The Alternate Crew requested admins to deploy a brand new and “higher” patch for a crucial Microsoft Alternate Server vulnerability initially addressed in August.
Tracked as CVE-2023-21709 and patched throughout August 2023 Patch Tuesday, the safety flaw allows unauthenticated attackers to escalate privileges on unpatched Alternate servers in low-complexity assaults that do not require person interplay.
“In a network-based assault, an attacker may brute drive person account passwords to log in as that person. Microsoft encourages using sturdy passwords which are harder for an attacker to brute drive,” Microsoft defined.
Although Microsoft launched safety updates to repair the vulnerability, it additionally knowledgeable Alternate admins that they’d additionally must take away the susceptible Home windows IIS Token Cache module manually or use this PowerShell script to make sure their servers are protected in opposition to assaults utilizing CVE-2023-21709 exploits.
As a part of this month’s Patch Tuesday, Microsoft has now launched a brand new safety replace (CVE-2023-36434) that absolutely addresses the CVE-2023-21709 flaw and would not require any further steps.
“In the course of the launch of August 2023 SUs, we advisable to make use of a handbook or scripted answer and disable the IIS Token Cache module as a approach of addressing CVE-2023-21709,” the Alternate Crew stated.
“At the moment, Home windows staff has launched the IIS repair for root reason for this vulnerability, within the type of repair for CVE-2023-36434. We suggest putting in the IIS repair after which you’ll be able to re-enable Token Cache module in your Alternate servers.”
Admins requested to re-enable susceptible IIS module
When you’ve already eliminated the Home windows IIS Token Cache module to completely tackle the privilege escalation bug in August, you’ll now have to put in right this moment’s safety updates and re-enable the IIS module utilizing this script or by working the next command from an elevated PowerShell immediate:
New-WebGlobalModule -Title "TokenCacheModule" -Picture "%windirpercentSystem32inetsrvcachtokn.dll"Admins who’re but to patch the August CVE-2023-21709 safety replace are suggested to put in the Home windows Server October 2023 safety updates.
“We’re making updates to all associated August 2023 documentation pages and scripts in addition to Well being Checker to replicate our new suggestion,” Microsoft added.
The October 2023 Patch Tuesday safety updates patched 104 flaws, 12 rated crucial and three tagged as zero-day vulnerabilities actively exploited in assaults.
Microsoft refused to patch considered one of them, a Skype for Enterprise Elevation of Privilege Vulnerability tracked as CVE-2023-41763 and disclosed by Dr. Florian Hauser in September 2022, till right this moment, though attackers can exploit it to achieve entry to techniques on inside networks.
