It’s Patch Tuesday Week, and Microsoft’s updates include fixes for a number of security holes that the company has dubbed Critical, along with a zero-day fix, although the 0-day only gets a rating of Important. Among the Critical bugs are CVE-2023-21554, an RCE hole in the Microsoft Message Queue system, and CVE-2023-28231, an RCE hole in the Microsoft DHCP Server Service. Additionally, two vulnerabilities, CVE-2023-28249 and CVE-2023-28269, are listed under the headline Windows Boot Manager Security Feature Bypass Vulnerability. These vulnerabilities allow attackers to bypass Secure Boot to run unauthorized code.
It is important to note that even though CVE-2023-28252, the zero-day fix, has only been given an Important rating, it is still a critical vulnerability as it allows attackers with few or no significant access privileges to promote themselves directly to the SYSTEM account. This type of vulnerability should not be taken lightly.
The Microsoft Message Queue System and DHCP Server Service, both of which have been identified with Critical vulnerabilities, are designed to provide a failsafe way for programs to communicate reliably, and to hand out network addresses (IP numbers) to computers that connect to the network respectively. It is essential to have these systems running securely in high-reliability back-end systems.
The Secure Boot system is designed to help keep computers on a strict and unwavering path from the time they turn on to the point that Windows takes control. Secure Boot is supposed to stop attackers who steal computers from injecting any booby-trapped code that could modify or subvert the initial startup process itself. These two vulnerabilities could allow attackers to bypass Secure Boot.
Given the severity of the vulnerabilities being patched, it is important to patch them as soon as possible. With 97 CVEs patched altogether in Windows itself, Visual Studio Code, SQL Server, Sharepoint and many other components, there are plenty more bugs that sysadmins need to know about.
In conclusion, this Patch Tuesday Week brings with it a number of high-severity vulnerabilities that should not be taken lightly. It is important to patch these vulnerabilities as soon as possible in order to ensure the safety and security of systems.