A critical RCE vulnerability in Remote Procedure Call Runtime, CVE-2023-21708, should be a priority for security teams as it allows unauthenticated attackers to run remote commands on a target machine. Threat actors could use this to attack Domain Controllers, which are open by default. To mitigate, we recommend Domain Controllers only allow RPC from authorized networks and RPC traffic to unnecessary endpoints and servers is limited.
Being exploited in the wild, a vulnerability in Windows Defender SmartScreen (CVE-2023-24880) allows attackers to subvert in-built Windows protections blocking untrustworthy files. The usual checks on reputation and source of files are bypassed, allowing malicious programs to run. This new threat is similar to another actively exploited SmartScreen vulnerability, patched by Microsoft in December 2022.
Another critical vulnerability, CVE-2023-23415, poses a serious risk as it allows attackers to exploit a flaw in Internet Control Message Protocol – which is often not restricted by firewalls – to gain remote code execution on exposed servers using a malicious packet. Requiring the targeting of a raw socket – any organisation using such infrastructure should either patch, or block ICMP packets at the firewall.