Cyber Security Threat Summary:
As part of the September Patch Tuesday, Microsoft addressed 59 flaws, including two zero-days that were exploited in attacks in the wild. In total, Microsoft released fixes for 3 Security Feature Bypass Vulnerabilities, 24 Remote Code Execution Vulnerabilities, 9 Information Disclosure Vulnerabilities, 3 Denial of Service Vulnerabilities, 5 Spoofing Vulnerabilities, and 5 Edge - Chromium Vulnerabilities. Out of the 59 flaws addressed, five have been rated critical in severity:

• CVE-2023-36796, CVE-2023-36792, CVE-2023-36793: Visual Studio Remote Code Execution Vulnerability
• CVE-2023-29332: Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability
• CVE-2023-38148: Internet Connection Sharing (ICS) Remote Code Execution Vulnerability

In addition to Microsoft, several other vendors have released updates in September 2023:

• Apple fixed a new zero-day exploit chain called BLASTPASS that was used in attacks to install the Pegasus spyware.
• Atlas VPN to fix a zero-day in the Linux client that can expose the user's actual IP address.
• Asus fixed three critical remote code execution bugs in the SUS RT-AX55, RT-AX56U_V2, and RT-AC86U routers.
• Cisco released security updates for various products and warned of a zero-day in Cisco ASA devices.
• Google released the Android September 2023 and Chrome updates to fix actively exploited vulnerabilities.
• MSI released BIOS updates to fix 'UNSUPPORTED_PROCESSOR' errors in Windows.
• Notepad++ 8.5.7 was released to fix four security vulnerabilities.
• SAP has released its September 2023 Patch Day updates.
• VMware fixed a VMware Tools vulnerability.

Security Officer Comments:
The actively exploited zero-days addressed by Microsoft are being tracked as CVE-2023-36802 and CVE-2023-36761 and were uncovered by the Microsoft Threat Intelligence group with the help of researchers at IBM X-Force. CVE-2023-36802 relates to an elevation of privilege vulnerability in the Microsoft Streaming Service Proxy. A successful exploit of this flaw could enable actors to gain SYSTEM-level privileges on the targeted system. The second flaw tracked as CVE-2023-36802, concerns an Information disclosure vulnerability impacting Microsoft Word. According to Microsoft, threat actors can exploit this flaw to steal NTLM hashes when the victim opens a document, including in the preview pane. Although Microsoft stated both vulnerabilities were exploited in the wild, details of such attacks have yet to be released.

Suggested Correction(s):
Organizations should review the list of vulnerabilities resolved and apply the relevant patches as needed. To access the full list of vulnerabilities addressed, please use the link down below:
https://www.bleepingcomputer.com/microsoft-patch-tuesday-reports/September-2023.html

Link(s):
https://www.bleepingcomputer.com/