msrc_cve-2023-38175
Vulnerability from csaf_microsoft
Published
2023-08-08 07:00
Modified
2023-11-28 08:00
Summary
Microsoft Windows Defender Elevation of Privilege Vulnerability

Notes

Additional Resources
To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer
The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
Customer Action
Required. The vulnerability documented by this CVE requires customer action to resolve.


To clipboard 

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "\u003ca href=\"https://twitter.com/filip_dragovic\"\u003eFilip Dragovi\u0107\u003c/a\u003e"
        ]
      }
    ],
    "aggregate_severity": {
      "namespace": "https://www.microsoft.com/en-us/msrc/security-update-severity-rating-system",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      },
      {
        "category": "general",
        "text": "Required. The vulnerability documented by this CVE requires customer action to resolve.",
        "title": "Customer Action"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2023-38175 Microsoft Windows Defender Elevation of Privilege Vulnerability - HTML",
        "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38175"
      },
      {
        "category": "self",
        "summary": "CVE-2023-38175 Microsoft Windows Defender Elevation of Privilege Vulnerability - CSAF",
        "url": "https://msrc.microsoft.com/csaf/2023/msrc_cve-2023-38175.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Exploitability Index",
        "url": "https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "Microsoft Windows Defender Elevation of Privilege Vulnerability",
    "tracking": {
      "current_release_date": "2023-11-28T08:00:00.000Z",
      "generator": {
        "date": "2025-01-01T01:58:31.425Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2023-38175",
      "initial_release_date": "2023-08-08T07:00:00.000Z",
      "revision_history": [
        {
          "date": "2023-08-08T07:00:00.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        },
        {
          "date": "2023-11-28T08:00:00.000Z",
          "legacy_version": "1.1",
          "number": "2",
          "summary": "Updated FAQ information. This is an informational change only."
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c1.1.23060.3001",
            "product": {
              "name": "Windows Defender Antimalware Platform \u003c1.1.23060.3001",
              "product_id": "1"
            }
          },
          {
            "category": "product_version",
            "name": "1.1.23060.3001",
            "product": {
              "name": "Windows Defender Antimalware Platform 1.1.23060.3001",
              "product_id": "11744"
            }
          }
        ],
        "category": "product_name",
        "name": "Windows Defender Antimalware Platform"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-38175",
      "cwe": {
        "id": "CWE-59",
        "name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
      },
      "notes": [
        {
          "category": "general",
          "text": "Microsoft",
          "title": "Assigning CNA"
        },
        {
          "category": "faq",
          "text": "An attacker would only be able to delete targeted files on a system.",
          "title": "What privileges could be gained by an attacker who successfully exploited the vulnerability?"
        },
        {
          "category": "faq",
          "text": "Last version of the MpSigStub.exe affected by this vulnerability: Last version of the MpSigStub.exe affected by this vulnerability, 1.1.23060.3000: 1.1.23060.3000, First version of the MpSigStub.exe with this vulnerability addressed: First version of the MpSigStub.exe with this vulnerability addressed, 1.1.23060.3001: 1.1.23060.3001\nIn response to a constantly changing threat landscape, Microsoft frequently updates malware definitions and the Microsoft Malware Protection Engine. In order to be effective in helping protect against new and prevalent threats, antimalware software must be kept up to date with these updates in a timely manner.\nFor enterprise deployments as well as end users, the default configuration in Microsoft antimalware software helps ensure that malware definitions and the Microsoft Malware Protection Engine are kept up to date automatically. Product documentation also recommends that products are configured for automatic updating.\nBest practices recommend that customers regularly verify whether software distribution, such as the automatic deployment of Microsoft Malware Protection Engine updates and malware definitions, is working as expected in their environment.\nMicrosoft also typically updates the malware definitions three times daily and can increase the frequency when needed.\nDepending on which Microsoft antimalware software is used and how it is configured, the software may search for engine and definition updates every day when connected to the Internet, up to multiple times daily. Customers can also choose to manually check for updates at any time.\nMpSigStub.exe is a component that\u2019s responsible for installing definition updates.\nYes.  In addition to the changes that are listed for this vulnerability, this update includes defense-in-depth updates to help improve security-related features.\nFor more information, visit the Microsoft Malware Protection Center website.\nThis security update is delivered only through definition updates. This cannot happen if Defender is in a disabled state (such as in the case of a third-party antivirus product providing real time protection). If Defender is disabled, you can delete the vulnerable file from the system: C:\\WINDOWS\\System32\\MpSigStub.exe.\nIf Defender is re-enabled at a later time, MpSigStub.exe will be replaced only when updating signatures via Microsoft Update or WSUS. MpSigStub.exe will not be replaced via the standalone Mpam-fe.exe install through MMPC, or via UNC Path installs.\nCustomers should verify that the latest version of the Microsoft Malware Protection Engine and definition updates are being actively downloaded and installed for their Microsoft antimalware products.\nFor more information on how to verify the version number for the Microsoft Malware Protection Engine that your software is currently using, see the section, \u0026quot;Verifying Update Installation\u0026quot;, in Microsoft Knowledge Base Article 2510781.\nAdministrators of enterprise antimalware deployments should ensure that their update management software is configured to automatically approve and distribute engine updates and new malware definitions. Enterprise administrators should also verify that the latest version of the Microsoft Malware Protection Engine and definition updates are being actively downloaded, approved and deployed in their environment.\nFor end-users, the affected software provides built-in mechanisms for the automatic detection and deployment of this update. For these customers, the update will be applied within 48 hours of its availability. The exact time frame depends on the software used, Internet connection, and infrastructure configuration.\nEnd users that do not wish to wait can manually update their antimalware software.\nFor more information on how to manually update the Microsoft Malware Protection Engine and malware definitions, refer to Microsoft Knowledge Base Article 2510781.",
          "title": "1. Why is no action required to install this update?"
        }
      ],
      "product_status": {
        "fixed": [
          "11744"
        ],
        "known_affected": [
          "1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-38175 Microsoft Windows Defender Elevation of Privilege Vulnerability - HTML",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38175"
        },
        {
          "category": "self",
          "summary": "CVE-2023-38175 Microsoft Windows Defender Elevation of Privilege Vulnerability - CSAF",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38175"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-08-08T07:00:00.000Z",
          "details": "1.1.23060.3001:Security Update:https://www.microsoft.com/en-us/wdsi/defenderupdates",
          "product_ids": [
            "1"
          ],
          "url": "https://www.microsoft.com/en-us/wdsi/defenderupdates"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalsScore": 0.0,
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 6.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Elevation of Privilege"
        },
        {
          "category": "exploit_status",
          "details": "Exploited:No;Latest Software Release:Exploitation Less Likely"
        }
      ],
      "title": "Microsoft Windows Defender Elevation of Privilege Vulnerability"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.