Microsoft Patch Tuesday and Apple.

All in-support MacOS and iOS devices are affected by two vulnerabilities that are being actively exploited: CVE-2023-28206 and CVE-2023-28205.

It’s recommended that you update systems ASAP as detailed instructions on how to abuse CVE-2023-28206 are now public.

Microsoft has released a vast number of fixes this month. One vulnerability is a 0-day CVE-2023-28252 where there is known exploitation by Nokoyawa ransomware. Another noteworthy vulnerability is CVE-2023-21554, which is marked as critical and is a remote code execution vulnerability that affects Microsoft Message Queuing.

Microsoft message queuing is commonly installed on exchange servers where automatic role installation is selected during install although this vulnerability is not limited to exchange only.

CVE-2023-28220 and CVE-2023-28219 both affect Windows remote access servers (RAS) and have been marked by Microsoft as “exploitation more likely”. RAS servers are usually directly on the internet to provide remote access to an organisation.

Lastly, a critical DHCP vulnerability was also fixed relating to CVE-2023-28231. This vulnerability would allow an attacker to craft an RPC call to the DHCP server to exploit this flaw. Commonly, DHCP services are installed alongside domain controllers, which is a known bad practice due to these types of DHCP flaws.

All iOS and MacOS devices must be updated to the latest available versions, as CVE-2023-28206 and CVE-2023-28205 are actively being exploited.

Due to the vast quantity of critical Microsoft vulnerabilities this month and the Microsoft 0-day it would be worth prioritising patches for external systems such as, Exchange and RAS servers first. Then, DHCP services and the rest of your fleet.

It would be worth considering splitting out any known domain controllers with DHCP services going forward. Moving DHCP as a service to another machine.

Solace recommends: