CVE-2023-28206
CVE-2023-28205
Apple has released an update relating to two actively exploited vulnerabilities. Microsoft has also released updates addressing 97 vulnerabilities including one 0-day.
Threat Name: CVE-2023-28206,
CVE-2023-28205
Risk Factor: Critical
Date: April 2023
Get Help Now
Solace Cyber security specialists can secure your estate with patching and conduct forensic analysis
What we know about the vulnerabilities
All in-support MacOS and iOS devices are affected by two vulnerabilities that are being actively exploited: CVE-2023-28206 and CVE-2023-28205.
It’s recommended that you update systems ASAP as detailed instructions on how to abuse CVE-2023-28206 are now public.
Microsoft has released a vast number of fixes this month. One vulnerability is a 0-day CVE-2023-28252 where there is known exploitation by Nokoyawa ransomware. Another noteworthy vulnerability is CVE-2023-21554, which is marked as critical and is a remote code execution vulnerability that affects Microsoft Message Queuing.
Microsoft message queuing is commonly installed on exchange servers where automatic role installation is selected during install although this vulnerability is not limited to exchange only.
CVE-2023-28220 and CVE-2023-28219 both affect Windows remote access servers (RAS) and have been marked by Microsoft as “exploitation more likely”. RAS servers are usually directly on the internet to provide remote access to an organisation.
Lastly, a critical DHCP vulnerability was also fixed relating to CVE-2023-28231. This vulnerability would allow an attacker to craft an RPC call to the DHCP server to exploit this flaw. Commonly, DHCP services are installed alongside domain controllers, which is a known bad practice due to these types of DHCP flaws.
What is the Recommended Guidance?
All iOS and MacOS devices must be updated to the latest available versions, as CVE-2023-28206 and CVE-2023-28205 are actively being exploited.
Due to the vast quantity of critical Microsoft vulnerabilities this month and the Microsoft 0-day it would be worth prioritising patches for external systems such as, Exchange and RAS servers first. Then, DHCP services and the rest of your fleet.
It would be worth considering splitting out any known domain controllers with DHCP services going forward. Moving DHCP as a service to another machine.
The Solace Cyber Implementation Plan
Solace recommends:
- Immediately updating all Apple devices to the latest available versions to address CVE-2023-28206 and CVE-2023-28205.
- Prioritising the patching of external-facing systems, such as Exchange and RAS servers, due to the higher likelihood of exploitation.
- Updating all other Microsoft Operating systems.
- As a best practice, move DHCP services away from all domain controllers to another Server or appliance.
- Conducting a thorough vulnerability assessment to identify potential weaknesses and prioritise remediation efforts. Solace can provide additional assistance with vulnerability scanning.
- Due to the active exploitation of this month’s Apple vulnerabilities, Solace can provide a forensic mailbox investigation to look for signs of mailbox compromise.
Speak to a cyber security specialist
Solace Global can conduct forensic audits and patching to secure your estate from Microsoft Outlook zero-day vulnerability