Moodle has released security updates to address vulnerabilities in multiple products. Exploitation of these vulnerabilities may allow an attacker to gain access to sensitive information.

Users and administrators are encouraged to review Moodle Security Advisories MSA-23-0013, MSA-23-0010, MSA-23-0009, MSA-23-0005 and MSA-23-0007 and apply necessary updates.

Red Hat has released security updates to address vulnerabilities in multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of affected system.

Users and administrators are encouraged to review Red Hat Security Advisories RHSA-2023:1407, RHSA-2023:1406, RHSA-2023:1297 and RHSA-2023:1428 and apply necessary updates.

GitHub has released security updates to address vulnerabilities in Gophish, Apache Tomcat and OpenNMS. Exploitation of these vulnerabilities may allow an attacker to gain access to sensitive information.

Users and administrators are encouraged to review GitHub Security Advisories GHSA-55m9-hm92-xm8j, GHSA-2c9m-w27f-53rm and GHSA-jxr6-7qg5-8wv6 and apply necessary updates.

Apache has released security updates to address vulnerabilities in Apache Tomcat. Exploitation of these vulnerabilities may allow an attacker to gain access to sensitive information.

Users and administrators are encouraged to review Apache Security Advisory and apply necessary updates.

Advisory No: TZCERT/SA/2023/03/17

Date of First Release: 17^th March 2023

Source: Microsoft

Software Affected:  Microsoft Outlook for Windows

Overview:

Microsoft has released security patches to address the elevation of privilege vulnerability affecting Outlook for Windows. Microsoft Outlook is a personal information manager software from Microsoft for email clients that has several features such as calendaring, task manager, contact managing, note-taking, journal logging, etc. This vulnerability could allow an attacker to take control of an affected system.

Description:

This vulnerability is tracked as CVE-2023-23397 (CVSS score: 9.1). It is caused by the receipt of a crafted Outlook MSG file where the ”PidLidReminderFileParameter” is set to a Threat-Controlled SMB Resource (IP Address) will trigger the NTLM Authentication to the Threat-Controlled Server whether or not the email has been viewed. This allows NTLM credential theft that requires no user interaction.

The connection to the Threat-Controlled Server sends the user’s NTLM negotiation message, which the attacker can then relay for authentication against other systems that support NTLM authentication.

Impact:

Successful exploitation of this vulnerability may allow the attacker to control of the affected system.

Solution:

1. Add users to the Protected Users Security Group, this prevents the use of NTLM as an authentication mechanism.
2. In a firewall setting, block all TCP 445/SMB outbound from your network. This will prevent the sending of NTLM authentication messages to the remote file shares.

References:

1. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397

2. https://msrc.microsoft.com/blog/2023/03/microsoft-mitigates-outlook-elevation-of-privilege-vulnerability/