Disabling the HTTP/2 protocol via a Windows Registry modification and/or.In the advisory, Microsoft provides essentially no information about attack vector beyond the fact that the vulnerability is specific to HTTP/2, but does suggest two potential workarounds: Exploitation involves abuse of the lack of bounds on HTTP/2 request cancellation to bring about severe load on the server for a very low cost to the attacker. Dubbed "HTTP/2 rapid reset", the vulnerability is not specific to Microsoft, but is inherent to HTTP/2. Rounding out this month’s trio of exploited-in-the-wild vulnerabilities: the cross-platform Kestrel web server for ASP.NET Core receives a fix for CVE-2023-44487, a denial of service vulnerability.ĬVE-2023-44487 is perhaps of less concern to defenders, unless the Kestrel instance is internet-facing. ASP.NET Kestrel web server: zero-day denial of service Although Microsoft does not specify what the scope of the disclosure might be, it will presumably be limited to whatever the Skype for Business server can see as always, appropriate network segmentation will pay defense-in-depth dividends. Successful exploitation of CVE-2023-41763 via a specially crafted network call could result in the disclosure of IP addresses and/or port numbers. Skype for Business server: zero-day info disclosureĭefenders responsible for a Skype for Business server should take note of an exploited-in-the-wild information disclosure vulnerability for which public exploit code exists. Unsurprisingly, Microsoft recommends Word as a replacement for WordPad. It may or may not be a coincidence that Microsoft announced last month that WordPad is no longer being updated, and will be removed in a future version of Windows, although no specific timeline has yet been given. WordPad is vulnerable due to its use of the OleConvertOLESTREAMToIStorage and OleConvertOLESTREAMToIStorageEx Windows API functions, so the same is presumably true of other applications which make use of those functions. Microsoft has published further detail on the attack mechanism under KB5032314, as well as mitigation strategies. The advisory itself doesn’t give much more detail, but to take full advantage, the attacker would either need prior access to the system, or some means of exfiltrating the NTLM hash as part of the attack. by causing a custom application to run.enticing the user to open a specially crafted malicious file delivered via email, IM, or some other means, or.The advisory for CVE-2023-36563 describes two possible attack vectors: WordPad: zero-day NTLM hash disclosureĪnother Patch Tuesday, another zero-day vulnerability offering NTLM hash disclosure, this time in WordPad. Microsoft is addressing 105 vulnerabilities this October Patch Tuesday, including three zero-day vulnerabilities, as well as 12 critical remote code execution (RCE) vulnerabilities, and one republished third-party vulnerability.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |