Threat Roundup: Microsoft August Patch Tuesday & New PaperCut Vulnerability
August is off to a busy start for cyberthreats. In this article, we’ll recap Microsoft’s August Patch Tuesday announcement and the new PaperCut vulnerability. Read on to learn more.
What’s the update from Microsoft and PaperCut?
Microsoft August 2023 Patch Tuesday
Microsoft has released its August Patch Tuesday security updates, providing fixes for a total of 87 vulnerabilities, including two actively exploited zero-days and 23 remote code execution (RCE) vulnerabilities rated as “Critical” by Microsoft.
The two zero-day vulnerabilities being actively exploited can be found below:
- ADV230003 – Microsoft Office Defense in Depth Update (publicly disclosed). This update is in response to the discovery of CVE-2023-36884, a security feature bypass vulnerability affecting Windows and Windows Server installations disclosed as part of the July 2023 Patch Tuesday release. While ADV230003 does not directly address CVE-2023-36884, it was included as part of this month’s release as it “stops the attack chain” that leads to CVE-2023-36884.
- CVE-2023-38180 – A Denial of Service (DoS) vulnerability in Microsoft Visual Studio, .NET versions 6.0 and 7.0, and ASP.NET Core 2.1. It is rated as “Important” and was assigned a CVSSv3 score of 7.5. While details of its exploitation were not available at the time of writing, an attacker that exploits this vulnerability could create a DoS condition on a vulnerable server.
The complete list of resolved vulnerabilities in the August 2023 Patch Tuesday updates can be found in the full report.
New PaperCut Vulnerability
A serious vulnerability, identified as CVE-2023-39143, has been found in the popular PaperCut NG/MF print management software for those running on Windows systems before version 22.1.3.
This flaw may allow unauthorized individuals to access, delete or upload files to the PaperCut server, which could lead to remote control of the server under specific conditions. The external device integration setting, which is activated by default in certain versions of PaperCut, like the Commercial and MF versions, makes the server vulnerable to such attacks. Research suggests that most PaperCut installations use Windows and have this setting activated, exposing them to potential risks.
What is Nuspire doing?
For Microsoft, Nuspire applies patches when they’re released in accordance with the vendor’s recommendations. Regarding the PaperCut vulnerability, Nuspire monitors client networks for indications of compromise based on behavioral indications along with known artifacts. Nuspire will continue to monitor and update as information becomes available.
How should I protect myself from these vulnerabilities?
Microsoft
Organizations should review the August 2023 security updates and apply patches as soon as possible to affected systems prioritized by criticality.
- Patching should focus on the two actively exploited vulnerabilities described above.
- Reviewing individual CVEs from Microsoft will also provide workaround/mitigations if immediate patching is not possible.
PaperCut
Organizations are strongly advised to take immediate actions to protect their PaperCut installations from potential security threats:
- Users of PaperCut on Windows, especially those with internet-accessible servers, are urged to check the PaperCut security bulletin.
- If your software has not yet been updated, immediately patch to the latest version, which is 22.1.3 as of this writing.
- For those unable to update, ensure your PaperCut server isn’t exposed to the open internet. Create an allowlist of device IP addresses permitted to interact with your PaperCut server. Instructions can be found in the “IP Address Allow-listing” section of the PaperCut security best practices guide.
While exploiting this vulnerability is more complex than previous ones and involves multiple steps, PaperCut has been a target for threat actors in the past, so it is crucial to take the necessary precautions and secure your environment as soon as possible.
