CVE-2023-29306

Tycho_Jissard

**MS-ISACCYBERSECURITYADVISORY****MS-ISACADVISORYNUMBER:**2023-105**DATE(S)ISSUED:**09/12/2023**SUBJECT:**MultipleVulnerabilitiesinAdobeProductsCouldAllowforArbitraryCodeExecution**OVERVIEW:**MultiplevulnerabilitieshavebeendiscoveredinAdobeproducts,themostsevereofwhichcouldallowforarbitrarycodeexecution.*AdobeAcrobatisusedtoview,create,print,andmanagePDFfiles*AdobeReaderisusedtoview,create,print,andmanagePDFfiles*AdobeExperienceManagerisacomprehensivecontentmanagementsolutionforbuildingwebsites,mobileappsandforms*AdobeConnectisasuiteofsoftwareforremotetraining,webconferencing,presentation,anddesktopsharingSuccessfulexploitationofthemostsevereofthesevulnerabilitiescouldallowforarbitrarycodeexecutioninthecontextoftheloggedonuser.Dependingontheprivilegesassociatedwiththeuser,anattackercouldtheninstallprograms;view,change,ordeletedata;orcreatenewaccountswithfulluserrights.Userswhoseaccountsareconfiguredtohavefeweruserrightsonthesystemcouldbelessimpactedthanthosewhooperatewithadministrativeuserrights.**THREATINTELLIGENCE:**AdobeisawarethatCVE-2023-26369hasbeenexploitedinthewildinlimitedattackstargetingAdobeAcrobatandReader.**SYSTEMSAFFECTED:***AcrobatDCversions23.003.20284andearlier*AcrobatReaderDCversions23.003.20284andearlier*Acrobat2020versions20.005.30516(Mac)andearlier*Acrobat2020versions20.005.30514(Win)andearlier*AcrobatReader2020versions20.005.30516(Mac)andearlier*AcrobatReader2020versions20.005.30514(Win)andearlier*AdobeExperienceManager(AEM)AEMCloudService(CS)versions2023.8andearlier*AdobeExperienceManager(AEM)versions6.5.17.0andearlier*AdobeConnectversions12.3andearlier**RISK:****Government:***Largeandmediumgovernmententities:**High***Smallgovernmententities:**Medium****Businesses:***Largeandmediumbusinessentities:**High***Smallbusinessentities:**Medium****Homeusers:Low****TECHNICALSUMMARY:**MultiplevulnerabilitieshavebeendiscoveredinAdobeProducts,themostsevereofwhichcouldallowforarbitrarycodeexecution.Detailsofthesevulnerabilitiesareasfollows**Tactic**:*Execution***(**[TA0002](https://learn.cisecurity.org/e/799323/tactics-TA0002-/4t6f4x/1255084143?h=JNwLGejOj9pxbAFgXup2w-9UwbqTuFUxOpYaear8KLE)**)**:**Technique**:*ExploitationforClientExecution***(**[T1203](https://learn.cisecurity.org/e/799323/techniques-T1203-/4t6f51/1255084143?h=JNwLGejOj9pxbAFgXup2w-9UwbqTuFUxOpYaear8KLE)**):**AdobeAcrobatandReader:*Out-of-boundsWrite,whichcouldresultinArbitrarycodeexecution(CVE-2023-26369)AdobeExperienceManager:*Cross-siteScripting(ReflectedXSS),whichcouldresultinArbitrarycodeexecution(CVE-2023-38214andCVE-2023-38215)AdobeConnect:*Cross-siteScripting(ReflectedXSS),whichcouldresultinArbitrarycodeexecution(CVE-2023-29305andCVE-2023-29306)Successfulexploitationofthemostsevereofthesevulnerabilitiescouldallowforarbitrarycodeexecution.Dependingontheprivilegesassociatedwiththeuseranattackercouldtheninstallprograms;view,change,ordeletedata;orcreatenewaccountswithfulluserrights.Userswhoseaccountsareconfiguredtohavefeweruserrightsonthesystemcouldbelessimpactedthanthosewhooperatewithadministrativeuserrights.**RECOMMENDATIONS:**Werecommendthefollowingactionsbetaken:*ApplyappropriateupdatesprovidedbyAdobetovulnerablesystemsimmediatelyafterappropriatetesting.([**M1051**](https://learn.cisecurity.org/e/799323/mitigations-M1051-/4t6f54/1255084143?h=JNwLGejOj9pxbAFgXup2w-9UwbqTuFUxOpYaear8KLE)**:UpdateSoftware**)***Safeguard7.1:EstablishandMaintainaVulnerabilityManagementProcess:**Establishandmaintainadocumentedvulnerabilitymanagementprocessforenterpriseassets.Reviewandupdatedocumentationannually,orwhensignificantenterprisechangesoccurthatcouldimpactthisSafeguard.***Safeguard7.2:EstablishandMaintainaRemediationProcess:**Establishandmaintainarisk-basedremediationstrategydocumentedinaremediationprocess,withmonthly,ormorefrequent,reviews.***Safeguard7.4:PerformAutomatedApplicationPatchManagement:**Performapplicationupdatesonenterpriseassetsthroughautomatedpatchmanagementonamonthly,ormorefrequent,basis.***Safeguard7.5:PerformAutomatedVulnerabilityScansofInternalEnterpriseAssets:**Performautomatedvulnerabilityscansofinternalenterpriseassetsonaquarterly,ormorefrequent,basis.Conductbothauthenticatedandunauthenticatedscans,usingaSCAP-compliantvulnerabilityscanningtool.***Safeguard7.7:RemediateDetectedVulnerabilities:**Remediatedetectedvulnerabilitiesinsoftwarethroughprocessesandtoolingonamonthly,ormorefrequent,basis,basedontheremediationprocess.***Safeguard12.1:EnsureNetworkInfrastructureisUp-to-Date:**Ensurenetworkinfrastructureiskeptup-to-date.Exampleimplementationsincluderunningthelateststablereleaseofsoftwareand/orusingcurrentlysupportednetwork-as-a-service(NaaS)offerings.Reviewsoftwareversionsmonthly,ormorefrequently,toverifysoftwaresupport.***Safeguard18.1:EstablishandMaintainaPenetrationTestingProgram:**Establishandmaintainapenetrationtestingprogramappropriatetothesize,complexity,andmaturityoftheenterprise.Penetrationtestingprogramcharacteristicsincludescope,suchasnetwork,webapplication,ApplicationProgrammingInterface(API),hostedservices,andphysicalpremisecontrols;frequency;limitations,suchasacceptablehours,andexcludedattacktypes;pointofcontactinformation;remediation,suchashowfindingswillberoutedinternally;andretrospectiverequirements.***Safeguard18.2:PerformPeriodicExternalPenetrationTests:**Performperiodicexternalpenetrationtestsbasedonprogramrequirements,nolessthanannually.Externalpenetrationtestingmustincludeenterpriseandenvironmentalreconnaissancetodetectexploitableinformation.Penetrationtestingrequiresspecializedskillsandexperienceandmustbeconductedthroughaqualifiedparty.Thetestingmaybeclearboxoropaquebox.***Safeguard18.3:RemediatePenetrationTestFindings:**Remediatepenetrationtestfindingsbasedontheenterprise’spolicyforremediationscopeandprioritization.*Vulnerabilityscanningisusedtofindpotentiallyexploitablesoftwarevulnerabilitiestoremediatethem.**(**[**M1016**](https://learn.cisecurity.org/e/799323/mitigations-M1016-/4t6f57/1255084143?h=JNwLGejOj9pxbAFgXup2w-9UwbqTuFUxOpYaear8KLE)**:VulnerabilityScanning)*****Safeguard16.13:ConductApplicationPenetrationTesting:**Conductapplicationpenetrationtesting.Forcriticalapplications,authenticatedpenetrationtestingisbettersuitedtofindingbusinesslogicvulnerabilitiesthancodescanningandautomatedsecuritytesting.Penetrationtestingreliesontheskillofthetestertomanuallymanipulateanapplicationasanauthenticatedandunauthenticateduser.*ApplythePrincipleofLeastPrivilegetoallsystemsandservices.Runallsoftwareasanon-privilegeduser(onewithoutadministrativeprivileges)todiminishtheeffectsofasuccessfulattack.([**M1026**](https://learn.cisecurity.org/e/799323/mitigations-M1026-/4t6f5b/1255084143?h=JNwLGejOj9pxbAFgXup2w-9UwbqTuFUxOpYaear8KLE)**:PrivilegedAccountManagement**)***Safeguard4.7:ManageDefaultAccountsonEnterpriseAssetsandSoftware:**Managedefaultaccountsonenterpriseassetsandsoftware,suchasroot,administrator,andotherpre-configuredvendoraccounts.Exampleimplementationscaninclude:disablingdefaultaccountsormakingthemunusable.***Safeguard5.4:RestrictAdministratorPrivilegestoDedicatedAdministratorAccounts:**Restrictadministratorprivilegestodedicatedadministratoraccountsonenterpriseassets.Conductgeneralcomputingactivities,suchasinternetbrowsing,email,andproductivitysuiteuse,fromtheuser’sprimary,non-privilegedaccount.***Safeguard5.5:EstablishandMaintainanInventoryofServiceAccounts:**Establishandmaintainaninventoryofserviceaccounts.Theinventory,ataminimum,mustcontaindepartmentowner,reviewdate,andpurpose.Performserviceaccountreviewstovalidatethatallactiveaccountsareauthorized,onarecurringscheduleataminimumquarterly,ormorefrequently*Architectsectionsofthenetworktoisolatecriticalsystems,functions,orresources.Usephysicalandlogicalsegmentationtopreventaccesstopotentiallysensitivesystemsandinformation.UseaDMZtocontainanyinternet-facingservicesthatshouldnotbeexposedfromtheinternalnetwork.Configureseparatevirtualprivatecloud(VPC)instancestoisolatecriticalcloudsystems.