Exposures, Exposed! Weekly Round-up September 10-15

Welcome back to Exposures, Exposed!, our weekly round-up of exposure news you can use. This is XM Cyber’s collection of this past week’s most impactful exposure happenings from around the globe. Cyber threats never stop evolving so we’ll never stop researching them and reporting on them. 

Here are our top picks for this week:

61 Vulnerabilities Disclosed in September’s Microsoft Patch Tuesday

Well, first and foremost let’s begin with Microsoft Patch Tuesday. September’s collection included updates for 61 flaws, 2 of which are zero days already in the field. 5 listed had critical ratings, 55 were listed as important, and one was listed as being of moderate severity. They addressed 24 RCE flaws, 5 spoofing vulnerabilities, 3 DoS vulnerabilities, 3 security feature bypasses, 9 information disclosure vulnerabilities, and 5 vulnerabilities found in Chrome. 

Of most interest are the 2 zero days. The first is being tracked as CVE-2023-36802, which is a  Microsoft streaming service proxy elevation of privilege vulnerability. Microsoft acknowledges that this vulnerability has been spotted in the wild but offers no further information on it. Then there’s CVE-2023-36761, which is an information disclosure vulnerability that affects Word and is also currently being leveraged by attackers. 

Adobe Flaw Uncovered 

Adobe’s Product Security Incident Response Team (PSIRT) just disclosed the discovery of bugs in Adobe Reader and Acrobat. The vulnerability is being tracked as CVE-2023-26369  exploitation of the vulnerability could, according to Adobe,  “allow malicious native-code to execute, potentially without a user being aware.” Adobe has not provided any further details but it’s worth noting that customers using the XM platform can see how an attacker can use this vulnerability to compromise critical assets. 

High Severity Kubernetes Vulnerability

If you use Kubernetes, now’s the time to listen up. Researchers from Akamai just disclosed the discovery of a new high severity vulnerability that can leave all Windows end points on clusters that haven’t been patched vulnerable to remote code execution. This vulnerability is being tracked as CVE-2023-3676 and has a CVSS score of 8.8. According to Akamai researcher Tomer Peled in a report released in Sept 13, “The vulnerability allows remote code execution with SYSTEM privileges on all Windows endpoints within a Kubernetes cluster. To exploit this vulnerability, the attacker needs to apply a malicious YAML file on the cluster.” 

This discovery led directly to the discovery of 2 other vulnerabilities which are being tracked as CVE-2023-3955 and CVE-2023-3893. According to the report, all Kubernetes versions below 1.28 are potentially vulnerable and patching is advised. 

Google and Mozilla Patch Zero Day in Chrome, Thunderbird and Firefox 

As if Tuesday wasn’t busy enough, Google disclosed the discovery of a critical zero day vulnerability that’s already been found in the wild. Being tracked as CVE-2023-4863, this is a heap buffer overflow flaw which may allow arbitrary code execution.“Opening a malicious WebP image could lead to a heap buffer overflow in the content process,” stated Mozilla in an advisory. “We are aware of this issue being exploited in other products in the wild.” The XM Cyber platform supports the detection of the ability for an attacker to exploit this vulnerability, and can prioritize the remediation based on the impact to critical assets.

That’s all for this week – have any to add to our list? Let us know!