CVE / RCE / MITRE / ExploitDB - Tuesday

Exploring Cybersecurity: Understanding RCE, CVE, MITRE, and ExploitDB

In the dynamic realm of cybersecurity, knowledge is power. This blog explores key concepts integral to understanding and fortifying digital defenses—Remote Code Execution (RCE), Common Vulnerabilities and Exposures (CVE), The MITRE Corporation, and the Exploit Database (ExploitDB). Delving into the intricacies of RCE, we unveil the potential threats it poses to software, applications, and systems.

RCE vulnerabilities, allowing remote execution of arbitrary code, present a serious risk, enabling unauthorized access, data theft, and system compromise. Developers and security experts engage in an ongoing battle to identify and patch these vulnerabilities, safeguarding systems and user data.

Our exploration begins with a look at CVE databases, indispensable repositories that standardize vulnerability management data. The National Vulnerability Database (NVD) serves as the U.S. government's repository, offering comprehensive information, while the MITRE CVE List stands as an authoritative source.

Venturing into vulnerability databases and exploit repositories, we encounter ExploitDB—a widely utilized platform providing a curated collection of exploits and Vulners, a comprehensive database aggregating information from various sources.

The journey concludes by exploring GitHub repositories, where security advisories related to vulnerabilities within open-source projects are cataloged. As we navigate this multifaceted landscape, our aim is to foster a deeper understanding of cybersecurity and the collaborative efforts to fortify digital environments against evolving threats.

1. Common Vulnerabilities and Exposures (CVE) Databases:

   • National Vulnerability Database (NVD):

     • Website: https://nvd.nist.gov/

     • Description: NVD is the U.S. government repository of standards-based vulnerability management data. It provides information on security vulnerabilities, including their descriptions, severity scores, and links to related patches.

   • MITRE CVE List:

     • Website: https://cve.mitre.org/

     • Description: The MITRE Corporation manages the CVE List, which is a comprehensive and authoritative source for CVE information. It includes details on vulnerabilities and references to related security advisories.

2. Vulnerability Databases and Exploit Repositories:

   • Exploit Database (ExploitDB):

     • Website: https://www.exploit-db.com/

     • Description: ExploitDB is a widely used platform that provides a collection of exploits, shellcodes, papers, and other resources. Researchers can find proof-of-concept code and details about vulnerabilities.

   • Vulners:

     • Website: https://vulners.com/

     • Description: Vulners is a vulnerability database that aggregates information from various sources, including CVE, exploit databases, and security blogs. It offers a search engine for vulnerabilities and related data.

3. GitHub Repositories:

   • GitHub Security Advisory Database:

     • Website: https://github.com/advisories

     • Description: GitHub maintains a database of security advisories related to vulnerabilities in open-source projects hosted on its platform. Researchers can find details about vulnerabilities, patches, and remediation steps.

Microsoft January 2024 Patch Tuesday fixes 49 flaws, 12 RCE bugs

Today is Microsoft's January 2024 Patch Tuesday, which includes security updates for a total of 49 flaws and 12 remote code execution vulnerabilities.

Only two vulnerabilities were classified as critical, with one being a Windows Kerberos Security Feature Bypass and the other a Hyper-V RCE. 

The number of bugs in each vulnerability category is listed below:

• 10 Elevation of Privilege Vulnerabilities

• 7 Security Feature Bypass Vulnerabilities

• 12 Remote Code Execution Vulnerabilities

• 11 Information Disclosure Vulnerabilities

• 6 Denial of Service Vulnerabilities

• 3 Spoofing Vulnerabilities 

The total count of 49 flaws does not include 4 Microsoft Edge flaws fixed on January 5th.

To learn more about the non-security updates released today, you can review our dedicated articles on the new Windows 11 KB5034123 cumulative update and Windows 10 KB5034122 update.

This month's interesting flaws

While there were no actively exploited or publicly disclosed vulnerabilities this month, some flaws are more interesting than others.

Microsoft fixes an Office Remote Code Execution Vulnerability tracked as CVE-2024-20677 that allows threat actors to create maliciously crafted Office documents with embedded FBX 3D model files to perform remote code execution.

"A security vulnerability exists in FBX that could lead to remote code execution. To mitigate this vulnerability, the ability to insert FBX files has been disabled in Word, Excel, PowerPoint and Outlook for Windows and Mac," explains Microsoft security bulletin.

"Versions of Office that had this feature enabled will no longer have access to it. This includes Office 2019, Office 2021, Office LTSC for Mac 2021, and Microsoft 365."

"3D models in Office documents that were previously inserted from a FBX file will continue to work as expected unless the Link to File option was chosen at insert time."

A critical Windows Kerberos bug tracked as CVE-2024-20674 was also fixed today, allowing an attacker to bypass the authentication feature.

"An unauthenticated attacker could exploit this vulnerability by establishing a machine-in-the-middle (MITM) attack or other local network spoofing technique, then sending a malicious Kerberos message to the client victim machine to spoof itself as the Kerberos authentication server," reads a support bulletin.

Recent updates from other companies

Other vendors who released updates or advisories in January 2023 include:

• Cisco released security updates for a privilege elevation flaw in the Cisco Identity Services Engine.

• Google released the Android January 2024 security updates.

• Ivanti released security updates for a critical remote code execution (RCE) vulnerability in its Endpoint Management software (EPM).

• A new KyberSlash attack puts numerous Quantum encryption projects at risk.

• SAP has released its January 2024 Patch Day updates.

The January 2024 Patch Tuesday Security Updates

Below is the complete list of resolved vulnerabilities in the January 2023 Patch Tuesday updates.