Threat Response: Patches available for multiple critical vulnerabilities in Microsoft products

09-03-2022

A SAFE DIGITAL JOURNEY

On Tuesday March 9th, Microsoft published a number of patches for multiple security flaws as part of “Patch Tuesday”. The patched vulnerabilities include critical security vulnerabilities in Microsoft Windows and Microsoft Exchange Server.

We recommend installing these patches as soon as possible.

Description

On March 9th, Microsoft published security patches for a large number of vulnerabilities, five of which are marked as ‘critical’. The two most severe vulnerabilities are tracked under the following CVE-numbers:

  • CVE-2022-24508 – Windows SMBv3 Client/Server Remote Code Execution Vulnerability (CVSS3.1: 8.8)
  • CVE-2022-23277 – Microsoft Exchange Server Remote Code Execution Vulnerability (CVSS3.1: 8.8)

In total, Microsoft has patched 92 vulnerabilities with this update. This Threat Response will describe the most important vulnerabilities. Microsoft has published a complete overview of the patched vulnerabilities[1].

CVE-2022-24508 – Windows SMBv3 Client/Server Remote Code Execution Vulnerability

With this vulnerability in SMBv3, authenticated users are able to execute arbitrary code. Because both clients and servers are affected, a malicious user is able to use this vulnerability for lateral movement in the network.

CVE-2022-23277 – Microsoft Exchange Server Remote Code Execution Vulnerability

With this vulnerability, authenticated users are also able to execute arbitrary code. Using a network call to an Exchange server, an authenticated user is able to execute code with elevated privileges.

Impact

From the list of vulnerabilities, five are marked as critical. Arbitrary code execution has a large impact on the affected system, and, because malicious users are able to use this for lateral movement, we assess the impact as high. Microsoft has provided a detailed list of all the affected products[2,3].

Risk

There is currently no public exploit code available for the two mentioned vulnerabilities, but we expect these to be available soon. We assess the risk as high.

Mitigation

No further mitigations are available, aside from installing the patches. We recommend installing the security updates as soon as possible.

What should you do?

Install the latest updates.

What will Northwave do?

Northwave will monitor developments around these vulnerabilities. When possible, we will add detection rules around these vulnerabilities to the Northwave Detection Platform. We will reach out to you again if there are important updates, including if the threat posed by this activity increases. If you have any questions or require any additional information, please reach out to us by phone or email. 

E-mail: [email protected] Do you have an incident right now? Call our CERT number: +31 (0)85 043 7909Disclaimer applies, see below.

Sources

[1] https://msrc.microsoft.com/update-guide/releaseNote/2022-Mar

[2] https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24508

[3] https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-23277

 

Disclaimer
Northwave has made every effort to make this information accurate and reliable. However, the information provided is without warranty of any kind and its use is at the sole risk of the user. Northwave does not accept any responsibility or liability for the accuracy, content, completeness, legality or reliability of the information provided. We shall not be liable for any loss or damage of whatever nature, direct or indirect, consequential or other, whether arising in contract, tort or otherwise, which may arise as a result of your use of, or inability to use, this information or any additional information provided by us in direct or indirect relation to the information provided here.