CyberScotland Bulletin

Technical Bulletin July 2023

Technical Bulletins

The CyberScotland Technical Bulletin is designed to provide you with information about updates, exploits and countermeasures.

Please subscribe to our CyberScotland mailing list to be notified by email when a new bulletin is published.

Microsoft Patch Tuesday

Microsoft’s Patch Tuesday for July 2023 has arrived, offering security patches for a total of 132 vulnerabilities. This includes six that are under active exploitation and a notable number of thirty-seven which are remote code execution vulnerabilities.

The six zero-day vulnerabilities currently under active exploitation addressed in the current update include:

CVE-2023-32046 – This refers to a security flaw in the Windows MSHTML platform. It’s an Elevation of Privilege vulnerability that malicious parties have been exploiting by initiating a specifically designed file through emails or potentially harmful websites.

CVE-2023-32049 – This is a Security Feature Bypass Vulnerability in Windows SmartScreen. Cyber adversaries have manipulated this vulnerability to inhibit the “Open File – Security Warning” prompt from appearing during the process of downloading and activating files from the internet.

CVE-2023-36874 – An Elevation of Privilege Vulnerability present in the Windows Error Reporting Service. Threat actors have exploited this flaw to procure administrative privileges over a Windows system.

CVE-2023-36884 – This concerns a zero-day vulnerability that enables remote code execution in unprotected Microsoft Office and Windows. It manifests when threat actors utilise specially constructed Microsoft Office documents to execute harmful code remotely.

ADV230001 – This advisory provides key information about the misuse of Microsoft Signed Drivers. Microsoft has responded by rescinding the relevant code-signing certificates and developer accounts that were exploiting a Windows policy gap to install harmful kernel-mode drivers.

CVE-2023-35311 – This is a Security Feature Bypass Vulnerability that’s currently under active exploitation in Microsoft Outlook. It allows threat actors to ignore security warnings and functions even in the preview pane.

It is advised that Microsoft users promptly apply the latest security patches. For additional insight and more information of these updates, users can visit Microsoft’s official security update guide here.

Fourth MOVEit Vulnerability Discovered

A recent disclosure has unveiled yet another significant SQL injection vulnerability in Progress Software’s MOVEit Transfer platform, marking the fourth such incident in just one month. This new vulnerability, identified as CVE-2023-36934, is separate from the previously discovered zero-day flaw that has been leveraged successfully by the Cl0p ransomware gang. Nevertheless, it carries a similar risk, potentially enabling unauthorized cyber actors to infiltrate MOVEit Transfer databases, thereby gaining the ability to launch malware, alter files, or extract sensitive data.

The vulnerability arises when an attacker introduces a specially crafted payload to an endpoint of a MOVEit Transfer application. This action could potentially lead to unauthorised alterations and disclosures of the content within the MOVEit database.

Despite the current lack of reports indicating that this flaw has been exploited in the wild, an advisory stress the urgency of patching this vulnerability due to its high-risk nature. This recommendation also extends to two additional high-severity vulnerabilities (CVE-2023-36932 and CVE-2023-36933) that were disclosed simultaneously.

These vulnerabilities impact the following MOVEit Transfer versions: 12.1.10 and prior, 13.0.8 and prior, 13.1.6 and prior, 14.0.6 and prior, 14.1.7 and prior, and 15.0.3 and prior.

In addition to the aforementioned vulnerabilities, other SQL vulnerabilities disclosed since early June include CVE-2023-35708, CVE-2023-35036, and CVE-2023-34362. We strongly advise all users to promptly install the necessary patches to protect against these serious threats to their system’s security.

Apple Critical Zero-Day Exploit Fixed

Apple has released Rapid Security Response (RSR) updates to tackle a zero-day vulnerability that has been actively exploited. This vulnerability affects fully-patched iPhones, Macs, and iPads, posing a significant security risk.

The recently discovered vulnerability, identified as CVE-2023-37450, targeted Apple devices through a flaw in the WebKit browser engine. Attackers could exploit this vulnerability by enticing users to visit malicious websites, leading to arbitrary code execution on the targeted devices. Apple has acknowledged the active exploitation of this vulnerability.

To address this critical security issue, Apple has swiftly responded with Rapid Security Response (RSR) updates. These updates are designed to provide quick and targeted fixes for significant vulnerabilities without waiting for a full software update.

iOS 16.5.1 and iPadOS 16.5.1: These updates address the zero-day vulnerability and include important security fixes. It is strongly recommended that iPhone and iPad users update their devices to these versions.

CiSP – The Cyber Security Information Sharing Partnership

The Cyber Security Information Sharing Partnership (CiSP) is a joint industry and government initiative set up to exchange cyber threat information in real time, in a secure, confidential and dynamic environment, increasing situational awareness and reducing the impact on UK […]

Read more CiSP – The Cyber Security Information Sharing Partnership in modal dialog

Scottish Information Sharing Network (SciNET Group)

SciNet is a community for Scottish Buisnesses to engage on CiSP. The Cyber Security Information Sharing Partnership (CiSP) is a joint industry and government initiative set up to exchange cyber threat information in real time, in a secure, confidential and […]

Read more Scottish Information Sharing Network (SciNET Group) in modal dialog
Back to top of the page