-
Notifications
You must be signed in to change notification settings - Fork 35
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Windows DOS-to-NT Path Conversion Process Exploited - 20240424002 - A…
…dvisory (#670)
- Loading branch information
1 parent
537218b
commit a399757
Showing
1 changed file
with
27 additions
and
0 deletions.
There are no files selected for viewing
27 changes: 27 additions & 0 deletions
27
docs/advisories/20240424002-Windows-DOS-to-NT-Path-Conversion-Process-Exploited.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| # Windows DOS-to-NT Path Conversion Process Exploited - 20240424002 | ||
|
|
||
| ## Overview | ||
|
|
||
| The DOS-to-NT path conversion process could be exploited by threat actors to achieve rootkit-like capabilities to conceal and impersonate files, directories, and processes. | ||
|
|
||
| ## What is vulnerable? | ||
|
|
||
| | CVE | Severity | CVSS | Product(s) Affected | | ||
| | -------------------------------------------------------------------------------- | -------- | ---- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | ||
| | [CVE-2023-36396](https://nvd.nist.gov/vuln/detail/CVE-2023-36396#range-10049065) | **High** | 7.8 | Windows 11 22H2 **versions Upto (excluding) 10.0.22621.2715** on ARM64 <br> Windows 11 22H2 **versions Upto (excluding) 10.0.22621.2715** on x64 <br> Windows 11 23H2 **versions Upto (excluding) 10.0.22621.2715** on ARM64 <br> Windows 11 23H2 **versions Upto (excluding) 10.0.22621.2715** on x64 | | ||
| | [CVE-2023-32054](https://nvd.nist.gov/vuln/detail/CVE-2023-32054#range-9396510) | **High** | 7.3 | Windows 10 1507 **versions Upto (excluding) 10.0.10240.20048** <br> Windows 10 1607 **versions Upto (excluding) 10.0.14393.6085** <br> Windows 10 1809 **versions Upto (excluding) 10.0.17763.4645** <br> Windows 10 21H2 **versions Upto (excluding) 10.0.19041.3208** <br> Windows 10 22H2 **versions Upto (excluding) 10.0.19045.3208** <br> Windows 11 21H2 **versions Upto (excluding) 10.0.22000.2176** <br> Windows 11 22H2 **versions Upto (excluding) 10.0.22621.1992** <br> Windows Server 2012 <br> Windows Server 2012 R2 <br> Windows Server 2016 <br> Windows Server 2019 <br> Windows Server 2022 | | ||
|
|
||
| ## What has been observed? | ||
|
|
||
| There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing. | ||
|
|
||
| ## Recommendation | ||
|
|
||
| The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices (refer [Patch Management](../guidelines/patch-management.md)): | ||
|
|
||
| - [Microsoft Security Updates - CVE-2023-36396](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36396) | ||
| - [Microsoft Security Updates - CVE-2023-32054](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32054) | ||
|
|
||
| ## Additional References | ||
|
|
||
| - [The Hacker News - Researchers Uncover Windows Flaws Granting Hackers Rootkit-Like Powers](https://thehackernews.com/2024/04/researchers-uncover-windows-flaws.html) |