September 2023 Patch Tuesday
variety of products. Five of the vulnerabilities are rated critical, and two are being actively exploited: a Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability (CVE-2023-36802) and a Microsoft Word Information Disclosure Vulnerability (CVE-2023-36761).
CVE-2023-36761 is the vulnerability to watch out for. It is not only already being exploited, but it is also not a difficult problem to exploit. Note that Windows 11 will soon have the ability to disable NTLM hashes for SMB which may help with problems like this in the future.
The Microsoft Word information disclosure vulnerability (CVE-2023-36761, CVSS score 6.2) understates what's disclosed. This flaw discloses Net-NTLMv2 (authentication) hashes, which makes it very attractive to exploit. Also take note of CVE-2023-38148, a RCE flaw in the Internet Connection Sharing (ICS) service, where an unauthenticated attacker can exploit this just by sending a properly crafted packet to the ICS service. This flaw has the highest rating of the bunch at CVSS score of 8.8.
Rapid patching of any Windows vulnerability at least at Microsoft’s Critical level is the minimum that is defensible based on real world exploitation of unpatched Windows systems.
Interestingly, the two vulnerabilities being actively exploited have relatively low CVSS scores yet, can lead to either loss of user credentials or system-level access. Follow the standard security advice by prioritizing critical vulnerabilities first, as part of your patch cycle.