Overview of Patch Tuesday’s Sysmon Vulnerability
During Microsoft’s latest Patch Tuesday, the company released a security advisory describing a Local Privilege Escalation vulnerability within Sysmon. An independent security researcher discovered the vulnerability and then released it to Microsoft. While it’s currently a low-risk vulnerability, Microsoft has released Sysmon version 14.16 to fix the flaw that users should install.
Sysmon Vulnerability Details
This vulnerability exists due to the application improperly imposing security restrictions in SysInternals Sysmon for Windows. As a result, threat actors can bypass security restrictions and privilege escalation within the environment. Instead of acting as an initial gateway into the system, experts expect malicious actors to leverage the vulnerability to escape any privileges on the already compromised system.
As mentioned, this is a low-risk vulnerability. Its CVSS scale rating is 7.8, with a likelihood of exploitation. Due to the lack of publicly available proof-of-concept exploits, Microsoft recommends upgrading your devices to the latest available version of Sysmon. This version, Sysmon 14.16, should be added to your next patching schedule to minimize the chances of local privilege escalation.
In order to perform the Sysmon update, please see the Sysmon Installation guide provided by Arctic Wolf here.
How to Protect Your Organization from Cyber Vulnerabilities
As always, it’s important to pay attention to new vulnerabilities and potential risks within your environment so you can take the necessary mitigation steps. This is especially true for zero days, which can be found on Patch Tuesdays. Additionally, performing updates and maintaining a sense of urgency when dealing with vulnerabilities will ensure you and your organization are protected in the long run.
If your organization needs assistance managing its cyber risk, consider partnering with a managed cybersecurity service provider (MSSP) like M.A. Polce. We offer customizable cybersecurity services that actively defend your network from cyber threats and managed risk and compliance services to help you assess and strengthen your security posture. Contact us to learn more about our cybersecurity solutions for businesses.
Sources
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29343 – Microsoft Updates
https://learn.microsoft.com/en-us/sysinternals/downloads/sysmon – Sysmon Download
https://arcticwolf.com/resources/blog/cve-2023-29343-sysmon-local-privilege-escalation-vulnerability/
– Arctic Wolf blog