Report Name: Microsoft Patch Tuesday, August 2023
Generated: 2023-08-30 17:37:00

Product Name	Prevalence	U	C	H	M	L	A	Comment
AMD Processor	0.9				1		1	Processor
Microsoft Message Queuing	0.9			5	6		11	Microsoft Message Queuing or MSMQ is a message queue implementation developed by Microsoft and deployed in its Windows Server operating systems since Windows NT 4 and Windows 95
Windows Kernel	0.9				5		5	Windows Kernel
.NET Core and Visual Studio	0.8				1		1	.NET Core and Visual Studio
.NET Framework	0.8			1			1	.NET Framework
ASP.NET	0.8			1			1	An open-source, server-side web-application framework designed for web development
Microsoft Edge	0.8			4	23		27	Web browser
Microsoft Exchange	0.8			5	1		6	Microsoft Exchange Server is a mail server and calendaring server developed by Microsoft
Microsoft Office	0.8			1			1	Microsoft Office is a suite of applications designed to help with productivity and completing common tasks on a computer
Microsoft Windows Defender	0.8				1		1	Windows component
Tablet Windows User Interface Application Core	0.8			1			1	Windows component
Windows Bluetooth A2DP driver	0.8				1		1	Windows component
Windows Cloud Files Mini Filter Driver	0.8				1		1	Windows component
Windows Common Log File System Driver	0.8				1		1	Windows component
Windows Cryptographic Services	0.8				2		2	Windows component
Windows Fax Service	0.8			1			1	Windows component
Windows Group Policy	0.8				1		1	Windows component
Windows HTML Platforms	0.8			1			1	Windows component
Windows Lightweight Directory Access Protocol (LDAP)	0.8			1			1	Windows component
Windows Projected File System	0.8				1		1	Windows component
Windows Smart Card Resource Management Server	0.8				1		1	Windows component
Windows System Assessment Tool	0.8				1		1	Windows component
Windows Wireless Wide Area Network Service (WwanSvc)	0.8				1		1	Windows component
.NET and Visual Studio	0.7		1	1			2	.NET and Visual Studio
HEVC Video Extensions	0.7			1			1	HEVC Video Extensions
Windows Mobile Device Management	0.7				1		1	Windows component
Microsoft Excel	0.6			1			1	MS Office product
Microsoft Office Visio	0.6			3			3	Microsoft Visio
Microsoft Outlook	0.6			1	1		2	MS Office product
Windows Hyper-V	0.6				1		1	Hardware virtualization component of the client editions of Windows NT
ASP.NET Core SignalR and Visual Studio	0.5				1		1	ASP.NET Core SignalR and Visual Studio
Azure Apache Ambari Spoofing Vulnerability	0.5				1		1	Azure Apache Ambari Spoofing Vulnerability
Azure Apache Hadoop	0.5				1		1	Azure Apache Hadoop
Azure Apache Hive	0.5				1		1	Azure Apache Hive
Azure Apache Oozie	0.5				1		1	Azure Apache Oozie
Azure Arc-Enabled Servers	0.5				1		1	Azure Arc-Enabled Servers
Azure DevOps Server	0.5				1		1	Azure DevOps Server
Azure HDInsight Jupyter Notebook	0.5				1		1	Azure HDInsight Jupyter Notebook
Microsoft Dynamics 365 On-Premises	0.5			1			1	Microsoft Dynamics 365 On-Premises
Microsoft Edge for Android (Chromium-based)	0.5				1		1	Microsoft Edge for Android (Chromium-based)
Microsoft Edge for iOS	0.5				1		1	Microsoft Edge for iOS
Microsoft OLE DB	0.5			1			1	Microsoft OLE DB
Microsoft SharePoint Server	0.5				4		4	Microsoft SharePoint Server
Microsoft Teams	0.5			2			2	Microsoft Teams
Microsoft WDAC OLE DB provider for SQL Server	0.5			1			1	Microsoft WDAC OLE DB provider for SQL Server
Reliability Analysis Metrics Calculation (RacTask)	0.5				1		1	Reliability Analysis Metrics Calculation (RacTask)
Reliability Analysis Metrics Calculation Engine (RACEng)	0.5				1		1	Reliability Analysis Metrics Calculation Engine (RACEng)
Visual Studio Tools for Office Runtime	0.5				1		1	Visual Studio Tools for Office Runtime
Dynamics Business Central	0.4				1		1	Dynamics Business Central

Vulnerability Type	Criticality	U	C	H	M	L	A
Remote Code Execution	1.0			24			24
Security Feature Bypass	0.9			3	3		6
Denial of Service	0.7		1	2	5		8
Memory Corruption	0.6			1	12		13
Elevation of Privilege	0.5			2	17		19
Information Disclosure	0.4				10		10
Spoofing	0.4			1	17		18
Tampering	0.3				1		1
Unknown Vulnerability Type	0				4		4

Source	U	C	H	M	L	A
MS PT Extended			4	25		29
Qualys		1	10	6		17
Tenable		1	10	9		20
Rapid7		1	7			8
ZDI			4	1		5

Urgent (0)

Critical (1)

1. Denial of Service - .NET and Visual Studio (CVE-2023-38180) - Critical [715]

Description: .NET and Visual Studio Denial of Service Vulnerability

Qualys: CVE-2023-38180: .NET and Visual Studio Denial of Service Vulnerability The vulnerability may allow an attacker to perform a denial-of-service attack on a target system in a low-complexity attack without special privileges. Microsoft has not provided any additional information regarding the vulnerability in the latest advisory. CISA has added the CVE-2023-38180 to its Known Exploited Vulnerabilities Catalog requesting users to patch it before Aug 30, 2023.

Tenable: Microsoft’s August 2023 Patch Tuesday Addresses 73 CVEs (CVE-2023-38180)

Tenable: CVE-2023-38180 |.NET and Visual Studio Denial of Service Vulnerability

Tenable: CVE-2023-38180 is a Denial of Service (DoS) vulnerability in Microsoft Visual Studio,.NET versions 6.0 and 7.0, and ASP.NET Core 2.1. It is rated as “Important” and was assigned a CVSSv3 score of 7.5. According to Microsoft, this vulnerability was exploited in the wild as a zero-day. While details of its exploitation were not available at the time this blog post was published, an attacker that exploits this vulnerability would be able to create a DoS condition on a vulnerable server.

Rapid7: The lone zero-day vulnerability patched this month is CVE-2023-38180, a denial of service (DoS) vulnerability in .NET , ASP.NET Core 2.1, and recent versions of Visual Studio. Microsoft is aware of in-the-wild exploitation. While the only impact noted is availability, administrators responsible for web apps built on ASP.NET are well-advised to patch as soon as possible. The cross-platform Kestrel web server is included in ASP.NET Core, and contains protections so that it can detect and disconnect a potentially malicious client. However, Kestrel will sometimes fail to disconnect the client, leading to denial of service. Microsoft notes that mitigating factors may include a reverse proxy or Web Application Firewall (WAF), since these are designed to detect and mitigate HTTP-based attacks.

High (33)

2. Remote Code Execution - .NET and Visual Studio (CVE-2023-35390) - High [554]

Description: .NET and Visual Studio Remote Code Execution Vulnerability

3. Remote Code Execution - Microsoft Message Queuing (CVE-2023-35385) - High [542]

Description: Microsoft Message Queuing Remote Code Execution Vulnerability

Qualys: CVE-2023-36910, CVE-2023-36911, & CVE-2023-35385: Microsoft Message Queuing Remote Code Execution Vulnerability Message Queuing (MSMQ) is a protocol developed by Microsoft to ensure reliable communication between Windows computers across different networks, even when a host is temporarily not connected (by maintaining a message queue of undelivered messages). To exploit this vulnerability, an attacker must send a specially crafted malicious MSMQ packet to an MSMQ server. An unauthenticated attacker may perform remote code execution on the target server by successfully exploiting the vulnerability.

Qualys: CVE-2023-35385, CVE-2023-36910, & CVE-2023-36911: Microsoft Message Queuing Remote Code Execution Vulnerability This vulnerability has a CVSS:3.1 9.8 / 8.5 Policy Compliance Control IDs (CIDs): 4030 Status of the ‘Windows Message Queuing Service’ 14916 Status of Windows Services 14297 Status of the open network connections and listening ports (Qualys Agent only)

Qualys: CVE-2023-36910, CVE-2023-36911, & CVE-2023-35385: Microsoft Message Queuing Remote Code Execution Vulnerability This vulnerability has a CVSSv3.1 score of 9.8/10.

Tenable: CVE-2023-35385, CVE-2023-36910 and CVE-2023-36911 | Microsoft Message Queuing Remote Code Execution Vulnerability

Tenable: CVE-2023-35385, CVE-2023-36910 and CVE-2023-36911 are RCE vulnerabilities in the Microsoft Message Queuing (MSMQ) component of Windows operating systems that were each given a CVSSv3 score of 9.8 and a rating of critical. Microsoft rated these vulnerabilities as “Exploitation Less Likely” using the Microsoft Exploitability Index.