**(**[**M1030**](https://learn.cisecurity.org/e/799323/mitigations-M1030-/4t6f5f/1255084143?h=JNwLGejOj9pxbAFgXup2w-9UwbqTuFUxOpYaear8KLE)**:NetworkSegmentation)*****Safeguard12.2:EstablishandMaintainaSecureNetworkArchitecture:**Establishandmaintainasecurenetworkarchitecture.Asecurenetworkarchitecturemustaddresssegmentation,leastprivilege,andavailability,ataminimum.*Usecapabilitiestodetectandblockconditionsthatmayleadtoorbeindicativeofasoftwareexploitoccurring.([**M1050**](https://learn.cisecurity.org/e/799323/mitigations-M1050-/4t6f5j/1255084143?h=JNwLGejOj9pxbAFgXup2w-9UwbqTuFUxOpYaear8KLE)**:ExploitProtection**)***Safeguard10.5:****EnableAnti-ExploitationFeatures:**Enableanti-exploitationfeaturesonenterpriseassetsandsoftware,wherepossible,suchasMicrosoft®DataExecutionPrevention(DEP),Windows®DefenderExploitGuard(WDEG),orApple®SystemIntegrityProtection(SIP)andGatekeeper™.*Restrictuseofcertainwebsites,blockdownloads/attachments,blockJavascript,restrictbrowserextensions,etc.([**M1021**](https://learn.cisecurity.org/e/799323/mitigations-M1021-/4t6f5m/1255084143?h=JNwLGejOj9pxbAFgXup2w-9UwbqTuFUxOpYaear8KLE)**:RestrictWeb-BasedContent**)***Safeguard9.2:UseDNSFilteringServices:**UseDNSfilteringservicesonallenterpriseassetstoblockaccesstoknownmaliciousdomains.***Safeguard9.3:MaintainandEnforceNetwork-BasedURLFilters:**Enforceandupdatenetwork-basedURLfilterstolimitanenterpriseassetfromconnectingtopotentiallymaliciousorunapprovedwebsites.Exampleimplementationsincludecategory-basedfiltering,reputation-basedfiltering,orthroughtheuseofblocklists.Enforcefiltersforallenterpriseassets.***Safeguard9.6:BlockUnnecessaryFileTypes:**Blockunnecessaryfiletypesattemptingtoentertheenterprise’semailgateway.*Remindusersnottovisitun-trustedwebsitesorfollowlinksprovidedbyunknownorun-trustedsources.Informandeducateusersregardingthethreatsposedbyhypertextlinkscontainedinemailsorattachmentsespeciallyfromun-trustedsources.([**M1017**](https://learn.cisecurity.org/e/799323/mitigations-M1017-/4t6f5q/1255084143?h=JNwLGejOj9pxbAFgXup2w-9UwbqTuFUxOpYaear8KLE)**:UserTraining**)***Safeguard14.1:EstablishandMaintainaSecurityAwarenessProgram:**Establishandmaintainasecurityawarenessprogram.Thepurposeofasecurityawarenessprogramistoeducatetheenterprise’sworkforceonhowtointeractwithenterpriseassetsanddatainasecuremanner.Conducttrainingathireand,ataminimum,annually.Reviewandupdatecontentannually,orwhensignificantenterprisechangesoccurthatcouldimpactthisSafeguard.***Safeguard14.2:TrainWorkforceMemberstoRecognizeSocialEngineeringAttacks:**Trainworkforcememberstorecognizesocialengineeringattacks,suchasphishing,pre-texting,andtailgating.**REFERENCES:**>**Adobe:**[https://helpx.adobe.com/security.html](https://helpx.adobe.com/security.html)[https://helpx.adobe.com/security/products/acrobat/apsb23-34.html](https://helpx.adobe.com/security/products/acrobat/apsb23-34.html)[https://helpx.adobe.com/security/products/experience-manager/apsb23-43.html](https://helpx.adobe.com/security/products/experience-manager/apsb23-43.html)[https://helpx.adobe.com/security/products/connect/apsb23-33.html](https://helpx.adobe.com/security/products/connect/apsb23-33.html)**CVE:**[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26369](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26369)[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29305](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29305)[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29306](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29306)[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38214](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38214)[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38215](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38215)MS-ISACCYBERSECURITYADVISORY-MultipleVulnerabilitiesinAdobeProductsCouldAllowforArbitraryCodeExecution-PATCH:NOW<!