This month’s Microsoft Patch Tuesday fixes two zero-day vulnerabilities, with both exploited in attacks and one of them publicly disclosed.

Identified Vulnerabilities
The first zero-day vulnerability, CVE-2023-36884, is a remote code execution vulnerability in the Windows Search component. This vulnerability can be exploited by an attacker to send a specially crafted file to a victim, which could then be used to execute arbitrary code on the victim’s system.

The second zero-day vulnerability, CVE-2023-38180, is a denial of service vulnerability in the .NET and Visual Studio software development kits. This vulnerability can be exploited by an attacker to crash a victim’s system, preventing them from using the software.

Complete list of affected systems can be found here: https://msrc.microsoft.com/update-guide.

What You Should Do

  • Apply appropriate patches or appropriate mitigations provided by Microsoft to vulnerable systems immediately after appropriate testing.
  • Apply the Principle of Least Privilege to all systems and services, and run all software as a non-privileged user (one without administrative rights) to diminish the effects of a successful attack.
  • Remind all users not to visit untrusted websites, follow links, or open files provided by unknown or untrusted sources.
  • Use capabilities to prevent suspicious behavior patterns from occurring on endpoint systems. This could include suspicious process, file, API call, etc. behavior.

If you have questions or need assistance, contact a member of the BMT team.