Weekly Vulnerability Recap – September 18, 2023 – Patch Tuesday Also For Adobe, Apple and More

eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

Microsoft’s Patch Tuesday dominates the headlines because of near-universal Windows adoption. However, many other companies time their updates for the same week, such as Adobe, SAP, and VMware.

Active exploits also lead to new versions of all major browsers as well as older versions of Apple products. Organizations of all sizes need to review the active exploits and announced patches and ensure that vulnerabilities in all of their high value and high risk systems are mitigated.

Active Vulnerability Exploits This Week

Vulnerabilities are serious business, but the sheer number of assets and vulnerabilities can leave many IT and security teams struggling to keep up with vulnerability management and patch management. However, once an attacker begins to actively exploit vulnerabilities, the risk becomes exponentially higher and these vulnerabilities must be prioritized for patching or mitigation.

This week, the following active exploits of vulnerabilities were announced:

See the top Patch and Vulnerability Management products

September 13, 2023

3 Kubernetes RCE Vulnerabilities Patched

Type of attack: Remote code execution (RCE) attacks using YAML files in a Kubernetes cluster could execute on all Windows endpoints within the cluster.

The problem: Akamai security researchers discovered a high-severity vulnerability in which insecure function calls and lack of user input sanitation can allow RCE.

The fix: Update all Kubernetes versions 1.28 or older.

Numerous XSS Vulnerabilities in Microsoft Azure HDInsight

Type of attack: Cross-site scripting (XSS) vulnerabilities in various Apache services were incorporated into Azure HDInsight and could allow attackers to hijack web sessions.

The problem: Orca security researchers found 8 important XSS vulnerabilities and demonstrated proof of concept of attacks.

The fix: All 8 vulnerabilities were patched by Microsoft as part of Patch Tuesday on August 8. However, HDInsight will not support in-place upgrades so security teams need to check for delays in the creation of new clusters with the updated version in some production environments.

Read More:

September 12, 2023

Adobe Recommends Applying Updates Within 72 Hours for Reader and Acrobat

Type of attack: An actively exploited out-of-bounds write attack can lead to RCE in Adobe Acrobat or Adobe Reader. Adobe Connect and Experience Manager are also vulnerable to cross-site scripting (XSS) attacks that can access cookies, session tokens, and other information stored in web browsers.

The problem:  Adobe recognizes the critical Acrobat/Reader vulnerability, CVE-2023-26369, is currently being exploited on Windows and macOS systems. Adobe Connect and Experience Manager vulnerabilities are less urgent, but should also be patched.

The fix: Apply patches to update the relevant Adobe products.

Significant Vulnerabilities Patched for Apple, SAP, VMware

Many other vendors joined Microsoft and Adobe in releasing vulnerability patches this week. Notable updates include:

Read More: 

September 11, 2023

Actively-Exploited Zero-Day in Major Browsers

Type of attack: The active exploit is not revealed, but researchers note the potential for it to crash the browser or perform RCE attacks.

The problem:  A heap buffer overflow vulnerability, CVE-2023-4863, can overwrite code into memory because of a flaw in the libwebp library.

The fix: Update Chrome, Microsoft Edge (built on Chrome), Firefox (Mozilla), and Brave (built on Chrome) browsers as well as the Thunderbird (Mozilla) email client.

See the Top Endpoint Detection and Response (EDR) Solutions in 2023

September 8, 2023

Buffer Overflow Zero-Days in Notepad++ With RCE Potential

Type of attack: Attackers could use specially crafted files to trick users into remote code execution (RCE) in older Notepad++ versions.

The problem: GitHub researcher Jaroslav Lobacevski found and reported on four buffer overflow vulnerabilities. The most severe, rated CVSS 7.8 (high) could be used to execute arbitrary and potentially malicious code within Notepad++.

The fix: The four vulnerabilities and other bugs have been fixed in the latest version of the open source code editing product, Notepad++ 8.5.7.

Ubuntu Kernel OverlayFS Access To Root Vulnerability

Type of attack: Two new privilege escalation attacks from non-root containers aim to obtain container root privileges.

The problem: Ubuntu’s Linux kernel did not properly perform permission checks in certain situations and could allow attackers with access to a non-root container to execute files that could obtain root privileges.

The fix: Ubuntu nodes should be upgraded to a patched kernel version. For unpatched nodes, actively monitor and detect non-root privileged containers and use Seccomp or AppArmour to block the use of the “unshare” command.

Read next:

Featured Partners

Get the Free Cybersecurity Newsletter

Strengthen your organization’s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices.

Chad Kime Avatar

Subscribe to Cybersecurity Insider

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.

Top Cybersecurity Companies

Top 10 Cybersecurity Companies

See full list

Get the Free Newsletter!

Subscribe to Cybersecurity Insider for top news, trends & analysis