Rapid7: The Windows Message Queuing Service is once again the site of multiple critical RCE vulnerabilities this month. CVE-2023-36910, CVE-2023-36911, and CVE-2023-35385 all come with a CVSSv3 base score of 9.8, reflecting the serious potential impact, lack of privileges required, and low attack complexity. One mitigating factor: the Microsoft Message Queueing Service must be enabled and listening on port 1801 for an asset to be vulnerable, and the Message Queueing Service is not installed by default. As Rapid7 has noted previously, however, a number of applications – including Microsoft Exchange – may quietly introduce MSMQ as part of their own installation routine.

ZDI: CVE-2023-35385/36910/36911 - Microsoft Message Queuing Remote Code Execution Vulnerability. All three of these are rated at a CVSS of 9.8 and could allow a remote anonymous attacker to execute their code on an affected server at the level of the Message Queuing service. There are 11 total bugs impacting Message Queuing getting fixed this month, and it’s clear that the research community is paying close attention to this service. While we haven’t detected active exploits targeting Message Queuing yet, it’s like just a matter of time as example PoCs exist. You can block TCP port 1801 as a mitigation, but the better choice is to test and deploy the update quickly.

4. Remote Code Execution - Microsoft Message Queuing (CVE-2023-36910) - High [542]

Description: Microsoft Message Queuing Remote Code Execution Vulnerability

Qualys: CVE-2023-36910, CVE-2023-36911, & CVE-2023-35385: Microsoft Message Queuing Remote Code Execution Vulnerability Message Queuing (MSMQ) is a protocol developed by Microsoft to ensure reliable communication between Windows computers across different networks, even when a host is temporarily not connected (by maintaining a message queue of undelivered messages). To exploit this vulnerability, an attacker must send a specially crafted malicious MSMQ packet to an MSMQ server. An unauthenticated attacker may perform remote code execution on the target server by successfully exploiting the vulnerability.

Qualys: CVE-2023-35385, CVE-2023-36910, & CVE-2023-36911: Microsoft Message Queuing Remote Code Execution Vulnerability This vulnerability has a CVSS:3.1 9.8 / 8.5 Policy Compliance Control IDs (CIDs): 4030 Status of the ‘Windows Message Queuing Service’ 14916 Status of Windows Services 14297 Status of the open network connections and listening ports (Qualys Agent only)

Qualys: CVE-2023-36910, CVE-2023-36911, & CVE-2023-35385: Microsoft Message Queuing Remote Code Execution Vulnerability This vulnerability has a CVSSv3.1 score of 9.8/10.

Tenable: CVE-2023-35385, CVE-2023-36910 and CVE-2023-36911 | Microsoft Message Queuing Remote Code Execution Vulnerability

Tenable: CVE-2023-35385, CVE-2023-36910 and CVE-2023-36911 are RCE vulnerabilities in the Microsoft Message Queuing (MSMQ) component of Windows operating systems that were each given a CVSSv3 score of 9.8 and a rating of critical. Microsoft rated these vulnerabilities as “Exploitation Less Likely” using the Microsoft Exploitability Index.

Rapid7: The Windows Message Queuing Service is once again the site of multiple critical RCE vulnerabilities this month. CVE-2023-36910, CVE-2023-36911, and CVE-2023-35385 all come with a CVSSv3 base score of 9.8, reflecting the serious potential impact, lack of privileges required, and low attack complexity. One mitigating factor: the Microsoft Message Queueing Service must be enabled and listening on port 1801 for an asset to be vulnerable, and the Message Queueing Service is not installed by default. As Rapid7 has noted previously, however, a number of applications – including Microsoft Exchange – may quietly introduce MSMQ as part of their own installation routine.

5. Remote Code Execution - Microsoft Message Queuing (CVE-2023-36911) - High [542]

Description: Microsoft Message Queuing Remote Code Execution Vulnerability

Qualys: CVE-2023-36910, CVE-2023-36911, & CVE-2023-35385: Microsoft Message Queuing Remote Code Execution Vulnerability Message Queuing (MSMQ) is a protocol developed by Microsoft to ensure reliable communication between Windows computers across different networks, even when a host is temporarily not connected (by maintaining a message queue of undelivered messages). To exploit this vulnerability, an attacker must send a specially crafted malicious MSMQ packet to an MSMQ server. An unauthenticated attacker may perform remote code execution on the target server by successfully exploiting the vulnerability.

Qualys: CVE-2023-35385, CVE-2023-36910, & CVE-2023-36911: Microsoft Message Queuing Remote Code Execution Vulnerability This vulnerability has a CVSS:3.1 9.8 / 8.5 Policy Compliance Control IDs (CIDs): 4030 Status of the ‘Windows Message Queuing Service’ 14916 Status of Windows Services 14297 Status of the open network connections and listening ports (Qualys Agent only)

Qualys: CVE-2023-36910, CVE-2023-36911, & CVE-2023-35385: Microsoft Message Queuing Remote Code Execution Vulnerability This vulnerability has a CVSSv3.1 score of 9.8/10.

Tenable: CVE-2023-35385, CVE-2023-36910 and CVE-2023-36911 | Microsoft Message Queuing Remote Code Execution Vulnerability

Tenable: CVE-2023-35385, CVE-2023-36910 and CVE-2023-36911 are RCE vulnerabilities in the Microsoft Message Queuing (MSMQ) component of Windows operating systems that were each given a CVSSv3 score of 9.8 and a rating of critical. Microsoft rated these vulnerabilities as “Exploitation Less Likely” using the Microsoft Exploitability Index.

Rapid7: The Windows Message Queuing Service is once again the site of multiple critical RCE vulnerabilities this month. CVE-2023-36910, CVE-2023-36911, and CVE-2023-35385 all come with a CVSSv3 base score of 9.8, reflecting the serious potential impact, lack of privileges required, and low attack complexity. One mitigating factor: the Microsoft Message Queueing Service must be enabled and listening on port 1801 for an asset to be vulnerable, and the Message Queueing Service is not installed by default. As Rapid7 has noted previously, however, a number of applications – including Microsoft Exchange – may quietly introduce MSMQ as part of their own installation routine.

6. Remote Code Execution - Windows Fax Service (CVE-2023-35381) - High [526]

Description: Windows Fax Service Remote Code Execution Vulnerability

7. Remote Code Execution - Microsoft Exchange (CVE-2023-38185) - High [490]

Description: Microsoft Exchange Server Remote Code Execution Vulnerability

Tenable: CVE-2023-38181, CVE-2023-38185, CVE-2023-35368, CVE-2023-38182, CVE-2023-35388 | Additional Microsoft Exchange Server Vulnerabilities

Tenable: |CVE-2023-38185||Microsoft Exchange Server Remote Code Execution Vulnerability||8.8||Exploitation Less Likely|

ZDI: Looking at the other remote code execution patches, many are the expected Important-rated Office bugs. There are additional Exchange RCEs as well, although they require the attacker to be network adjacent – meaning on the same LAN as the target. The concerning one is CVE-2023-38185, which does require authentication, but could allow an attacker to run elevated code through a network call. There are two separate bugs that require connecting to a malicious database. Also note that if you have installed Microsoft SQL Server 2022 for x64-based Systems (GDR) or Microsoft SQL Server 2019 for x64-based Systems (GDR), you are still vulnerable and need to apply this update. There’s a patch for LDAP that would allow an attacker to run code with the service’s permissions through a specially crafted LDAP call. The final RCE this month is a fix for Dynamics 365 that could be exploited by clicking a link in e-mail.

8. Remote Code Execution - Microsoft OLE DB (CVE-2023-38169) - High [476]

Description: Microsoft OLE DB Remote Code Execution Vulnerability

9. Remote Code Execution - Microsoft Teams (CVE-2023-29328) - High [476]

Description: Microsoft Teams Remote Code Execution Vulnerability

Qualys: CVE-2023-29328, CVE-2023-29330: Microsoft Teams Remote Code Execution Vulnerability An attacker is required to trick a user into joining a Teams meeting set up by them. It would allow the attacker to perform remote code execution in the context of the victim user. A successful remote attack performed by an attacker would enable them to access and alter user information. The attacker requires no privileges to perform the exploit.

Rapid7: Potentially of greater concern are a pair of Microsoft Teams critical remote code execution (RCE) vulnerabilities. While the CVSS base score of 8.8 is at the top end of NVD’s High severity, Microsoft assesses both CVE-2023-29328 and CVE-2023-29330 as Critical on its own proprietary severity rating, and the advisories make clear why that is: both vulnerabilities allow an attacker to execute code in the context of anyone who joins a Teams meeting set up by the attacker. This affects Teams on all platforms: Windows Desktop, macOS, iOS, and Android. Given how widely Teams is used not just within organizations, but for collaboration outside of the organization in contexts requiring a level of trust of third parties not known to participants – pre-sales calls, scoping calls, industry association calls and so on – these vulnerabilities surely deserve immediate remediation attention.

