Rackspace Response to November 2023 Microsoft Patch Tuesday Security Advisory

by Marc Nourani Director, Global Service Operations, Rackspace Technology

On 14 November 2023, Microsoft released patches for 58 vulnerabilities – the Microsoft Security Guide is available here: https://msrc.microsoft.com/update-guide. Rackspace Cyber Threat Intelligence engineers are highlighting two vulnerabilities classified as Critical as especially notable.  

CVE-2023-36397 is a vulnerability within Windows Pragmatic General Multicast (PGM) which requires that the ‘Message Queuing’ service be running and listening on TCP port 1801. This service is not enabled by default but, when enabled, ingress traffic should be limited to desired source IP addresses. Exploitation does not require authentication or user interaction and has a low attack complexity.  

CVE-2023-36052 is a vulnerability within Azure’s command line interface (CLI) in versions prior to 2.53.1. Exploitation would allow an unauthenticated attacker to recover credentials stored in log files. This vulnerability has a CVSS score of 8.6. No software mitigations exist; the only fix is to patch.  

Rackspace engineers have performed an initial assessment and strongly recommend that customers review the advisories and ensure appropriate patches are installed. Rackspace customers using our Managed Patching Service will be patched during normal patching cycles.  

For those customers not using Rackspace Managed Patching, we recommend patching devices as soon as possible to mitigate these vulnerabilities. Customers not using our Managed Patching Service can install the latest Windows Updates themselves or can request that Rackspace perform patching by contacting Rackspace Support. Customers running on EOL Operating Systems must purchase and enable Extended Security Updates from Microsoft to patch vulnerabilities released by Microsoft.  

Our security teams are actively monitoring the situation and will provide any associated updates via this blog.  

Should you have any questions or require assistance in responding to these vulnerabilities, please contact a support Racker via https://www.rackspace.com/login. 

Contact us for assistance or questions