Microsoft’s Patch Tuesday for November is noteworthy, with an update addressing 59 vulnerabilities, two of which are already exploited in real-life attacks. The first, tracked as CVE-2023-36033, is an elevation of privilege vulnerability in Windows DWM Core Library marked as important, with a CVSS score of 7.8. “An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” according to Microsoft.
Meanwhile, CVE-2023-36036 is an elevation of privilege vulnerability in Windows Cloud Files Mini Filter Driver with a CVSS score of 7.8. Also fixed in November’s update cycle is the already exploited libWep flaw previously fixed in Chrome and other browsers, which also impacts Microsoft’s Edge, tracked as CVE-2023-4863.
Another significant flaw is CVE-2023-36397, a critical remote code execution vulnerability in Windows Pragmatic General Multicast with a CVSS score of 9.8. “When Windows message queuing service is running in a PGM Server environment, an attacker could send a specially crafted file over the network to achieve remote code execution and attempt to trigger malicious code,” Microsoft disclosed.
Enterprise software company Cisco has recently issued fixes for 27 security flaws, including one rated as critical with a near maximum CVSS score of 9.9. Tracked as CVE-2023-20048, the vulnerability in the web services interface of Cisco Firepower Management Center Software could allow an authenticated, remote attacker to execute unauthorized configuration commands on a Firepower Threat Defense device managed by the FMC Software.
However, successful exploitation of the vulnerability requires valid credentials on the FMC Software, as clarified by Cisco in their announcement.
Additionally, seven of the flaws resolved by Cisco are rated as having a high impact, including CVE-2023-20086—a denial-of-service flaw with a CVSS score of 8.6—and CVE-2023-20063, a code-injection vulnerability with a CVSS score of 8.2.
Atlassian has released a patch to address a serious flaw that is currently being exploited in real-life attacks. Tracked as CVE-2023-22518, this improper-authorization vulnerability issue in Confluence Data Center and Server is being utilized in ransomware attacks. “As part of Atlassian’s ongoing monitoring and investigation of this CVE, we observed several active exploits and reports of threat actors using ransomware,” the company stated.
Security firm Trend Micro
The Cerber ransomware group has been reported to be taking advantage of a vulnerability in attacks. According to Trend Micro, Cerber had previously targeted Atlassian in 2021, re-emerging after a period of inactivity to exploit remote code execution vulnerabilities in Atlassian’s GitLab servers.
All versions of Confluence Data Center and Server are impacted by the vulnerability, which enables an unauthenticated attacker to reset Confluence and create an administrator account. Atlassian stated that with this account, an attacker can carry out all administrative actions available to a Confluence instance administrator, resulting in a complete loss of confidentiality, integrity, and availability.
SAP, a leading enterprise software company, has released its November Security Patch Day, which addresses three new flaws. One of the most critical issues, tracked as CVE-2023-31403 with a CVSS score of 9.6, is an improper access control vulnerability in SAP Business One. Exploiting this flaw could allow a malicious user to read and write to the SMB shared folder, as announced by the software giant.
Source link: Source link