ZDI: CVE-2023-29328/29330 - Microsoft Teams Remote Code Execution Vulnerability. These bugs allow an attacker to gain code execution on a target system by convincing someone to a malicious Teams meeting set up by the attacker. Microsoft doesn’t specifically state what level the code execution occurs, but they do note the attacker could provide “access to the victim's information and the ability to alter information,” so that implies at the logged-on user level. We’ve seen similar exploits demonstrated at Pwn2Own, so don’t skip this update.

10. Remote Code Execution - Microsoft Teams (CVE-2023-29330) - High [476]

Description: Microsoft Teams Remote Code Execution Vulnerability

Qualys: CVE-2023-29328, CVE-2023-29330: Microsoft Teams Remote Code Execution Vulnerability An attacker is required to trick a user into joining a Teams meeting set up by them. It would allow the attacker to perform remote code execution in the context of the victim user. A successful remote attack performed by an attacker would enable them to access and alter user information. The attacker requires no privileges to perform the exploit.

Rapid7: Potentially of greater concern are a pair of Microsoft Teams critical remote code execution (RCE) vulnerabilities. While the CVSS base score of 8.8 is at the top end of NVD’s High severity, Microsoft assesses both CVE-2023-29328 and CVE-2023-29330 as Critical on its own proprietary severity rating, and the advisories make clear why that is: both vulnerabilities allow an attacker to execute code in the context of anyone who joins a Teams meeting set up by the attacker. This affects Teams on all platforms: Windows Desktop, macOS, iOS, and Android. Given how widely Teams is used not just within organizations, but for collaboration outside of the organization in contexts requiring a level of trust of third parties not known to participants – pre-sales calls, scoping calls, industry association calls and so on – these vulnerabilities surely deserve immediate remediation attention.

11. Remote Code Execution - Microsoft WDAC OLE DB provider for SQL Server (CVE-2023-36882) - High [476]

Description: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

12. Remote Code Execution - Microsoft Edge (CVE-2023-36887) - High [466]

Description: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

MS PT Extended: CVE-2023-36887 was published before August 2023 Patch Tuesday from 2023-07-12 to 2023-08-07

13. Remote Code Execution - Microsoft Exchange (CVE-2023-35368) - High [466]

Description: Microsoft Exchange Remote Code Execution Vulnerability

Tenable: CVE-2023-38181, CVE-2023-38185, CVE-2023-35368, CVE-2023-38182, CVE-2023-35388 | Additional Microsoft Exchange Server Vulnerabilities

Tenable: |CVE-2023-35368||Microsoft Exchange Server Remote Code Execution Vulnerability||8.8||Exploitation Less Likely|

14. Remote Code Execution - Windows Lightweight Directory Access Protocol (LDAP) (CVE-2023-38184) - High [466]

Description: Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

15. Remote Code Execution - Microsoft Office (CVE-2023-35371) - High [454]

Description: Microsoft Office Remote Code Execution Vulnerability

16. Remote Code Execution - Tablet Windows User Interface Application Core (CVE-2023-36898) - High [454]

Description: Tablet Windows User Interface Application Core Remote Code Execution Vulnerability

17. Remote Code Execution - Microsoft Dynamics 365 On-Premises (CVE-2023-35389) - High [440]

Description: Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability

18. Remote Code Execution - HEVC Video Extensions (CVE-2023-38170) - High [438]

Description: HEVC Video Extensions Remote Code Execution Vulnerability

19. Security Feature Bypass - Microsoft Edge (CVE-2023-38157) - High [436]

Description: Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

MS PT Extended: CVE-2023-38157 was published before August 2023 Patch Tuesday from 2023-07-12 to 2023-08-07

20. Elevation of Privilege - ASP.NET (CVE-2023-36899) - High [434]

Description: ASP.NET Elevation of Privilege Vulnerability

21. Remote Code Execution - Microsoft Exchange (CVE-2023-35388) - High [430]

Description: Microsoft Exchange Server Remote Code Execution Vulnerability

Qualys: Other Microsoft Vulnerability Highlights CVE-2023-35359 is an elevation of privilege vulnerability that may allow an attacker to gain SYSTEM privileges. An attacker with local access to the targeted machine and the user may create folders and performance traces on the device with restricted privileges that normal users have by default. CVE-2023-36900 is an elevation of privilege vulnerability in the Windows Common Log File System Driver. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-35380, CVE-2023-35382, and CVE-2023-35386 are elevation of privilege vulnerabilities in the Windows Kernel. Successful exploitation of the vulnerabilities may allow an attacker to gain SYSTEM privileges. CVE-2023-35384 is a security feature bypass vulnerability in the Windows HTML Platforms. To exploit the vulnerability, an attacker must send the user a malicious file and convince them to open it. The vulnerability arises when the MSHTML platform fails to validate the correct Security Zone of requests for specific URLs. An attacker may exploit this to cause a user to access a URL in a less restricted Internet Security Zone than intended. CVE-2023-35388 and CVE-2023-38182 are remote code execution vulnerabilities affecting Microsoft Exchange Server. To exploit these vulnerabilities, the attacker must be authenticated with LAN access and have credentials for a valid Exchange user. On successful exploitation, an attacker may perform remote code execution via a PowerShell remoting session.

Tenable: CVE-2023-38181, CVE-2023-38185, CVE-2023-35368, CVE-2023-38182, CVE-2023-35388 | Additional Microsoft Exchange Server Vulnerabilities

Tenable: |CVE-2023-35388||Microsoft Exchange Server Remote Code Execution Vulnerability||8.0||Exploitation More Likely|

Tenable: Of the five other vulnerabilities patched this month, two (CVE-2023-38182, CVE-2023-35388) are rated as “Exploitation More Likely.” According to the advisories, exploitation of these vulnerabilities would allow an authenticated attacker to execute code using a PowerShell remoting session. In order to successfully exploit this flaw, the attacker would first need to have LAN access and valid credentials for an Exchange user.

22. Remote Code Execution - Microsoft Exchange (CVE-2023-38182) - High [430]

Description: Microsoft Exchange Server Remote Code Execution Vulnerability

Qualys: Other Microsoft Vulnerability Highlights CVE-2023-35359 is an elevation of privilege vulnerability that may allow an attacker to gain SYSTEM privileges. An attacker with local access to the targeted machine and the user may create folders and performance traces on the device with restricted privileges that normal users have by default. CVE-2023-36900 is an elevation of privilege vulnerability in the Windows Common Log File System Driver. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-35380, CVE-2023-35382, and CVE-2023-35386 are elevation of privilege vulnerabilities in the Windows Kernel. Successful exploitation of the vulnerabilities may allow an attacker to gain SYSTEM privileges. CVE-2023-35384 is a security feature bypass vulnerability in the Windows HTML Platforms. To exploit the vulnerability, an attacker must send the user a malicious file and convince them to open it. The vulnerability arises when the MSHTML platform fails to validate the correct Security Zone of requests for specific URLs. An attacker may exploit this to cause a user to access a URL in a less restricted Internet Security Zone than intended. CVE-2023-35388 and CVE-2023-38182 are remote code execution vulnerabilities affecting Microsoft Exchange Server. To exploit these vulnerabilities, the attacker must be authenticated with LAN access and have credentials for a valid Exchange user. On successful exploitation, an attacker may perform remote code execution via a PowerShell remoting session.

Tenable: CVE-2023-38181, CVE-2023-38185, CVE-2023-35368, CVE-2023-38182, CVE-2023-35388 | Additional Microsoft Exchange Server Vulnerabilities

Tenable: |CVE-2023-38182||Microsoft Exchange Server Remote Code Execution Vulnerability||8.0||Exploitation More Likely|

Tenable: Of the five other vulnerabilities patched this month, two (CVE-2023-38182, CVE-2023-35388) are rated as “Exploitation More Likely.” According to the advisories, exploitation of these vulnerabilities would allow an authenticated attacker to execute code using a PowerShell remoting session. In order to successfully exploit this flaw, the attacker would first need to have LAN access and valid credentials for an Exchange user.

23. Elevation of Privilege - Microsoft Exchange (CVE-2023-21709) - High [425]

Description: Microsoft Exchange Server Elevation of Privilege Vulnerability

Qualys: CVE-2023-21709: Microsoft Exchange Server Elevation of Privilege Vulnerability This vulnerability has a CVSS:3.1 9.8 / 8.5 Policy Compliance Control IDs (CIDs): 13515 List installed IIS modules The following QQL will return a posture assessment for the CIDs for this Patch Tuesday: control.id: [4030,14916,14297,11511,13515]

Qualys: CVE-2023-21709: Microsoft Exchange Server Elevation of Privilege Vulnerability Note: This is Post Patch Activity This vulnerability has a CVSSv3.1 score of 9.8/10. The next Patch Tuesday falls on September 12, and we’ll be back with details and patch analysis. Until next Patch Tuesday, stay safe and secure. Be sure to subscribe to the ‘This Month in Vulnerabilities and Patches webinar.’

Tenable: CVE-2023-21709 | Microsoft Exchange Server Elevation of Privilege Vulnerability

Tenable: CVE-2023-21709 is an EoP vulnerability in Microsoft Exchange Server. It was assigned a CVSSv3 score of 9.8 and is rated as Exploitation Less Likely. An unauthenticated attacker could exploit this vulnerability by attempting to brute force the password for valid user accounts. Successful exploitation would allow an attacker to “login as another user.”

Tenable: In addition to CVE-2023-21709, Microsoft patched five other vulnerabilities in Microsoft Exchange Server:

Rapid7: Exploitation of CVE-2023-21709 allows an attacker to authenticate as a different user. Exchange admins should note that additional remediation actions must be taken after patching. Although the CVSSv3 base score is a Critical-ranked 9.8, Microsoft's proprietary severity scale assesses this vulnerability as Important rather than Critical, since exploitation involves brute-forcing passwords, and strong passwords are challenging to brute force.

ZDI: CVE-2023-21709 - Microsoft Exchange Server Elevation of Privilege Vulnerability. I know I already brought up Exchange, but I couldn’t let this CVE pass without a mention. This vulnerability allows a remote, unauthenticated attacker to log in as another user. In this case, you’re elevating from no permissions to being able to authenticate to the server, which makes all of those post-authentication exploits (see above) viable. Although rated Important, I would consider this bug rated Critical and act accordingly.

24. Security Feature Bypass - Microsoft Edge (CVE-2023-4077) - High [425]

Description: Chromium: CVE-2023-4077 Insufficient data validation in Extensions. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2023-4077 was published before August 2023 Patch Tuesday from 2023-07-12 to 2023-08-07

25. Remote Code Execution - Microsoft Excel (CVE-2023-36896) - High [421]

Description: Microsoft Excel Remote Code Execution Vulnerability

26. Remote Code Execution - Microsoft Office Visio (CVE-2023-35372) - High [421]

Description: Microsoft Office Visio Remote Code Execution Vulnerability

27. Remote Code Execution - Microsoft Office Visio (CVE-2023-36865) - High [421]

Description: Microsoft Office Visio Remote Code Execution Vulnerability

28. Remote Code Execution - Microsoft Office Visio (CVE-2023-36866) - High [421]

Description: Microsoft Office Visio Remote Code Execution Vulnerability

29. Remote Code Execution - Microsoft Outlook (CVE-2023-36895) - High [421]

Description: Microsoft Outlook Remote Code Execution Vulnerability

Qualys: CVE-2023-36895: Microsoft Outlook Remote Code Execution Vulnerability To exploit the vulnerability, an attacker must convince a victim to download and open a specially crafted file from a website, leading to a local computer attack.

Rapid7: Rounding out the August critical RCE vulnerabilities, CVE-2023-36895 describes a flaw in Microsoft Outlook where an attacker who can convince a user to open a specially-crafted malicious file will be able to execute code in the context of the victim. However, although the advisory describes CVE-2023-36895 as an Outlook vulnerability, linked KB articles for Microsoft Installer versions of Office (e.g. KB5002464 for Office 2016) describe a security update for Word. At time of writing, it isn't clear whether this is because the vulnerable code is in a shared Office component, or whether this apparent discrepancy is an oversight.

30. Spoofing - .NET Framework (CVE-2023-36873) - High [416]

Description: .NET Framework Spoofing Vulnerability

31. Security Feature Bypass - Windows HTML Platforms (CVE-2023-35384) - High [413]

Description: Windows HTML Platforms Security Feature Bypass Vulnerability

Qualys: Other Microsoft Vulnerability Highlights CVE-2023-35359 is an elevation of privilege vulnerability that may allow an attacker to gain SYSTEM privileges. An attacker with local access to the targeted machine and the user may create folders and performance traces on the device with restricted privileges that normal users have by default. CVE-2023-36900 is an elevation of privilege vulnerability in the Windows Common Log File System Driver. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-35380, CVE-2023-35382, and CVE-2023-35386 are elevation of privilege vulnerabilities in the Windows Kernel. Successful exploitation of the vulnerabilities may allow an attacker to gain SYSTEM privileges. CVE-2023-35384 is a security feature bypass vulnerability in the Windows HTML Platforms. To exploit the vulnerability, an attacker must send the user a malicious file and convince them to open it. The vulnerability arises when the MSHTML platform fails to validate the correct Security Zone of requests for specific URLs. An attacker may exploit this to cause a user to access a URL in a less restricted Internet Security Zone than intended. CVE-2023-35388 and CVE-2023-38182 are remote code execution vulnerabilities affecting Microsoft Exchange Server. To exploit these vulnerabilities, the attacker must be authenticated with LAN access and have credentials for a valid Exchange user. On successful exploitation, an attacker may perform remote code execution via a PowerShell remoting session.

32. Memory Corruption - Microsoft Edge (CVE-2023-4073) - High [407]

Description: Chromium: CVE-2023-4073 Out of bounds memory access in ANGLE. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2023-4073 was published before August 2023 Patch Tuesday from 2023-07-12 to 2023-08-07

33. Denial of Service - Microsoft Message Queuing (CVE-2023-36912) - High [405]

Description: Microsoft Message Queuing Denial of Service Vulnerability

Tenable: Yuki Chen, a security researcher with Cyber KunLun, is credited with discovering a total of six vulnerabilities in Microsoft Message Queuing in August 2023, including the three above as well as two DoS vulnerabilities (CVE-2023-36912 and CVE-2023-38172) and CVE-2023-35383, an information disclosure vulnerability.

34. Denial of Service - Microsoft Message Queuing (CVE-2023-38172) - High [405]

Description: Microsoft Message Queuing Denial of Service Vulnerability

Tenable: Yuki Chen, a security researcher with Cyber KunLun, is credited with discovering a total of six vulnerabilities in Microsoft Message Queuing in August 2023, including the three above as well as two DoS vulnerabilities (CVE-2023-36912 and CVE-2023-38172) and CVE-2023-35383, an information disclosure vulnerability.

Medium (69)

35. Memory Corruption - Microsoft Edge (CVE-2023-3727) - Medium [395]

Description: Chromium: CVE-2023-3727 Use after free in WebRTC. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2023-3727 was published before August 2023 Patch Tuesday from 2023-07-12 to 2023-08-07

36. Memory Corruption - Microsoft Edge (CVE-2023-3728) - Medium [395]

Description: Chromium: CVE-2023-3728 Use after free in WebRTC. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2023-3728 was published before August 2023 Patch Tuesday from 2023-07-12 to 2023-08-07

37. Memory Corruption - Microsoft Edge (CVE-2023-4072) - Medium [395]

Description: Chromium: CVE-2023-4072 Out of bounds read and write in WebGL. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2023-4072 was published before August 2023 Patch Tuesday from 2023-07-12 to 2023-08-07

38. Memory Corruption - Microsoft Edge (CVE-2023-4076) - Medium [395]

Description: Chromium: CVE-2023-4076 Use after free in WebRTC. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2023-4076 was published before August 2023 Patch Tuesday from 2023-07-12 to 2023-08-07

39. Denial of Service - Microsoft Message Queuing (CVE-2023-35376) - Medium [394]

Description: Microsoft Message Queuing Denial of Service Vulnerability

40. Denial of Service - Microsoft Message Queuing (CVE-2023-35377) - Medium [394]

Description: Microsoft Message Queuing Denial of Service Vulnerability

41. Denial of Service - Microsoft Message Queuing (CVE-2023-36909) - Medium [394]

Description: Microsoft Message Queuing Denial of Service Vulnerability

42. Denial of Service - Microsoft Message Queuing (CVE-2023-38254) - Medium [394]

Description: Microsoft Message Queuing Denial of Service Vulnerability

43. Denial of Service - .NET Core and Visual Studio (CVE-2023-38178) - Medium [389]

Description: .NET Core and Visual Studio Denial of Service Vulnerability

44. Security Feature Bypass - Microsoft Edge (CVE-2023-3740) - Medium [389]

Description: Chromium: CVE-2023-3740 Insufficient validation of untrusted input in Themes. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2023-3740 was published before August 2023 Patch Tuesday from 2023-07-12 to 2023-08-07

45. Memory Corruption - Microsoft Edge (CVE-2023-3730) - Medium [383]

Description: Chromium: CVE-2023-3730 Use after free in Tab Groups. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2023-3730 was published before August 2023 Patch Tuesday from 2023-07-12 to 2023-08-07

46. Memory Corruption - Microsoft Edge (CVE-2023-3732) - Medium [383]

Description: Chromium: CVE-2023-3732 Out of bounds memory access in Mojo. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2023-3732 was published before August 2023 Patch Tuesday from 2023-07-12 to 2023-08-07

47. Memory Corruption - Microsoft Edge (CVE-2023-4069) - Medium [383]

Description: Chromium: CVE-2023-4069 Type Confusion in V8. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2023-4069 was published before August 2023 Patch Tuesday from 2023-07-12 to 2023-08-07

48. Memory Corruption - Microsoft Edge (CVE-2023-4071) - Medium [383]

Description: Chromium: CVE-2023-4071 Heap buffer overflow in Visuals. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2023-4071 was published before August 2023 Patch Tuesday from 2023-07-12 to 2023-08-07

49. Memory Corruption - Microsoft Edge (CVE-2023-4074) - Medium [383]

Description: Chromium: CVE-2023-4074 Use after free in Blink Task Scheduling. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2023-4074 was published before August 2023 Patch Tuesday from 2023-07-12 to 2023-08-07

50. Memory Corruption - Microsoft Edge (CVE-2023-4075) - Medium [383]

Description: Chromium: CVE-2023-4075 Use after free in Cast. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2023-4075 was published before August 2023 Patch Tuesday from 2023-07-12 to 2023-08-07

51. Spoofing - Visual Studio Tools for Office Runtime (CVE-2023-36897) - Medium [378]

Description: Visual Studio Tools for Office Runtime Spoofing Vulnerability

52. Elevation of Privilege - Windows System Assessment Tool (CVE-2023-36903) - Medium [377]

Description: Windows System Assessment Tool Elevation of Privilege Vulnerability

53. Security Feature Bypass - Windows Group Policy (CVE-2023-36889) - Medium [377]

Description: Windows Group Policy Security Feature Bypass Vulnerability

54. Security Feature Bypass - Windows Smart Card Resource Management Server (CVE-2023-36914) - Medium [377]

Description: Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability

55. Information Disclosure - AMD Processor (CVE-2023-20569) - Medium [376]

Description: A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled?address, potentially leading to information disclosure.

