Posts

SonicWall provides protection against exploits targeting recently announced critical CVE-2023-23397 vulnerability

/in /by

What is CVE-2023-23397

CVE-2023-23397 is a Microsoft Outlook Elevation of Privilege Vulnerability. This allows for a NTLM Relay attack against another service to authenticate as the user. SonicWall provides protection against exploits targeting this vulnerability.
Outlook Client on Windows OS (if still unpatched) is vulnerable. For the attack to be successful Outlook needs to be running but the user is is not required to preview email.

How is this exploited:

Attacker can send a specially crafted message file over SMTP and the vulnerability is triggered when victim’s Outlook client accesses this message.

SonicWall Capture Labs provides protection against this threat via :

  • ASPY 429: Malformed-msg msg.MP_1(CVE-2023-23397)
  • ASPY 430: Malformed-msg msg.MP_2 (CVE-2023-23397)
  • Capture ATP w/RTDMI

We also recommend disabling outbound SMB protocol access (block port 445 from internal networks to outside internet) as an extra measure to prevent external NTLM hash leakage. Please note that Outlook Clients running on non-Windows operating systems are not vulnerable.

For further details on this vulnerability please refer to: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397

Microsoft Security Bulletin Coverage for March 2023

/in /by

SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of March 2023. A list of issues reported, along with SonicWall coverage information, is as follows:

CVE-2023-23410 Windows HTTP.sys Elevation of Privilege Vulnerability
ASPY 424: Exploit-exe exe.MP_304

CVE-2023-23415 Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability
IPS 1265: Suspicious ICMP Traffic 2

CVE-2023-23416 Windows Cryptographic Services Remote Code Execution Vulnerability
ASPY 425: Malformed-File pfx.MP.1

CVE-2023-24880 Windows SmartScreen Security Feature Bypass Vulnerability
GAV 37203: CVE-2023-24880.A
GAV 37204: CVE-2023-24880.B

CVE-2023-23397 Microsoft Outlook Elevation of Privilege Vulnerability
ASPY 429:Malformed-msg msg.MP_1(CVE-2023-23397)
ASPY 430: Malformed-msg msg.MP_2 (CVE-2023-23397)
SonicWall Capture ATP with RTDMI

The following vulnerabilities do not have exploits in the wild :
CVE-2023-21708 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-23383 Service Fabric Explorer Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2023-23385 Windows Point-to-Point Protocol over Ethernet (PPPoE) Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-23388 Windows Bluetooth Driver Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-23389 Microsoft Defender Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-23391 Office for Android Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2023-23392 HTTP Protocol Stack Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-23393 Windows BrokerInfrastructure Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-23394 Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2023-23395 Microsoft SharePoint Server Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2023-23396 Microsoft Excel Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2023-23398 Microsoft Excel Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2023-23399 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-23400 Windows DNS Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-23401 Windows Media Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-23402 Windows Media Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-23403 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-23404 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-23405 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-23406 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-23407 Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-23408 Azure Apache Ambari Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2023-23409 Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2023-23411 Windows Hyper-V Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2023-23412 Windows Accounts Picture Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-23413 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-23414 Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-23417 Windows Partition Management Driver Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-23418 Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-23419 Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-23420 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-23421 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-23422 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-23423 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-24856 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2023-24857 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2023-24858 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2023-24859 Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2023-24861 Windows Graphics Component Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-24862 Windows Secure Channel Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2023-24863 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2023-24864 Microsoft PostScript and PCL6 Class Printer Driver Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-24865 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2023-24866 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2023-24867 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-24868 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-24869 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-24870 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2023-24871 Windows Bluetooth Service Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-24872 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-24876 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-24879 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2023-24882 Microsoft OneDrive for Android Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2023-24890 Microsoft OneDrive for iOS Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2023-24891 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2023-24906 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2023-24907 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-24908 Remote Procedure Call Runtime Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-24909 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-24910 Windows Graphics Component Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-24911 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2023-24913 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-24919 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2023-24920 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2023-24921 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2023-24922 Microsoft Dynamics 365 Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2023-24923 Microsoft OneDrive for Android Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2023-24930 Microsoft OneDrive for MacOS Elevation of Privilege Vulnerability
There are no known exploits in the wild.