INTERNET STORM CENTER SPOTLIGHT
ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html
Microsoft February 2023 Patch Tuesday
Published: 2023-02-14
Last Updated: 2023-02-15 01:19:13 UTC
by Johannes Ullrich (Version: 1)
Microsoft today patched 80 different vulnerabilities. This includes the Chromium vulnerabilities affecting Microsoft Edge. Nine vulnerabilities are rated as "Critical" by Microsoft.
Three of the vulnerabilities, all rated "important", are already being exploited:
CVE-2023-21715: Microsoft Publisher Security Feature Bypass. This vulnerability will allow the execution of macros bypassing policies blocking them.
CVE-2023-23376: Windows Common Log File Ssytem Driver Elevation of Privilege Vulnerability
CVE-2023-21823: Windows Graphics Component Remote Code Execution Vulnerability. Patches for this vulnerability may only be available via the Microsoft Store. Make sure you have these updates enabled.
Some additional vulnerabilities of interest:
CVE-2023-21803: Windows iSCSI Discovery Service Remote Code Execution Vulnerability. Likely not the most common issue to be patched this month, but something that may easily be missed. This vulnerability, if exploited, could be used for lateral movement.
CVE-2023-21716: Microsoft Word Remote Code Execution Vulnerability. Word is always a great target as it offers a large attack surface. No known exploit for this vulnerability, but its CVSS score of 9.8 will attract some attention. The rating of "critical" implies that it is not necessary to open the document to trigger the vulnerability.
Visual Studio: Several vulnerabilities, two of them critical, affect Visual Studio. Attacks against developers are often not well documented but appear on the rise.
Read the full entry:
https://isc.sans.edu/diary/Microsoft+February+2023+Patch+Tuesday/29548/
Apple Patches Exploited Vulnerability
Published: 2023-02-13
Last Updated: 2023-02-13 20:47:36 UTC
by Johannes Ullrich (Version: 1)
Apple today released updates for Safari, iOS, iPadOS, MacOS, tvOS, and watchOS. Security details are only available for Safari, iOS, iPadOS, and macOS. One vulnerability being patched across all three operating systems is already being exploited:
CVE-2023-23529: This is a critical vulnerability that is already actively exploited. The type confusion vulnerability in webKit and it is already exploited. It may be exploited by the user visiting a malicious web page. It affects Safari, iPadOS, iOS as well as MacOS.
CVE-2023-23514: A kernel vulnerability that may allow an application installed on the device to execute arbitrary code with kernel privileges. A code achieving command execution via CVE-2023-23529 could use this vulnerability to escalate privileges and escape the Safari sandbox. iPadOS, iOS, and MacOS are affected.
CVE-2023-23522: This vulnerability in Shortcuts may allow an app to observe unprotected user data. It only affects macOS.
Read the full entry:
https://isc.sans.edu/diary/Apple+Patches+Exploited+Vulnerability/29544/
A Backdoor with Smart Screenshot Capability
Published: 2023-02-09
Last Updated: 2023-02-09 08:39:31 UTC
by Xavier Mertens (Version: 1)
Today, everything is “smart” or “intelligent”. We have smartphones, smart cars, smart doorbells, etc. Being "smart" means performing actions depending on the context, the environment, or user actions.
For a while, backdoors and trojans have implemented screenshot capabilities. From an attacker’s point of view, it’s interesting to “see” what’s displayed on the victim’s computer. To take a screenshot in Python is easy as this:
Read the full entry:
https://isc.sans.edu/diary/A+Backdoor+with+Smart+Screenshot+Capability/29534/