Tenable: Microsoft patched 73 CVEs in its August Patch Tuesday release, with six rated as critical and 67 rated as important. Microsoft also released two advisories (ADV230003 and ADV230004) this month as well as a patch for a vulnerability in AMD processors (CVE-2023-20569). These were omitted from our totals.

56. Memory Corruption - Microsoft Edge (CVE-2023-4068) - Medium [371]

Description: Chromium: CVE-2023-4068 Type Confusion in V8. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2023-4068 was published before August 2023 Patch Tuesday from 2023-07-12 to 2023-08-07

57. Memory Corruption - Microsoft Edge (CVE-2023-4070) - Medium [371]

Description: Chromium: CVE-2023-4070 Type Confusion in V8. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2023-4070 was published before August 2023 Patch Tuesday from 2023-07-12 to 2023-08-07

58. Information Disclosure - ASP.NET Core SignalR and Visual Studio (CVE-2023-35391) - Medium [366]

Description: ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability

59. Information Disclosure - Microsoft Message Queuing (CVE-2023-35383) - Medium [364]

Description: Microsoft Message Queuing Information Disclosure Vulnerability

Tenable: Yuki Chen, a security researcher with Cyber KunLun, is credited with discovering a total of six vulnerabilities in Microsoft Message Queuing in August 2023, including the three above as well as two DoS vulnerabilities (CVE-2023-36912 and CVE-2023-38172) and CVE-2023-35383, an information disclosure vulnerability.

60. Elevation of Privilege - Windows Mobile Device Management (CVE-2023-38186) - Medium [360]

Description: Windows Mobile Device Management Elevation of Privilege Vulnerability

61. Elevation of Privilege - Microsoft Edge (CVE-2023-38187) - Medium [353]

Description: Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

MS PT Extended: CVE-2023-38187 was published before August 2023 Patch Tuesday from 2023-07-12 to 2023-08-07

62. Elevation of Privilege - Windows Bluetooth A2DP driver (CVE-2023-35387) - Medium [353]

Description: Windows Bluetooth A2DP driver Elevation of Privilege Vulnerability

63. Information Disclosure - Microsoft Message Queuing (CVE-2023-36913) - Medium [352]

Description: Microsoft Message Queuing Information Disclosure Vulnerability

64. Elevation of Privilege - Windows Kernel (CVE-2023-35359) - Medium [346]

Description: Windows Kernel Elevation of Privilege Vulnerability

Qualys: Other Microsoft Vulnerability Highlights CVE-2023-35359 is an elevation of privilege vulnerability that may allow an attacker to gain SYSTEM privileges. An attacker with local access to the targeted machine and the user may create folders and performance traces on the device with restricted privileges that normal users have by default. CVE-2023-36900 is an elevation of privilege vulnerability in the Windows Common Log File System Driver. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-35380, CVE-2023-35382, and CVE-2023-35386 are elevation of privilege vulnerabilities in the Windows Kernel. Successful exploitation of the vulnerabilities may allow an attacker to gain SYSTEM privileges. CVE-2023-35384 is a security feature bypass vulnerability in the Windows HTML Platforms. To exploit the vulnerability, an attacker must send the user a malicious file and convince them to open it. The vulnerability arises when the MSHTML platform fails to validate the correct Security Zone of requests for specific URLs. An attacker may exploit this to cause a user to access a URL in a less restricted Internet Security Zone than intended. CVE-2023-35388 and CVE-2023-38182 are remote code execution vulnerabilities affecting Microsoft Exchange Server. To exploit these vulnerabilities, the attacker must be authenticated with LAN access and have credentials for a valid Exchange user. On successful exploitation, an attacker may perform remote code execution via a PowerShell remoting session.

Tenable: CVE-2023-35359, CVE-2023-35380, CVE-2023-35382, CVE-2023-35386 and CVE-2023-38154 | Windows Kernel Elevation of Privilege Vulnerability

Tenable: CVE-2023-35359, CVE-2023-35380, CVE-2023-35382, CVE-2023-35386, and CVE-2023-38154 are EoP vulnerabilities in the Windows Kernel. All five vulnerabilities were assigned a CVSSv3 score of 7.8 and four are rated as “Exploitation More Likely,” with CVE-2023-38154 rated as “Exploitation Unlikely.” A local, authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges. Four of the five vulnerabilities are attributed to researchers from Google Project Zero.

65. Elevation of Privilege - Windows Kernel (CVE-2023-35380) - Medium [346]

Description: Windows Kernel Elevation of Privilege Vulnerability

Qualys: Other Microsoft Vulnerability Highlights CVE-2023-35359 is an elevation of privilege vulnerability that may allow an attacker to gain SYSTEM privileges. An attacker with local access to the targeted machine and the user may create folders and performance traces on the device with restricted privileges that normal users have by default. CVE-2023-36900 is an elevation of privilege vulnerability in the Windows Common Log File System Driver. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-35380, CVE-2023-35382, and CVE-2023-35386 are elevation of privilege vulnerabilities in the Windows Kernel. Successful exploitation of the vulnerabilities may allow an attacker to gain SYSTEM privileges. CVE-2023-35384 is a security feature bypass vulnerability in the Windows HTML Platforms. To exploit the vulnerability, an attacker must send the user a malicious file and convince them to open it. The vulnerability arises when the MSHTML platform fails to validate the correct Security Zone of requests for specific URLs. An attacker may exploit this to cause a user to access a URL in a less restricted Internet Security Zone than intended. CVE-2023-35388 and CVE-2023-38182 are remote code execution vulnerabilities affecting Microsoft Exchange Server. To exploit these vulnerabilities, the attacker must be authenticated with LAN access and have credentials for a valid Exchange user. On successful exploitation, an attacker may perform remote code execution via a PowerShell remoting session.

Tenable: CVE-2023-35359, CVE-2023-35380, CVE-2023-35382, CVE-2023-35386 and CVE-2023-38154 | Windows Kernel Elevation of Privilege Vulnerability

Tenable: CVE-2023-35359, CVE-2023-35380, CVE-2023-35382, CVE-2023-35386, and CVE-2023-38154 are EoP vulnerabilities in the Windows Kernel. All five vulnerabilities were assigned a CVSSv3 score of 7.8 and four are rated as “Exploitation More Likely,” with CVE-2023-38154 rated as “Exploitation Unlikely.” A local, authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges. Four of the five vulnerabilities are attributed to researchers from Google Project Zero.

66. Elevation of Privilege - Windows Kernel (CVE-2023-35382) - Medium [346]

Description: Windows Kernel Elevation of Privilege Vulnerability

Qualys: Other Microsoft Vulnerability Highlights CVE-2023-35359 is an elevation of privilege vulnerability that may allow an attacker to gain SYSTEM privileges. An attacker with local access to the targeted machine and the user may create folders and performance traces on the device with restricted privileges that normal users have by default. CVE-2023-36900 is an elevation of privilege vulnerability in the Windows Common Log File System Driver. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-35380, CVE-2023-35382, and CVE-2023-35386 are elevation of privilege vulnerabilities in the Windows Kernel. Successful exploitation of the vulnerabilities may allow an attacker to gain SYSTEM privileges. CVE-2023-35384 is a security feature bypass vulnerability in the Windows HTML Platforms. To exploit the vulnerability, an attacker must send the user a malicious file and convince them to open it. The vulnerability arises when the MSHTML platform fails to validate the correct Security Zone of requests for specific URLs. An attacker may exploit this to cause a user to access a URL in a less restricted Internet Security Zone than intended. CVE-2023-35388 and CVE-2023-38182 are remote code execution vulnerabilities affecting Microsoft Exchange Server. To exploit these vulnerabilities, the attacker must be authenticated with LAN access and have credentials for a valid Exchange user. On successful exploitation, an attacker may perform remote code execution via a PowerShell remoting session.

