Full Report
Microsoft has patched two zero days this month, one of which is being exploited in the wild
Analysis Summary
From the provided article excerpt, I can summarize one specific vulnerability that was patched in the June Patch Tuesday update mentioned.
# Vulnerability: RCE in WebDAV HTTP Extension
## CVE Details
- CVE ID: CVE-2024-33053
- CVSS Score: 8.8 (Important)
- CWE: Not specified in the summary.
## Affected Systems
- Products: Microsoft Web Distributed Authoring and Versioning (WebDav) HTTP extension (part of affected Microsoft products running a WebDAV service).
- Versions: All affected versions are implicitly covered by the June Patch Tuesday update for the corresponding Microsoft products. Specific versions are not listed in the excerpt.
- Configurations: Affects systems where WebDAV service is unnecessarily exposed or misconfigured, which is common in environments using it for document management, collaboration platforms, or legacy file-sharing tools.
## Vulnerability Description
This is a Remote Code Execution (RCE) vulnerability residing within the Web Distributed Authoring and Versioning (WebDav) HTTP extension. The flaw stems from how WebDAV handles file commands, specifically `PUT` and `MOVE`. An attacker can exploit this by uploading a malicious file via a `PUT` request, then renaming it using a `MOVE` request that includes a semicolon-injected filename. This technique allows for execution of arbitrary code with elevated privileges by triggering execution via a crafted URL, effectively bypassing standard security controls.
## Exploitation
- Status: Exploited in the wild
- Complexity: Assumed Medium, based on the complexity of chaining `PUT` and `MOVE` requests with semicolon injection.
- Attack Vector: Network (Remote)
## Impact
- Confidentiality: High (Implied by RCE with elevated privileges)
- Integrity: High (Implied by RCE with elevated privileges)
- Availability: High (Implied by RCE with elevated privileges)
## Remediation
### Patches
- **Crucial Action:** Apply the relevant Microsoft security updates released as part of the June Patch Tuesday addressing CVE-2024-33053. (Specific patch KB numbers or product versions are not detailed in this excerpt).
### Workarounds
- Temporarily disable or restrict access to the WebDAV service if it is not strictly necessary, especially if it is exposed externally.
- Review configurations to ensure WebDAV is not unnecessarily exposed for remote file management.
## Detection
- **Indicators of Compromise (IOCs):** Look for unusual `PUT` requests followed by `MOVE` operations on the WebDAV endpoint that involve unusual characters or file naming conventions that could indicate semicolon injection attempts.
- **Detection Methods and Tools:** Monitor web server logs (IIS logs, etc.) for suspicious HTTP verb usage targeting WebDAV paths. Automox suggests reviewing endpoints where WebDAV might be present.
## References
- Microsoft June Patch Tuesday Advisory (General reference)
- Infosecurity Magazine Article: hxxps://www.infosecurity-magazine.com/news/two-microsoft-zero-days-june-patch/