score of 7.8 impacting .net and Visual Studio. It is an Arbitrary Code Execution that has a local attack vector — which means the attack is on your network, or the attacker convinced someone to execute the code through social engineering. Any exploit that is vulnerable to end users clicking a bad link is real bad. So hopefully they passed all their security trainings… but just in case, you should patch this one very soon.
It’s been some time since we’ve had a month without some already known exploit being closed. I, for one, feel very safe knowing that attackers are getting through with unknown means over previously published exploits…
But at least I have all my patching automated with PDQ Deploy & Inventory. And with patching out of the way, I have more time in my day to be all kinds of creative. For example, the other day I folded a pizza in half and called it a taco. Great ideas like this don’t come around unless you make time for them. Sign up for a free trial of PDQ Deploy & Inventory to automate your patching and get more time back in your day for your own brilliant ideas. And with that, I’ll see you for next month’s Patch Tuesday report.