Tenable: CVE-2023-35359, CVE-2023-35380, CVE-2023-35382, CVE-2023-35386 and CVE-2023-38154 | Windows Kernel Elevation of Privilege Vulnerability

Tenable: CVE-2023-35359, CVE-2023-35380, CVE-2023-35382, CVE-2023-35386, and CVE-2023-38154 are EoP vulnerabilities in the Windows Kernel. All five vulnerabilities were assigned a CVSSv3 score of 7.8 and four are rated as “Exploitation More Likely,” with CVE-2023-38154 rated as “Exploitation Unlikely.” A local, authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges. Four of the five vulnerabilities are attributed to researchers from Google Project Zero.

67. Elevation of Privilege - Windows Kernel (CVE-2023-35386) - Medium [346]

Description: Windows Kernel Elevation of Privilege Vulnerability

Qualys: Other Microsoft Vulnerability Highlights CVE-2023-35359 is an elevation of privilege vulnerability that may allow an attacker to gain SYSTEM privileges. An attacker with local access to the targeted machine and the user may create folders and performance traces on the device with restricted privileges that normal users have by default. CVE-2023-36900 is an elevation of privilege vulnerability in the Windows Common Log File System Driver. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-35380, CVE-2023-35382, and CVE-2023-35386 are elevation of privilege vulnerabilities in the Windows Kernel. Successful exploitation of the vulnerabilities may allow an attacker to gain SYSTEM privileges. CVE-2023-35384 is a security feature bypass vulnerability in the Windows HTML Platforms. To exploit the vulnerability, an attacker must send the user a malicious file and convince them to open it. The vulnerability arises when the MSHTML platform fails to validate the correct Security Zone of requests for specific URLs. An attacker may exploit this to cause a user to access a URL in a less restricted Internet Security Zone than intended. CVE-2023-35388 and CVE-2023-38182 are remote code execution vulnerabilities affecting Microsoft Exchange Server. To exploit these vulnerabilities, the attacker must be authenticated with LAN access and have credentials for a valid Exchange user. On successful exploitation, an attacker may perform remote code execution via a PowerShell remoting session.

Tenable: CVE-2023-35359, CVE-2023-35380, CVE-2023-35382, CVE-2023-35386 and CVE-2023-38154 | Windows Kernel Elevation of Privilege Vulnerability

Tenable: CVE-2023-35359, CVE-2023-35380, CVE-2023-35382, CVE-2023-35386, and CVE-2023-38154 are EoP vulnerabilities in the Windows Kernel. All five vulnerabilities were assigned a CVSSv3 score of 7.8 and four are rated as “Exploitation More Likely,” with CVE-2023-38154 rated as “Exploitation Unlikely.” A local, authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges. Four of the five vulnerabilities are attributed to researchers from Google Project Zero.

68. Elevation of Privilege - Windows Kernel (CVE-2023-38154) - Medium [346]

Description: Windows Kernel Elevation of Privilege Vulnerability

Tenable: CVE-2023-35359, CVE-2023-35380, CVE-2023-35382, CVE-2023-35386 and CVE-2023-38154 | Windows Kernel Elevation of Privilege Vulnerability

Tenable: CVE-2023-35359, CVE-2023-35380, CVE-2023-35382, CVE-2023-35386, and CVE-2023-38154 are EoP vulnerabilities in the Windows Kernel. All five vulnerabilities were assigned a CVSSv3 score of 7.8 and four are rated as “Exploitation More Likely,” with CVE-2023-38154 rated as “Exploitation Unlikely.” A local, authenticated attacker could exploit this vulnerability to obtain SYSTEM privileges. Four of the five vulnerabilities are attributed to researchers from Google Project Zero.

69. Elevation of Privilege - Microsoft Windows Defender (CVE-2023-38175) - Medium [329]

Description: Microsoft Windows Defender Elevation of Privilege Vulnerability

70. Elevation of Privilege - Windows Cloud Files Mini Filter Driver (CVE-2023-36904) - Medium [329]

Description: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

71. Elevation of Privilege - Windows Common Log File System Driver (CVE-2023-36900) - Medium [329]

Description: Windows Common Log File System Driver Elevation of Privilege Vulnerability

Qualys: Other Microsoft Vulnerability Highlights CVE-2023-35359 is an elevation of privilege vulnerability that may allow an attacker to gain SYSTEM privileges. An attacker with local access to the targeted machine and the user may create folders and performance traces on the device with restricted privileges that normal users have by default. CVE-2023-36900 is an elevation of privilege vulnerability in the Windows Common Log File System Driver. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-35380, CVE-2023-35382, and CVE-2023-35386 are elevation of privilege vulnerabilities in the Windows Kernel. Successful exploitation of the vulnerabilities may allow an attacker to gain SYSTEM privileges. CVE-2023-35384 is a security feature bypass vulnerability in the Windows HTML Platforms. To exploit the vulnerability, an attacker must send the user a malicious file and convince them to open it. The vulnerability arises when the MSHTML platform fails to validate the correct Security Zone of requests for specific URLs. An attacker may exploit this to cause a user to access a URL in a less restricted Internet Security Zone than intended. CVE-2023-35388 and CVE-2023-38182 are remote code execution vulnerabilities affecting Microsoft Exchange Server. To exploit these vulnerabilities, the attacker must be authenticated with LAN access and have credentials for a valid Exchange user. On successful exploitation, an attacker may perform remote code execution via a PowerShell remoting session.

Tenable: CVE-2023-36900 | Windows Common Log File System Driver Elevation of Privilege Vulnerability

Tenable: CVE-2023-36900 is an EoP vulnerability in the Windows Common Log File System (CLFS) Driver. It was assigned a CVSSv3 score of 7.8 and is rated as “Exploitation More Likely.” An authenticated attacker could exploit this vulnerability to gain SYSTEM privileges.

72. Information Disclosure - Windows Cryptographic Services (CVE-2023-36906) - Medium [323]

Description: Windows Cryptographic Services Information Disclosure Vulnerability

73. Information Disclosure - Windows Cryptographic Services (CVE-2023-36907) - Medium [323]

Description: Windows Cryptographic Services Information Disclosure Vulnerability

74. Information Disclosure - Windows Wireless Wide Area Network Service (WwanSvc) (CVE-2023-36905) - Medium [323]

Description: Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability

75. Spoofing - Microsoft Exchange (CVE-2023-38181) - Medium [323]

Description: Microsoft Exchange Server Spoofing Vulnerability

Tenable: CVE-2023-38181, CVE-2023-38185, CVE-2023-35368, CVE-2023-38182, CVE-2023-35388 | Additional Microsoft Exchange Server Vulnerabilities

Tenable: |CVE-2023-38181||Microsoft Exchange Server Spoofing Vulnerability||8.8||Exploitation Less Likely|

ZDI: CVE-2023-38181 - Microsoft Exchange Server Spoofing Vulnerability. This is a patch bypass of CVE-2023-32031, which itself was a bypass of CVE-2023-21529, which was a bypass of CVE-2022-41082, which was under active attack. This exploit does require authentication, but if exploited, an attacker could use this to perform an NTLM relay attack to authenticate as another user. It could also allow an attacker to get a PowerShell remoting session to the server. This is one of six CVEs fixed in Exchange this month, and each seems more severe than the next. Definitely take the time to test and deploy the cumulative update quickly.

76. Elevation of Privilege - Windows Projected File System (CVE-2023-35378) - Medium [317]

Description: Windows Projected File System Elevation of Privilege Vulnerability

Qualys: CVE-2023-35378: Windows Projected File System Elevation of Privilege Vulnerability This vulnerability has a CVSS:3.1 7.0 / 6.1 Policy Compliance Control IDs (CIDs): 11511 List of installed features on the system

Qualys: CVE-2023-35378: Windows Projected File System Elevation of Privilege Vulnerability This vulnerability has a CVSSv3.1 score of 7.0/10.

