On August 8th, 2023, Microsoft published their August 2023 Security Update with patches for 74 vulnerabilities and 2 advisories. Among these vulnerabilities and advisories, Arctic Wolf has highlighted 3 in this bulletin that were categorized as critical and 1 being actively exploited in the wild.???
Impacted Product #1: Microsoft Office?
| Microsoft Word 2013 Service Pack 1, Microsoft Word 2013 RT Service Pack 1, Microsoft Word 2016? |
| Microsoft Visio 2013 Service Pack 1, Microsoft Visio 2016? |
| Microsoft Publisher 2013 Service Pack 1, Microsoft Publisher 2013 Service Pack 1 RT, Microsoft Publisher 2016? |
| Microsoft Project 2013 Service Pack 1, Microsoft Project 2016? |
| Microsoft PowerPoint 2013 Service Pack 1, Microsoft PowerPoint 2013 RT Service Pack 1, Microsoft PowerPoint 2016? |
| Microsoft Office 2013 Service Pack 1, Microsoft Office 2013 RT Service Pack 1, Microsoft Office 2016, Microsoft Office 2019, Microsoft Office LTSC 2021? |
| Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016? |
| Microsoft 365 Apps for Enterprise? |
Advisory Regarding Microsoft Office:?
| ? | Moderate Severity? | Actively Exploited? |
|
Microsoft Office Defense in Depth Update – This update is related to CVE-2023-36884, Windows Search security feature bypass vulnerability, which was issued in Microsoft¡¯s July 2023 Patch Tuesday. Installing this update stops the attack chain leading up to this CVE.?
|
||
Impacted Product #2: Windows?
| Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, Windows Server 2022? |
| Windows 10, Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 Version 21H2, Windows 11 Version 22H2? |
Vulnerabilities Impacting Windows:??
| , ? | CVSS: 9.8 – Critical? | Not actively exploited? |
| Microsoft Message Queuing Remote Code Execution Vulnerability – An unauthenticated threat actor could successfully exploit this vulnerability and achieve remote code execution on a target server.? | ||
| ? | CVSS: 9.8 – Critical? | Not actively exploited? |
| Microsoft Message Queuing Remote Code Execution Vulnerability – A threat actor could successfully exploit this vulnerability and achieve remote code execution on the server side by sending a specially crafted malicious Message Queuing Service (MSMQ) packet to a MSMQ server.? | ||
Recommendations?
Recommendation #1: Apply Security Updates to Impacted Products?
Arctic Wolf strongly recommends applying the available security updates to all impacted products to prevent potential exploitation. Regarding the actively exploited CVE-2023-36884, Microsoft recommends installing the Office updates discussed in as well as installing the Windows updates from August 2023.?
Note: Arctic Wolf recommends following change management best practices for deploying security patches, including testing changes in a dev environment before deploying to production to avoid operational impact.?
| Product? | Vulnerability? | Update? |
| Windows Server 2012 R2? | CVE-2023-35385, CVE-2023-36910, CVE-2023-36911? |
Monthly Rollup: ? Security Only: ? |
| Windows Server 2012? | CVE-2023-35385, CVE-2023-36910, CVE-2023-36911? |
Monthly Rollup: ? Security Only: ? |
| Windows Server 2008 R2 Service Pack 1? | CVE-2023-35385, CVE-2023-36910, CVE-2023-36911? |
Monthly Rollup: ? Security Only: ? |
| Windows Server 2008 Service Pack 2? | CVE-2023-35385, CVE-2023-36910, CVE-2023-36911? |
Monthly Rollup: ? Security Only: ? |
| Windows Server 2016 & Windows 10 Version 1607? | CVE-2023-35385, CVE-2023-36910, CVE-2023-36911? | Security Update: ? |
| Windows 10? | CVE-2023-35385, CVE-2023-36910, CVE-2023-36911? | Security Update: ? |
| Windows 10 Version 22H2 & Windows 10 Version 21H2? | CVE-2023-35385, CVE-2023-36910, CVE-2023-36911? | Security Update: ? |
| Windows 11 Version 22H2? | CVE-2023-35385, CVE-2023-36910, CVE-2023-36911? | Security Update: ? |
| Windows 11 Version 21H2? | CVE-2023-35385, CVE-2023-36910, CVE-2023-36911? | Security Update: ? |
| Windows Server 2022? | CVE-2023-35385, CVE-2023-36910, CVE-2023-36911? | Security Update: Hotpatch Update: ? |
| Windows Server 2019 & Windows 10 Version 1809? | CVE-2023-35385, CVE-2023-36910, CVE-2023-36911? | Security Update: ? |
| Microsoft Word 2013 Service Pack 1? | ADV230003? | Security Update: ? |
| Microsoft Publisher 2013 Service Pack 1? | ADV230003? | Security Update: ? |
| Microsoft Office 2013 Service Pack 1? | ADV230003? | Security Update: ? |
| Microsoft Excel 2013 Service Pack 1? | ADV230003? | Security Update: ? |
| Microsoft Project 2016? | ADV230003? | Security Update: ? |
| Microsoft Publisher 2016? | ADV230003? | Security Update: ? |
| Microsoft Word 2016? | ADV230003? | Security Update: ? |
| Microsoft Visio 2016? | ADV230003? | Security Update: ? |
| Microsoft PowerPoint 2016? | ADV230003? | Security Update: ? |
| Microsoft Office 2016? | ADV230003? | Security Update: ? |
| Microsoft Excel 2016? | ADV230003? | Security Update: ? |
| Microsoft Visio 2013 Service Pack 1? | ADV230003? | Security Update: ? |
| Microsoft PowerPoint 2013 Service Pack 1? | ADV230003? | Security Update: ? |
| Microsoft Office LTSC 2021, Microsoft 365 Apps for Enterprise, Microsoft Office 2019? | ADV230003? | Security Update: ? |
| Microsoft Project 2013 Service Pack 1? | ADV230003? | Security Update: ? |
Recommendation #2: Disable Message Queuing Service (MSMQ) if not Required?
To be vulnerable, CVE-2023-35385, CVE-2023-36911 and CVE-2023-36910 all require Message Queuing (MSMQ) service to be enabled. Consider disabling MSMQ if the service is not required in your environment to prevent exploitation.?
Note: You can check by looking for a service running named ¡°Message Queuing¡± and for TCP port 1801 listening on the system.?
If disabling MSMQ is not feasible, consider blocking inbound connections to TCP port 1801 from suspicious sources.?
References?
- Microsoft Vulnerability Advisories:?
?
