Only 34 CVEs? December Patch Tuesday’s Holiday Gift to You
It’s the last Patch Tuesday of 2023 and this month brings with it a fresh batch of vulnerabilities. While only 34 vulnerabilities (Happy Holidays…?) were released, there are several to pay close attention to.
In our latest podcast, we dove into some of three of the most interesting CVEs and provided important insights for IT professionals and everyday users alike. While Microsoft is typically the main topic of Patch Tuesday, we didn’t want to leave out our macOS endpoints. Below, you’ll find a few important takeaways, but for even more detailed guidance, please listen to the brand new Patch [FIX] Tuesday podcast.
Microsoft Patch Tuesday Vulnerabilities: A Brief History
CVE-2023-35618
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability - [Moderate]
The Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability is a security flaw that can potentially allow an attacker to escape the browser's sandbox. The sandbox is a security mechanism that isolates running programs, limiting their access to system resources and preventing them from causing damage. If an attacker can escape the sandbox, they can potentially execute arbitrary code with elevated privileges, access sensitive information, or even take over the affected system.
This vulnerability is rated as moderate severity, but it's not to be ignored. It could potentially lead to a browser sandbox escape, transforming the normally safe browsing environment of Microsoft Edge into a potential risk. Regular updates, patches, and user education are your primary defense against such threats.
This is not as complex as it may seem. At its core, it's essentially a phishing attack. You see, an attacker needs user interaction to exploit it. They'd have to convince the user to click on a specially crafted link, usually sent via email or instant messaging. Regular updates and patches can only do so much, the rest is up to you to educate your users.
Culture is the number one security measure hands down. Whether it's a culture of patching regularly and often, or whether it's a culture of user education and vigilance, being able to rely on that security culture that you've set to carry you through is the most critical thing that you can do.
"If you think about it, the web browser in many ways is the modern OS because we have so many HTML-based applications."
- Jason Kikta, Automox CISO, SVP of Product
CVE-2023-35628
Windows MSHTML Platform Remote Code Execution Vulnerability - [Critical]
The Windows MSHTML Platform Remote Code Execution Vulnerability is another significant bug to be wary of. One of the major threats with this vulnerability is the fact that it doesn't require any user interaction to be exploited.
Simply put, an attacker can craft a special email which can trigger the vulnerability as soon as it is processed by the Outlook client. This could potentially lead to an exploitation even before the user has had a chance to preview the email.
Furthermore, the complexity of launching an attack through this vulnerability is high, involving sophisticated memory shaping techniques. However, this should not be a reason to underestimate the threat. Defensive measures need to be equally robust and multifaceted. Users are often the first line of defense. If they can recognize an attempt to exploit a vulnerability, they can prevent a lot of potential damage. Ensuring they have the knowledge to do this is just as important as any patch or update.
“While these vulnerabilities seem intimidating, they can be mitigated with a strong security culture. This involves regular patching, vigilant user education, and strong detection methodologies. It's not just about having the right tools, but also about fostering the right attitudes and behaviors.”
- Ryan Braunstein, Security Engineer
macOS Sonoma 14.1.2 - Memory Corruption Vulnerability
The macOS Sonoma 14.1.2 update addressed a significant memory corruption vulnerability within WebKit, which was reported to have been exploited against older versions of iOS.
This issue was a critical one; processing web content could potentially lead to arbitrary code execution. To put it simply, a malicious actor could take control of your system just by your device interacting with the wrong web content. Apple's solution? In their standard release note vagueness, Apple said, “An improvement in their locking system to combat this memory corruption.”
The fact that this issue was being exploited in the wild prior to the fix underlines the importance of speedy updates when it comes to cybersecurity. It's a stark reminder that cyber threats aren't always theoretical; they're happening right here, right now, and we need to be prepared.
Make sure you're updating your devices regularly and educating yourself about the potential risks in web content. It's a big, wild web out there. And while its vastness and complexity are impressive, they can also serve as a playground for threat actors. Stay safe, stay updated, and don't forget that a little awareness goes a long way.
"....if you can get your grandma to keep her Mac updated, I'm pretty sure you could get everyone else to."
- Tom Bowyer, Director of Security
Update vigilantly and regularly
This month's Patch Tuesday is a stark reminder of the importance of vigilant security measures and regular system updates. As our podcast hosts shared, maintaining good IT hygiene, educating users about potential threats, and keeping systems updated are crucial steps in maintaining a safe and secure digital environment.
“My mantra has always been that culture is the number one security measure hands down. And so I think whether you have a culture of patching regularly and often, or whether it’s a culture of user education and vigilance, or a culture of developing strong detection methodologies, hopefully, it’s all of the above.”
- Jason Kikta, Automox CISO, SVP of Product
We provides a 100% CloudNative IT Endpoint operations platform for modern organizations. As a comprehensive EndPointManagement Platform, it has advanced SoftwareManagement for PatchManagement, Adding, Removing, and Updating Software, Changing and Configure Settings along with PolicyManagement on any device or operating system located anywhere in the world and at any time. With the push of a button, ITAdministartors can fix CriticalVulnerabilities faster, slash cost and complexity, and win back hours in the day.If you want to know more kindly Click here