77. Spoofing - Microsoft Outlook (CVE-2023-36893) - Medium [302]

Description: Microsoft Outlook Spoofing Vulnerability

78. Spoofing - Microsoft Edge (CVE-2023-35392) - Medium [300]

Description: Microsoft Edge (Chromium-based) Spoofing Vulnerability

MS PT Extended: CVE-2023-35392 was published before August 2023 Patch Tuesday from 2023-07-12 to 2023-08-07

79. Spoofing - Microsoft Edge (CVE-2023-3733) - Medium [300]

Description: {'ms_cve_data_all': 'Chromium: CVE-2023-3733 Inappropriate implementation in WebApp Installs. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.\n', 'nvd_cve_data_all': '', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Inappropriate implementation in WebApp Installs in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)', 'combined_cve_data_all': ''}

MS PT Extended: CVE-2023-3733 was published before August 2023 Patch Tuesday from 2023-07-12 to 2023-08-07

80. Spoofing - Microsoft Edge (CVE-2023-3734) - Medium [300]

Description: {'ms_cve_data_all': 'Chromium: CVE-2023-3734 Inappropriate implementation in Picture In Picture. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.\n', 'nvd_cve_data_all': '', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Inappropriate implementation in Picture In Picture in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)', 'combined_cve_data_all': ''}

MS PT Extended: CVE-2023-3734 was published before August 2023 Patch Tuesday from 2023-07-12 to 2023-08-07

81. Spoofing - Microsoft Edge (CVE-2023-3737) - Medium [300]

Description: {'ms_cve_data_all': 'Chromium: CVE-2023-3737 Inappropriate implementation in Notifications. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.\n', 'nvd_cve_data_all': '', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Inappropriate implementation in Notifications in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to spoof the contents of media notifications via a crafted HTML page. (Chromium security severity: Medium)', 'combined_cve_data_all': ''}

MS PT Extended: CVE-2023-3737 was published before August 2023 Patch Tuesday from 2023-07-12 to 2023-08-07

82. Spoofing - Microsoft Edge (CVE-2023-38173) - Medium [288]

Description: Microsoft Edge for Android Spoofing Vulnerability

MS PT Extended: CVE-2023-38173 was published before August 2023 Patch Tuesday from 2023-07-12 to 2023-08-07

83. Elevation of Privilege - Reliability Analysis Metrics Calculation Engine (RACEng) (CVE-2023-35379) - Medium [279]

Description: Reliability Analysis Metrics Calculation Engine (RACEng) Elevation of Privilege Vulnerability

84. Information Disclosure - Microsoft SharePoint Server (CVE-2023-36890) - Medium [273]

Description: Microsoft SharePoint Server Information Disclosure Vulnerability

85. Information Disclosure - Microsoft SharePoint Server (CVE-2023-36894) - Medium [273]

Description: Microsoft SharePoint Server Information Disclosure Vulnerability

86. Elevation of Privilege - Azure Arc-Enabled Servers (CVE-2023-38176) - Medium [267]

Description: Azure Arc-Enabled Servers Elevation of Privilege Vulnerability

87. Elevation of Privilege - Reliability Analysis Metrics Calculation (RacTask) (CVE-2023-36876) - Medium [267]

Description: Reliability Analysis Metrics Calculation (RacTask) Elevation of Privilege Vulnerability

88. Information Disclosure - Windows Hyper-V (CVE-2023-36908) - Medium [266]

Description: Windows Hyper-V Information Disclosure Vulnerability

89. Unknown Vulnerability Type - Microsoft Edge (CVE-2023-4078) - Medium [264]

Description: {'ms_cve_data_all': 'Chromium: CVE-2023-4078 Inappropriate implementation in Extensions. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.\n', 'nvd_cve_data_all': '', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Inappropriate implementation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: Medium)', 'combined_cve_data_all': ''}

MS PT Extended: CVE-2023-4078 was published before August 2023 Patch Tuesday from 2023-07-12 to 2023-08-07

90. Spoofing - Azure DevOps Server (CVE-2023-36869) - Medium [261]

Description: Azure DevOps Server Spoofing Vulnerability

91. Spoofing - Microsoft SharePoint Server (CVE-2023-36891) - Medium [261]

Description: Microsoft SharePoint Server Spoofing Vulnerability

92. Spoofing - Microsoft SharePoint Server (CVE-2023-36892) - Medium [261]

Description: Microsoft SharePoint Server Spoofing Vulnerability

93. Elevation of Privilege - Dynamics Business Central (CVE-2023-38167) - Medium [251]

Description: Microsoft Dynamics Business Central Elevation Of Privilege Vulnerability

94. Tampering - Microsoft Edge for Android (Chromium-based) (CVE-2023-36888) - Medium [244]

Description: Microsoft Edge for Android (Chromium-based) Tampering Vulnerability

MS PT Extended: CVE-2023-36888 was published before August 2023 Patch Tuesday from 2023-07-12 to 2023-08-07

95. Spoofing - Azure Apache Ambari Spoofing Vulnerability (CVE-2023-36881) - Medium [238]

Description: Azure Apache Ambari Spoofing Vulnerability

96. Spoofing - Azure Apache Hadoop (CVE-2023-38188) - Medium [238]

Description: Azure Apache Hadoop Spoofing Vulnerability

97. Spoofing - Azure Apache Hive (CVE-2023-35393) - Medium [238]

Description: Azure Apache Hive Spoofing Vulnerability

98. Spoofing - Azure Apache Oozie (CVE-2023-36877) - Medium [238]

Description: Azure Apache Oozie Spoofing Vulnerability

99. Spoofing - Azure HDInsight Jupyter Notebook (CVE-2023-35394) - Medium [238]

Description: Azure HDInsight Jupyter Notebook Spoofing Vulnerability

100. Spoofing - Microsoft Edge for iOS (CVE-2023-36883) - Medium [238]

Description: Microsoft Edge for iOS Spoofing Vulnerability

MS PT Extended: CVE-2023-36883 was published before August 2023 Patch Tuesday from 2023-07-12 to 2023-08-07

101. Unknown Vulnerability Type - Microsoft Edge (CVE-2023-3735) - Medium [228]

Description: {'ms_cve_data_all': 'Chromium: CVE-2023-3735 Inappropriate implementation in Web API Permission Prompts. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.\n', 'nvd_cve_data_all': '', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Inappropriate implementation in Web API Permission Prompts in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)', 'combined_cve_data_all': ''}

MS PT Extended: CVE-2023-3735 was published before August 2023 Patch Tuesday from 2023-07-12 to 2023-08-07

102. Unknown Vulnerability Type - Microsoft Edge (CVE-2023-3736) - Medium [228]

Description: {'ms_cve_data_all': 'Chromium: CVE-2023-3736 Inappropriate implementation in Custom Tabs. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.\n', 'nvd_cve_data_all': '', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 115.0.5790.98 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)', 'combined_cve_data_all': ''}

MS PT Extended: CVE-2023-3736 was published before August 2023 Patch Tuesday from 2023-07-12 to 2023-08-07

103. Unknown Vulnerability Type - Microsoft Edge (CVE-2023-3738) - Medium [216]

Description: {'ms_cve_data_all': 'Chromium: CVE-2023-3738 Inappropriate implementation in Autofill. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.\n', 'nvd_cve_data_all': '', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Inappropriate implementation in Autofill in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)', 'combined_cve_data_all': ''}

MS PT Extended: CVE-2023-3738 was published before August 2023 Patch Tuesday from 2023-07-12 to 2023-08-07

Low (0)

Exploitation in the wild detected (1)

Denial of Service (1)

• .NET and Visual Studio (CVE-2023-38180)

Qualys: CVE-2023-38180: .NET and Visual Studio Denial of Service Vulnerability The vulnerability may allow an attacker to perform a denial-of-service attack on a target system in a low-complexity attack without special privileges. Microsoft has not provided any additional information regarding the vulnerability in the latest advisory. CISA has added the CVE-2023-38180 to its Known Exploited Vulnerabilities Catalog requesting users to patch it before Aug 30, 2023.

Tenable: Microsoft’s August 2023 Patch Tuesday Addresses 73 CVEs (CVE-2023-38180)

Tenable: CVE-2023-38180 |.NET and Visual Studio Denial of Service Vulnerability

Tenable: CVE-2023-38180 is a Denial of Service (DoS) vulnerability in Microsoft Visual Studio,.NET versions 6.0 and 7.0, and ASP.NET Core 2.1. It is rated as “Important” and was assigned a CVSSv3 score of 7.5. According to Microsoft, this vulnerability was exploited in the wild as a zero-day. While details of its exploitation were not available at the time this blog post was published, an attacker that exploits this vulnerability would be able to create a DoS condition on a vulnerable server.

Rapid7: The lone zero-day vulnerability patched this month is CVE-2023-38180, a denial of service (DoS) vulnerability in .NET , ASP.NET Core 2.1, and recent versions of Visual Studio. Microsoft is aware of in-the-wild exploitation. While the only impact noted is availability, administrators responsible for web apps built on ASP.NET are well-advised to patch as soon as possible. The cross-platform Kestrel web server is included in ASP.NET Core, and contains protections so that it can detect and disconnect a potentially malicious client. However, Kestrel will sometimes fail to disconnect the client, leading to denial of service. Microsoft notes that mitigating factors may include a reverse proxy or Web Application Firewall (WAF), since these are designed to detect and mitigate HTTP-based attacks.

Public exploit exists, but exploitation in the wild is NOT detected (0)

Other Vulnerabilities (102)

Remote Code Execution (24)

• .NET and Visual Studio (CVE-2023-35390)
• Microsoft Message Queuing (CVE-2023-35385, CVE-2023-36910, CVE-2023-36911)

Qualys: CVE-2023-36910, CVE-2023-36911, & CVE-2023-35385: Microsoft Message Queuing Remote Code Execution Vulnerability Message Queuing (MSMQ) is a protocol developed by Microsoft to ensure reliable communication between Windows computers across different networks, even when a host is temporarily not connected (by maintaining a message queue of undelivered messages). To exploit this vulnerability, an attacker must send a specially crafted malicious MSMQ packet to an MSMQ server. An unauthenticated attacker may perform remote code execution on the target server by successfully exploiting the vulnerability.

