![]() Lewis Pope is the Head Security Nerd at N-able.As the name suggests, AdBlock’s primary purpose is to remove unnecessary distractions from websites. Looking for more blogs on patching, or looking for previous Microsoft Patch Tuesday Review, then check out this section of our blog. If you have traditionally only dealt with patches by applying them based on their severity consider including prioritization of patches for Zero-Days, Exploitation Detected, and Exploitation More Likely vulnerabilities in your Patch Management routines. ![]() NT OS Kernel Elevation of Privilege VulnerabilityĪs always make sure you have established patching processes for evaluation, testing, and pushing into production. Microsoft Exchange Server Remote Code Execution Vulnerability Microsoft Publisher Security Features Bypass Vulnerability Windows Secure Channel Denial of Service Vulnerability Windows Graphics Component Elevation of Privilege Vulnerability Windows Graphics Component Remote Code Execution Vulnerability Windows Common Log File System Driver Elevation of Privilege Vulnerability Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution VulnerabilityģD Builder Remote Code Execution Vulnerability Microsoft Word Remote Code Execution Vulnerability Windows iSCSI Discovery Service Remote Code Execution Vulnerability Visual Studio Remote Code Execution Vulnerability Table Key: Severity: C = Critical, I = Important, M = Moderate Status: EML = Exploitation More Likely, ELL = Exploitation Less Likely, ED = Exploitation Detected If you only patch based on severity you are leaving a lot of unnecessary risk exposure lying around. Critical severity, exploitation more likely and exploitation detected vulnerabilities as always should be ranking fairly high on priority list. Vulnerability PrioritizationĪs always, prioritizing which vulnerabilities to address first is part following established best practices and a little bit of gut instinct. If, however, you still have these legacy systems and applications in production this should prompt a strongly worded entry in your risk registers, or be the push needed to make the business case for why the risks these legacy systems represent is no longer acceptable. For most SMEs this isn’t a concern as these systems have long since been retired in favor of currently supported versions. Starting February 14, Internet Explorer will be disabled via a Microsoft Edge update and be rolled out over the coming weeks via the Microsoft Edge Stable channel. While keeping to a timely patching routine should help mitigate these vulnerabilities, the fact that two zero-days are leveraging Microsoft Office documents for delivery of payloads illustrates that blocking email attachments, even for normally benign file types, should be evaluated as a serious option for hardening environments. Both are under active exploitation, and CVE-2023-21715 allows attackers to bypass Microsoft Office macro settings using a malicious Microsoft Publisher document. The second and third zero-day vulnerabilities for February are CVE-2023-23376 and CVE-2023-21715. If you’ve implemented policies that block auto-updates of Microsoft Store apps then its worth revisiting why that policy is in place. This particular vulnerability has received additional guidance in the Microsoft Security Update, advising that updates are being delivered for OneNote via the Microsoft Store. These compromised OneNote files can then be delivered as email attachments. To exploit this, attackers need to use specially crafted OneNote files. The first zero-day vulnerability, CVE-2023-21823, is a remote code execution threat that gives an attacker SYSTEM privileges when exploited. However, nine of this month’s vulnerabilities are marked as Critical, and the three zero-day vulnerabilities all under active exploitation, with one being leveraged in ransomware campaigns involving OneNote files. With a total of 77 vulnerabilities, workloads for teams responsible for patching shouldn’t be too heavy. There is also a collection of zero-days under active exploitation and a reminder that not all security fixes are delivered via Windows Update. ![]() Microsoft’s February Patch Tuesday brings more heartbreak for lovers of legacy software as Internet Explorer 11 is now being disabled on Windows 10 builds. January gave us the end of support for Windows 8.1 as well as Extended Security Updates for Windows 7. ![]() 2023 is the year many long familiar Microsoft products meet their final fates.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |