September’s Patch Tuesday Unleashes 61 CVEs [But Your TCP/IP Remediation Worklet is Ready Already]

September’s here. Though it's not quite Fall, pumpkin spice lattes are on everyone’s minds and so is Patch Tuesday. 

This month's Patch Tuesday includes 61 vulnerabilities, with 5 of them being classified as critical, and one as currently exploited. Today, we’ll focus on vulnerabilities patched by Microsoft.

At the top of the list of vulnerabilities to pay attention to is the TCP/IP Denial of Service Vulnerability, which allows for attackers to create DoS attacks if Router Discovery is enabled on their IPv6 interfaces.

Next up, administrators for development companies may want to pay special attention to the vulnerabilities around remote code execution in Visual Studio. 

Finally, with the rising number of attacks aimed at Kubernetes clusters, administrators of cloud-based environments should pay special focus to the Azure Kubernetes Service Elevation of Privilege Vulnerability. 

Continue reading to discover the other patches that may need your attention this month.

Windows TCP/IP Denial of Service Vulnerability – [Important]

This vulnerability, tagged with a base score of 7.5/10, is a concern for all networked systems. This Denial of Service vulnerability allows an attacker via a network vector to disrupt the service without any user authentication or high complexity. However, systems with disabled IPv6 are not affected.

"This vulnerability represents a significant threat, but our swift response with a dedicated Worklet ensures our customers can secure their systems effectively before applying the patch," said Automox CISO Jason Kikta

Denial of Service (DoS) vulnerabilities pose a serious threat to business operations. These weaknesses can be exploited to disrupt services and cause them to become unavailable to users.

-Jason Kikta, CISO

Our team of experts at Automox has created a Worklet to help you with mitigation before applying the patch.

Microsoft Word Information Disclosure Vulnerability [Important]

Rated at a base score of 6.2/10, this vulnerability poses a risk of exposing NTLM hashes – essentially, cryptographic representations of user or device credentials. This vulnerability is currently being exploited in the wild.

Exposed NTLM hashes pose significant risks, as they are essentially digital keys to a user's credentials. If a malicious actor gains access to these hashes, they can potentially impersonate the user, gaining unauthorized access to sensitive data and systems. They could also conduct pass-the-hash attacks, where the attacker uses the hashed version of a password to authenticate themselves without needing to decrypt it. 

This sort of breach can lead to compromises in data integrity and security, opening the door for further exploits and even causing a cascading effect of system vulnerabilities. It's paramount that systems are patched promptly to protect against such threats. -Tom Bowyer, Manager, Product Security

This Patch Tuesday identified vulnerabilities linked to Visual Studio, each presenting remote code execution risks. CVE-2023-36796, CVE-2023-36794, CVE-2023-36792, and CVE-2023-36793 all have a base score of 7.8/10 and require user interaction for exploitation. All are listed as critical vulnerabilities except for CVE-2023-36794 which is rated as Important. CVE-2023-36742 has a lower base score of 6.5/10, with a similar requirement for user interaction.

Four other Visual Studio vulnerabilities were released with attack vectors specified around denial of service (CVE-2023-36799 and CVE-2023-36742), and elevation of privileges (CVE-2023-36758 and CVE-2023-36759).

“Given Visual Studio's widespread usage among developers, the impact of such vulnerabilities could have a domino effect, spreading harm well beyond the initially compromised system. Therefore, it's crucial to apply patches promptly ensuring your development environment remains safe,” said Tom Bowyer, Automox Manager, Product Security

Remote code execution and elevation of privilege vulnerabilities in Visual Studio pose a real and substantial danger. This type of vulnerability can give an attacker the ability to run malicious code on your system, potentially gaining full control over the affected environment. 

In the worst-case scenario, this could mean the theft or corruption of proprietary source code, the introduction of backdoors, or malicious tampering that could turn your application into a launchpad for attacks on others. -Tom Bowyer, Manager, Product Security

Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability [Critical]

This vulnerability, with a base score of 7.5/10, could allow an attacker to gain Cluster Administrator privileges. The attack vector is the network, and the complexity is low, meaning no significant prior knowledge or user interaction is required for an attack.

The Azure Kubernetes Service vulnerability is a wake-up call for the cloud-native community and reaffirms the necessity of securing our Kubernetes environments. The fact that an attacker could potentially gain Cluster Administrator privileges with low complexity is a staggering security concern.

Ensuring that Kubernetes clusters are isolated, tightly controlled, and continuously monitored is fundamental to a secure cloud-native infrastructure. - Jason Kikta, CISO

Remember, in this fast-paced digital world, cybersecurity is not a one-off task, but an ongoing process of vigilance and adaptation. Hopefully, you read the How to Get Home on Time Every Patch Tuesday blog, but if not, it's never too early to start preparing for next month!

And remember, as you navigate the challenges of Patch Tuesday, the importance of a rapid response cannot be understated. Check out the Automox verified Worklets catalog to mitigate these vulnerabilities and stay tuned for our next update. Remember – patch regularly, patch often.