October 2023 Microsoft Patch Tuesday Summary, (Tue, Oct 10th)

October 2023 Microsoft Patch Tuesday Summary, (Tue, Oct 10th)
2023-10-11 02:3:47 Author: isc.sans.edu(查看原文) 阅读量:9 收藏

For October, Microsoft released patches for 105 different vulnerabilities. This count includes one Chromium vulnerability that was patched earlier this month.

There are a total of three already exploited vulnerabilities:

CVE-2023-44487 HTTP/2 Rapid Reset Attack: This vulnerability was disclosed by Cloudflare in a blog post earlier today [1]. Cloudflare started to see these attacks late in August. This issue led to unprecedented DoS attacks. An attacker will set an HTTP/2 stream and immediately "cancel" it with a reset stream. This avoids limits on the number of streams accepted and can lead to CPU exhaustion on the server attempting to clean up the canceled streams. This is not a TCP RST but an application layer (HTTP/2) feature. On the other hand, it does look a bit like a SYN flood attack, maybe? HTTP/2 often appears to re-implement some of the features found in TCP, so it is no surprise to see similar vulnerabilities.

CVE-2023-36563 Wordpad Information Disclosure: Yet another problem with linked resources that may cause the client (Wordpad in this case) to initiate an SMB connection and in the process, automatically pass along weakly hashed credentials. See this blog post for details: https://support.microsoft.com/en-us/topic/kb5032314-how-to-manage-the-ole-object-conversion-vulnerability-in-wordpad-associated-with-cve-2023-36563-98d95ae9-2f9e-4f65-9231-46363c31cf07

CVE-2023-41763: Skype for Business elevation of privileges. This is a vulnerability in the Skype for Business server product. IP addresses and port numbers may be disclosed.

Noteworthy are the nine critical vulnerabilities in the Layer 2 Tunneling protocol and the vulnerabilities in the Microsoft Message Queue (one with a CVSS score of 9.8). These two components received numerous patches for the last couple of months.

Overall, I would rate this patch Tuesday as "average." There are no "outrageously important" vulnerabilities to patch.