Qualys: CVE-2023-35385, CVE-2023-36910, & CVE-2023-36911: Microsoft Message Queuing Remote Code Execution Vulnerability This vulnerability has a CVSS:3.1 9.8 / 8.5 Policy Compliance Control IDs (CIDs): 4030 Status of the ‘Windows Message Queuing Service’ 14916 Status of Windows Services 14297 Status of the open network connections and listening ports (Qualys Agent only)

Qualys: CVE-2023-36910, CVE-2023-36911, & CVE-2023-35385: Microsoft Message Queuing Remote Code Execution Vulnerability This vulnerability has a CVSSv3.1 score of 9.8/10.

Tenable: CVE-2023-35385, CVE-2023-36910 and CVE-2023-36911 | Microsoft Message Queuing Remote Code Execution Vulnerability

Tenable: CVE-2023-35385, CVE-2023-36910 and CVE-2023-36911 are RCE vulnerabilities in the Microsoft Message Queuing (MSMQ) component of Windows operating systems that were each given a CVSSv3 score of 9.8 and a rating of critical. Microsoft rated these vulnerabilities as “Exploitation Less Likely” using the Microsoft Exploitability Index.

Rapid7: The Windows Message Queuing Service is once again the site of multiple critical RCE vulnerabilities this month. CVE-2023-36910, CVE-2023-36911, and CVE-2023-35385 all come with a CVSSv3 base score of 9.8, reflecting the serious potential impact, lack of privileges required, and low attack complexity. One mitigating factor: the Microsoft Message Queueing Service must be enabled and listening on port 1801 for an asset to be vulnerable, and the Message Queueing Service is not installed by default. As Rapid7 has noted previously, however, a number of applications – including Microsoft Exchange – may quietly introduce MSMQ as part of their own installation routine.

ZDI: CVE-2023-35385/36910/36911 - Microsoft Message Queuing Remote Code Execution Vulnerability. All three of these are rated at a CVSS of 9.8 and could allow a remote anonymous attacker to execute their code on an affected server at the level of the Message Queuing service. There are 11 total bugs impacting Message Queuing getting fixed this month, and it’s clear that the research community is paying close attention to this service. While we haven’t detected active exploits targeting Message Queuing yet, it’s like just a matter of time as example PoCs exist. You can block TCP port 1801 as a mitigation, but the better choice is to test and deploy the update quickly.

• Windows Fax Service (CVE-2023-35381)
• Microsoft Exchange (CVE-2023-35368, CVE-2023-35388, CVE-2023-38182, CVE-2023-38185)

Qualys: Other Microsoft Vulnerability Highlights CVE-2023-35359 is an elevation of privilege vulnerability that may allow an attacker to gain SYSTEM privileges. An attacker with local access to the targeted machine and the user may create folders and performance traces on the device with restricted privileges that normal users have by default. CVE-2023-36900 is an elevation of privilege vulnerability in the Windows Common Log File System Driver. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-35380, CVE-2023-35382, and CVE-2023-35386 are elevation of privilege vulnerabilities in the Windows Kernel. Successful exploitation of the vulnerabilities may allow an attacker to gain SYSTEM privileges. CVE-2023-35384 is a security feature bypass vulnerability in the Windows HTML Platforms. To exploit the vulnerability, an attacker must send the user a malicious file and convince them to open it. The vulnerability arises when the MSHTML platform fails to validate the correct Security Zone of requests for specific URLs. An attacker may exploit this to cause a user to access a URL in a less restricted Internet Security Zone than intended. CVE-2023-35388 and CVE-2023-38182 are remote code execution vulnerabilities affecting Microsoft Exchange Server. To exploit these vulnerabilities, the attacker must be authenticated with LAN access and have credentials for a valid Exchange user. On successful exploitation, an attacker may perform remote code execution via a PowerShell remoting session.

Tenable: CVE-2023-38181, CVE-2023-38185, CVE-2023-35368, CVE-2023-38182, CVE-2023-35388 | Additional Microsoft Exchange Server Vulnerabilities

Tenable: |CVE-2023-38185||Microsoft Exchange Server Remote Code Execution Vulnerability||8.8||Exploitation Less Likely|

Tenable: |CVE-2023-35368||Microsoft Exchange Server Remote Code Execution Vulnerability||8.8||Exploitation Less Likely|

Tenable: |CVE-2023-38182||Microsoft Exchange Server Remote Code Execution Vulnerability||8.0||Exploitation More Likely|

Tenable: |CVE-2023-35388||Microsoft Exchange Server Remote Code Execution Vulnerability||8.0||Exploitation More Likely|

Tenable: Of the five other vulnerabilities patched this month, two (CVE-2023-38182, CVE-2023-35388) are rated as “Exploitation More Likely.” According to the advisories, exploitation of these vulnerabilities would allow an authenticated attacker to execute code using a PowerShell remoting session. In order to successfully exploit this flaw, the attacker would first need to have LAN access and valid credentials for an Exchange user.

ZDI: Looking at the other remote code execution patches, many are the expected Important-rated Office bugs. There are additional Exchange RCEs as well, although they require the attacker to be network adjacent – meaning on the same LAN as the target. The concerning one is CVE-2023-38185, which does require authentication, but could allow an attacker to run elevated code through a network call. There are two separate bugs that require connecting to a malicious database. Also note that if you have installed Microsoft SQL Server 2022 for x64-based Systems (GDR) or Microsoft SQL Server 2019 for x64-based Systems (GDR), you are still vulnerable and need to apply this update. There’s a patch for LDAP that would allow an attacker to run code with the service’s permissions through a specially crafted LDAP call. The final RCE this month is a fix for Dynamics 365 that could be exploited by clicking a link in e-mail.

• Microsoft OLE DB (CVE-2023-38169)
• Microsoft Teams (CVE-2023-29328, CVE-2023-29330)

Qualys: CVE-2023-29328, CVE-2023-29330: Microsoft Teams Remote Code Execution Vulnerability An attacker is required to trick a user into joining a Teams meeting set up by them. It would allow the attacker to perform remote code execution in the context of the victim user. A successful remote attack performed by an attacker would enable them to access and alter user information. The attacker requires no privileges to perform the exploit.

Rapid7: Potentially of greater concern are a pair of Microsoft Teams critical remote code execution (RCE) vulnerabilities. While the CVSS base score of 8.8 is at the top end of NVD’s High severity, Microsoft assesses both CVE-2023-29328 and CVE-2023-29330 as Critical on its own proprietary severity rating, and the advisories make clear why that is: both vulnerabilities allow an attacker to execute code in the context of anyone who joins a Teams meeting set up by the attacker. This affects Teams on all platforms: Windows Desktop, macOS, iOS, and Android. Given how widely Teams is used not just within organizations, but for collaboration outside of the organization in contexts requiring a level of trust of third parties not known to participants – pre-sales calls, scoping calls, industry association calls and so on – these vulnerabilities surely deserve immediate remediation attention.

ZDI: CVE-2023-29328/29330 - Microsoft Teams Remote Code Execution Vulnerability. These bugs allow an attacker to gain code execution on a target system by convincing someone to a malicious Teams meeting set up by the attacker. Microsoft doesn’t specifically state what level the code execution occurs, but they do note the attacker could provide “access to the victim's information and the ability to alter information,” so that implies at the logged-on user level. We’ve seen similar exploits demonstrated at Pwn2Own, so don’t skip this update.

• Microsoft WDAC OLE DB provider for SQL Server (CVE-2023-36882)
• Microsoft Edge (CVE-2023-36887)

MS PT Extended: CVE-2023-36887 was published before August 2023 Patch Tuesday from 2023-07-12 to 2023-08-07

• Windows Lightweight Directory Access Protocol (LDAP) (CVE-2023-38184)
• Microsoft Office (CVE-2023-35371)
• Tablet Windows User Interface Application Core (CVE-2023-36898)
• Microsoft Dynamics 365 On-Premises (CVE-2023-35389)
• HEVC Video Extensions (CVE-2023-38170)
• Microsoft Excel (CVE-2023-36896)
• Microsoft Office Visio (CVE-2023-35372, CVE-2023-36865, CVE-2023-36866)
• Microsoft Outlook (CVE-2023-36895)

Qualys: CVE-2023-36895: Microsoft Outlook Remote Code Execution Vulnerability To exploit the vulnerability, an attacker must convince a victim to download and open a specially crafted file from a website, leading to a local computer attack.

Rapid7: Rounding out the August critical RCE vulnerabilities, CVE-2023-36895 describes a flaw in Microsoft Outlook where an attacker who can convince a user to open a specially-crafted malicious file will be able to execute code in the context of the victim. However, although the advisory describes CVE-2023-36895 as an Outlook vulnerability, linked KB articles for Microsoft Installer versions of Office (e.g. KB5002464 for Office 2016) describe a security update for Word. At time of writing, it isn't clear whether this is because the vulnerable code is in a shared Office component, or whether this apparent discrepancy is an oversight.