CybserSecurity News

Tag: CVE-2023-36052

  • CVE-2023-36052: Microsoft Addresses Critical Azure Vulnerability

    Microsoft has released a security update to address a critical vulnerability in the Azure CLI that could be exploited by attackers to recover plaintext passwords and usernames from log files created by the affected CLI commands. The vulnerability, tracked as CVE-2023-36052, enables unauthenticated attackers to remotely access plain text contents written by Azure CLI to Continuous Integration and Continuous Deployment (CI/CD) logs.

    CVE-2023-36052

    What is the vulnerability?

    The vulnerability is caused by an error in the way that the Azure CLI handles sensitive information. As a result, attackers can exploit the vulnerability to gain access to plaintext passwords and usernames that are stored in log files.

    What are the potential risks of the vulnerability?

    If an attacker were to exploit the vulnerability, they could gain access to sensitive information such as passwords and usernames. This information could then be used to compromise other systems or to steal data.

    How can I protect myself from the vulnerability?

    The best way to protect yourself from the CVE-2023-36052 vulnerability is to update your Azure CLI to the latest version (2.54). You can also take the following steps to reduce your risk:

    • Do not store sensitive information in log files.
    • Use strong passwords and usernames.
    • Enable two-factor authentication.

    What is Microsoft doing to address the vulnerability?

    Microsoft has released a security update to address the vulnerability. The company has also implemented a new Azure CLI default configuration to bolster security measures, aiming to prevent accidental disclosure of sensitive information.

    In addition to the above, Microsoft also recommends the following:

    1. Always update Azure CLI to the latest release to receive the most recent security updates.
    2. Avoid exposing Azure CLI output in logs and/or publicly accessible locations. If developing a script that requires the output value, ensure that you filter out the property needed for the script. Please review Azure CLI information regarding output formats and implement our recommended guidance for masking an environment variable.
    3. Rotate keys and secrets on a regular basis. As a general best practice, customers are encouraged to regularly rotate keys and secrets on a cadence that works best for their environment. See our article on key and secret considerations in Azure here.
    4. Review the guidance around secrets management for Azure services.
    5. Review GitHub best practices for security hardening in GitHub Actions.
    6. Ensure GitHub repositories are set to private unless otherwise needed to be public.
    7. Review our guidance for securing Azure Pipelines

  • Patch Tuesday Alert: Microsoft Addresses 58 Vulnerabilities, Including Zero-Day Exploits

    Microsoft has released its November 2023 Patch Tuesday updates, addressing a total of 58 vulnerabilities, including five zero-day flaws that have been actively exploited by attackers. This month’s update highlights the importance of staying vigilant and promptly applying security patches to protect systems from potential threats.

    Microsoft has addressed five zero-day vulnerabilities in this November 2023 Patch Tuesday update. These flaws are particularly concerning as attackers have already exploited them in real-world attacks. Three of these zero-day vulnerabilities have been publicly disclosed, increasing the likelihood of widespread exploitation.

    • CVE-2023-36036 – Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

    Microsoft has fixed an actively exploited Windows Cloud Files Mini Filter Elevation of Privileges bug. “An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” explains Microsoft.

    • CVE-2023-36033 – Windows DWM Core Library Elevation of Privilege Vulnerability

    Microsoft has fixed an actively exploited and publicly disclosed Windows DWM Core Library vulnerability that can be used to elevate privileges to SYSTEM. “An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” explains Microsoft.

    • CVE-2023-36025 – Windows SmartScreen Security Feature Bypass Vulnerability

    Microsoft has fixed an actively exploited Windows SmartScreen flaw that allows a malicious Internet Shortcut to bypass security checks and warnings. “The attacker would be able to bypass Windows Defender SmartScreen checks and their associated prompts,” explains Microsoft.

    The user would have to click on a specially crafted Internet Shortcut (.URL) or a hyperlink pointing to an Internet Shortcut file to be compromised by the attacker,” continues Microsoft.

    • CVE-2023-36413 – Microsoft Office Security Feature Bypass Vulnerability

    An attacker must send the user a malicious file and convince them to open it,” explains Microsoft. “Successful exploitation of this vulnerability would allow an attacker to bypass the Office Protected View and open in editing mode rather than protected mode,” adds Microsoft

    • CVE-2023-36038 – ASP.NET Core Denial of Service Vulnerability

    This vulnerability could be exploited if http requests to .NET 8 RC 1 running on IIS InProcess hosting model are cancelled. Threads counts would increase and an OutOfMemoryException is possible,” explains Microsoft.

    If an attacker was able to successfully exploit the vulnerability the attack might result in a total loss of availability,” explains Microsoft.

    Among the patched vulnerabilities, three have been classified as critical, requiring immediate attention from system administrators and users alike:

    1. Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability (CVE-2023-36397):

      When Windows message queuing service is running in a PGM Server environment, an attacker could send a specially crafted file over the network to achieve remote code execution and attempt to trigger malicious code.

    2. Windows HMAC Key Derivation Elevation of Privilege Vulnerability (CVE-2023-36400):

      In this case, a successful attack could be performed from a low-privilege Hyper-V guest. The attacker could traverse the guest’s security boundary to execute code on the Hyper-V host execution environment. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

    3. Azure CLI REST Command Information Disclosure Vulnerability (CVE-2023-36052):

      An attacker that successfully exploited this vulnerability could recover plaintext passwords and usernames from log files created by the affected CLI commands and published by Azure DevOps and/or GitHub Actions.

    Given the severity of the vulnerabilities addressed in this Patch Tuesday update, organizations and individuals must prioritize patch deployment. Proactive patch management plays a critical role in reducing the risk of cyberattacks and protecting sensitive data.