Description
CVE	Disclosed	Exploited	Exploitability (old versions)	current version	Severity	CVSS Base (AVG)	CVSS Temporal (AVG)
Active Directory Domain Services Information Disclosure Vulnerability
CVE-2023-36722	No	No	-	-	Important	4.4	3.9
Active Template Library Denial of Service Vulnerability
CVE-2023-36585	No	No	-	-	Important	7.5	6.5
Azure DevOps Server Elevation of Privilege Vulnerability
CVE-2023-36561	No	No	-	-	Important	7.3	6.4
Azure HDInsight Apache Oozie Workflow Scheduler Elevation of Privilege Vulnerability
CVE-2023-36419	No	No	-	-	Important	8.8	7.7
Azure Identity SDK Remote Code Execution Vulnerability
CVE-2023-36415	No	No	-	-	Important	8.8	7.7
CVE-2023-36414	No	No	-	-	Important	8.8	7.8
Azure Network Watcher VM Agent Elevation of Privilege Vulnerability
CVE-2023-36737	No	No	-	-	Important	7.8	7.2
Azure RTOS GUIX Studio Remote Code Execution Vulnerability
CVE-2023-36418	No	No	-	-	Important	7.8	6.8
Chromium: CVE-2023-5346 Type Confusion in V8
CVE-2023-5346	No	No	-	-	-
DHCP Server Service Denial of Service Vulnerability
CVE-2023-36703	No	No	-	-	Important	7.5	6.5
Layer 2 Tunneling Protocol Remote Code Execution Vulnerability
CVE-2023-41765	No	No	-	-	Critical	8.1	7.1
CVE-2023-41767	No	No	-	-	Critical	8.1	7.1
CVE-2023-41768	No	No	-	-	Critical	8.1	7.1
CVE-2023-41769	No	No	-	-	Critical	8.1	7.1
CVE-2023-41770	No	No	-	-	Critical	8.1	7.1
CVE-2023-41771	No	No	-	-	Critical	8.1	7.1
CVE-2023-41773	No	No	-	-	Critical	8.1	7.1
CVE-2023-41774	No	No	-	-	Critical	8.1	7.1
CVE-2023-38166	No	No	-	-	Critical	8.1	7.1
MITRE: CVE-2023-44487 HTTP/2 Rapid Reset Attack
CVE-2023-44487	No	Yes	-	-	Important
Microsoft AllJoyn API Denial of Service Vulnerability
CVE-2023-36709	No	No	-	-	Important	7.5	6.5
Microsoft Common Data Model SDK Denial of Service Vulnerability
CVE-2023-36566	No	No	-	-	Important	6.5	5.7
Microsoft DirectMusic Remote Code Execution Vulnerability
CVE-2023-36702	No	No	-	-	Important	7.8	6.8
Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability
CVE-2023-36433	No	No	-	-	Important	6.5	5.7
CVE-2023-36429	No	No	-	-	Important	6.5	5.7
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2023-36416	No	No	-	-	Important	6.1	5.3
Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2023-36778	No	No	-	-	Important	8.0	7.0
Microsoft Message Queuing Denial of Service Vulnerability
CVE-2023-36606	No	No	-	-	Important	7.5	6.5
CVE-2023-36581	No	No	-	-	Important	7.5	6.5
CVE-2023-36579	No	No	-	-	Important	7.5	6.5
CVE-2023-36431	No	No	-	-	Important	7.5	6.5
Microsoft Message Queuing Remote Code Execution Vulnerability
CVE-2023-35349	No	No	-	-	Critical	9.8	8.5
CVE-2023-36697	No	No	-	-	Critical	6.8	5.9
CVE-2023-36593	No	No	-	-	Important	7.8	6.8
CVE-2023-36592	No	No	-	-	Important	7.3	6.4
CVE-2023-36591	No	No	-	-	Important	7.3	6.4
CVE-2023-36590	No	No	-	-	Important	7.3	6.4
CVE-2023-36589	No	No	-	-	Important	7.3	6.4
CVE-2023-36583	No	No	-	-	Important	7.3	6.4
CVE-2023-36582	No	No	-	-	Important	7.3	6.4
CVE-2023-36578	No	No	-	-	Important	7.3	6.4
CVE-2023-36575	No	No	-	-	Important	7.3	6.4
CVE-2023-36574	No	No	-	-	Important	7.3	6.4
CVE-2023-36573	No	No	-	-	Important	7.3	6.4
CVE-2023-36572	No	No	-	-	Important	7.3	6.4
CVE-2023-36571	No	No	-	-	Important	7.3	6.4
CVE-2023-36570	No	No	-	-	Important	7.3	6.4
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
CVE-2023-36730	No	No	-	-	Important	7.8	6.8
CVE-2023-36420	No	No	-	-	Important	7.3	6.4
CVE-2023-36785	No	No	-	-	Important	7.8	6.8
Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
CVE-2023-36568	No	No	-	-	Important	7.0	6.1
Microsoft Office Elevation of Privilege Vulnerability
CVE-2023-36569	No	No	-	-	Important	8.4	7.3
Microsoft Office Graphics Elevation of Privilege Vulnerability
CVE-2023-36565	No	No	-	-	Important	7.0	6.1
Microsoft QUIC Denial of Service Vulnerability
CVE-2023-38171	No	No	-	-	Important	7.5	6.5
CVE-2023-36435	No	No	-	-	Important	7.5	6.5
Microsoft Resilient File System (ReFS) Elevation of Privilege Vulnerability
CVE-2023-36701	No	No	-	-	Important	7.8	6.8
Microsoft SQL ODBC Driver Remote Code Execution Vulnerability
CVE-2023-36417	No	No	-	-	Important	7.8	6.8
Microsoft SQL Server Denial of Service Vulnerability
CVE-2023-36728	No	No	-	-	Important	5.5	4.8
Microsoft Virtual Trusted Platform Module Remote Code Execution Vulnerability
CVE-2023-36718	No	No	-	-	Critical	7.8	6.8
Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability
CVE-2023-36598	No	No	-	-	Important	7.8	6.8
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2023-36577	No	No	-	-	Important	8.8	7.7
Microsoft WordPad Information Disclosure Vulnerability
CVE-2023-36563	Yes	Yes	-	-	Important	6.5	5.9
Named Pipe File System Elevation of Privilege Vulnerability
CVE-2023-36729	No	No	-	-	Important	7.8	6.8
PrintHTML API Remote Code Execution Vulnerability
CVE-2023-36557	No	No	-	-	Important	7.8	6.8
Remote Procedure Call Information Disclosure Vulnerability
CVE-2023-36596	No	No	-	-	Important	6.5	5.7
Skype for Business Elevation of Privilege Vulnerability
CVE-2023-41763	Yes	Yes	-	-	Important	5.3	4.8
Skype for Business Remote Code Execution Vulnerability
CVE-2023-36789	No	No	-	-	Important	7.2	6.3
CVE-2023-36786	No	No	-	-	Important	7.2	6.3
CVE-2023-36780	No	No	-	-	Important	7.2	6.3
Win32k Elevation of Privilege Vulnerability
CVE-2023-41772	No	No	-	-	Important	7.8	6.8
CVE-2023-36732	No	No	-	-	Important	7.8	6.8
CVE-2023-36731	No	No	-	-	Important	7.8	6.8
CVE-2023-36776	No	No	-	-	Important	7.0	6.1
CVE-2023-36743	No	No	-	-	Important	7.8	6.8
Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability
CVE-2023-41766	No	No	-	-	Important	7.8	6.8
Windows Common Log File System Driver Information Disclosure Vulnerability
CVE-2023-36713	No	No	-	-	Important	5.5	4.8
Windows Container Manager Service Elevation of Privilege Vulnerability
CVE-2023-36723	No	No	-	-	Important	7.8	6.8
Windows Deployment Services Denial of Service Vulnerability
CVE-2023-36707	No	No	-	-	Important	6.5	5.7
Windows Deployment Services Information Disclosure Vulnerability
CVE-2023-36706	No	No	-	-	Important	6.5	5.7
CVE-2023-36567	No	No	-	-	Important	7.5	6.5
Windows Error Reporting Service Elevation of Privilege Vulnerability
CVE-2023-36721	No	No	-	-	Important	7.0	6.1
Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2023-36594	No	No	-	-	Important	7.8	6.8
CVE-2023-38159	No	No	-	-	Important	7.0	6.1
Windows IIS Server Elevation of Privilege Vulnerability
CVE-2023-36434	No	No	-	-	Important	9.8	8.5
Windows Internet Key Exchange (IKE) Extension Elevation of Privilege Vulnerability
CVE-2023-36726	No	No	-	-	Important	7.8	6.8
Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-36725	No	No	-	-	Important	7.8	6.8
CVE-2023-36712	No	No	-	-	Important	7.8	6.8
Windows Kernel Information Disclosure Vulnerability
CVE-2023-36576	No	No	-	-	Important	5.5	4.8
Windows Kernel Security Feature Bypass Vulnerability
CVE-2023-36698	No	No	-	-	Important	3.6	3.2
Windows MSHTML Platform Remote Code Execution Vulnerability
CVE-2023-36436	No	No	-	-	Important	7.8	6.8
Windows Mark of the Web Security Feature Bypass Vulnerability
CVE-2023-36584	No	No	-	-	Important	5.4	5.0
Windows Media Foundation Core Remote Code Execution Vulnerability
CVE-2023-36710	No	No	-	-	Important	7.8	6.8
Windows Mixed Reality Developer Tools Denial of Service Vulnerability
CVE-2023-36720	No	No	-	-	Important	7.5	6.5
Windows Named Pipe Filesystem Elevation of Privilege Vulnerability
CVE-2023-36605	No	No	-	-	Important	7.4	6.4
Windows Power Management Service Information Disclosure Vulnerability
CVE-2023-36724	No	No	-	-	Important	5.5	4.8
Windows RDP Encoder Mirror Driver Elevation of Privilege Vulnerability
CVE-2023-36790	No	No	-	-	Important	7.8	6.8
Windows Remote Desktop Gateway (RD Gateway) Information Disclosure Vulnerability
CVE-2023-29348	No	No	-	-	Important	6.5	5.7
Windows Runtime C++ Template Library Elevation of Privilege Vulnerability
CVE-2023-36711	No	No	-	-	Important	7.8	6.8
Windows Runtime Remote Code Execution Vulnerability
CVE-2023-36902	No	No	-	-	Important	7.0	6.1
Windows Search Security Feature Bypass Vulnerability
CVE-2023-36564	No	No	-	-	Important	6.5	5.7
Windows Setup Files Cleanup Remote Code Execution Vulnerability
CVE-2023-36704	No	No	-	-	Important	7.8	6.8
Windows TCP/IP Denial of Service Vulnerability
CVE-2023-36603	No	No	-	-	Important	7.5	6.5
CVE-2023-36602	No	No	-	-	Important	7.5	6.5
Windows TCP/IP Information Disclosure Vulnerability
CVE-2023-36438	No	No	-	-	Important	7.5	6.5
Windows Virtual Trusted Platform Module Denial of Service Vulnerability
CVE-2023-36717	No	No	-	-	Important	6.5	5.7

[1] https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/

---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|

文章来源: https://isc.sans.edu/diary/rss/30300
如有侵权请联系:admin#unsafe.sh