Microsoft vulnerabilities announced (3 vulns of note):
CVE-2023-21674 (actively exploited) -
CVE-2023-21549 (just publicly disclosed - at the moment) -
CVE-2023-21743 (Security feature bypass vuln)
CVE-2023-21674 - Windows ALPC (Advanced Local Procedure Call) - internal messaging protocol allowing Windows OS components to pass information among themselves.
NOT remotely available (i.e. through an API or WMI)
BUT vulnerability can allow for privilege escalation
nvd.nist.gov/v...
msrc.microsoft...
CVSS 8.8 High
Remediation - patch!!
CVE-2023-21549 - Windows SMB witness - introduced in SMB 3.0 (in 2013???), notifies clients of file share issues, allowing for clients to quickly attempt to repair or reestablish the share handle
CVSS 8.8 High
nvd.nist.gov/v...
msrc.microsoft...
Remediation - patch!!
CVE-2023-21743 - Sharepoint Security Feature bypass
Allows a remote attacker to bypass authentication & make an anonymous connection to Sharepoint service
CVSS 5.3 Medium
Remediation - patch!! PLUS additional admin steps - defined in Microsoft MSRC page
nvd.nist.gov/v...
msrc.microsoft...
Get Consulting: bit.ly/3R04Lsr
OCISO Knowledge Base: bit.ly/3kDGVHf
OCISO Social Media
Podcast: spoti.fi/3iuSwYa
Twitter: bit.ly/3EUkDIG
LinkedIn: bit.ly/3GIDQOY
Website: bit.ly/3gwN6uO
Facebook: bit.ly/3i9Wzsn
Sponsorship Request: If you are interested in Sponsoring Office of The CISO Videos Please Email sponsors@officeoftheciso.com
Topics Discussed:
Microsoft ALPC
Microsoft Advanced Local Procedure Calls
Vulnerabilities
CVE
Негізгі бет CVE Notice BIG Microsoft ALPC Vulnerabilities
Пікірлер