--SC_OFF--><divclass="md"><p><strong>MS-ISACCYBERSECURITYADVISORY</strong></p><p><strong>MS-ISACADVISORYNUMBER:</strong><br/>2023-105</p><p><strong>DATE(S)ISSUED:</strong><br/>09/12/2023</p><p><strong>SUBJECT:</strong><br/>MultipleVulnerabilitiesinAdobeProductsCouldAllowforArbitraryCodeExecution</p><p><strong>OVERVIEW:</strong><br/>MultiplevulnerabilitieshavebeendiscoveredinAdobeproducts,themostsevereofwhichcouldallowforarbitrarycodeexecution.</p><ul><li>AdobeAcrobatisusedtoview,create,print,andmanagePDFfiles</li><li>AdobeReaderisusedtoview,create,print,andmanagePDFfiles</li><li>AdobeExperienceManagerisacomprehensivecontentmanagementsolutionforbuildingwebsites,mobileappsandforms</li><li>AdobeConnectisasuiteofsoftwareforremotetraining,webconferencing,presentation,anddesktopsharing</li></ul><p>Successfulexploitationofthemostsevereofthesevulnerabilitiescouldallowforarbitrarycodeexecutioninthecontextoftheloggedonuser.Dependingontheprivilegesassociatedwiththeuser,anattackercouldtheninstallprograms;view,change,ordeletedata;orcreatenewaccountswithfulluserrights.Userswhoseaccountsareconfiguredtohavefeweruserrightsonthesystemcouldbelessimpactedthanthosewhooperatewithadministrativeuserrights.</p><p><strong>THREATINTELLIGENCE:</strong><br/>AdobeisawarethatCVE-2023-26369hasbeenexploitedinthewildinlimitedattackstargetingAdobeAcrobatandReader.</p><p><strong>SYSTEMSAFFECTED:</strong></p><ul><li>AcrobatDCversions23.003.20284andearlier</li><li>AcrobatReaderDCversions23.003.20284andearlier</li><li>Acrobat2020versions20.005.30516(Mac)andearlier</li><li>Acrobat2020versions20.005.30514(Win)andearlier</li><li>AcrobatReader2020versions20.005.30516(Mac)andearlier</li><li>AcrobatReader2020versions20.005.30514(Win)andearlier</li><li>AdobeExperienceManager(AEM)AEMCloudService(CS)versions2023.8andearlier</li><li>AdobeExperienceManager(AEM)versions6.5.17.0andearlier</li><li>AdobeConnectversions12.3andearlier</li></ul><p><strong>RISK:</strong><br/><strong>Government:</strong></p><ul><li>Largeandmediumgovernmententities:<strong>High</strong></li><li>Smallgovernmententities:<strong>Medium</strong></li></ul><p><strong>Businesses:</strong></p><ul><li>Largeandmediumbusinessentities:<strong>High</strong></li><li>Smallbusinessentities:<strong>Medium</strong></li></ul><p><strong>Homeusers:Low</strong></p><p><strong>TECHNICALSUMMARY:</strong><br/>MultiplevulnerabilitieshavebeendiscoveredinAdobeProducts,themostsevereofwhichcouldallowforarbitrarycodeexecution.Detailsofthesevulnerabilitiesareasfollows</p><p><strong>Tactic</strong>:<em>Execution</em><strong>(</strong><ahref="https://learn.cisecurity.org/e/799323/tactics-TA0002-/4t6f4x/1255084143?h=JNwLGejOj9pxbAFgXup2w-9UwbqTuFUxOpYaear8KLE">TA0002</a><strong>)</strong>:</p><p><strong>Technique</strong>:<em>ExploitationforClientExecution</em><strong>(</strong><ahref="https://learn.cisecurity.org/e/799323/techniques-T1203-/4t6f51/1255084143?h=JNwLGejOj9pxbAFgXup2w-9UwbqTuFUxOpYaear8KLE">T1203</a><strong>):</strong></p><p>AdobeAcrobatandReader:</p><ul><li>Out-of-boundsWrite,whichcouldresultinArbitrarycodeexecution(CVE-2023-26369)</li></ul><p>AdobeExperienceManager:</p><ul><li>Cross-siteScripting(ReflectedXSS),whichcouldresultinArbitrarycodeexecution(CVE-2023-38214andCVE-2023-38215)</li></ul><p>AdobeConnect:</p><ul><li>Cross-siteScripting(ReflectedXSS),whichcouldresultinArbitrarycodeexecution(CVE-2023-29305andCVE-2023-29306)</li></ul><p>Successfulexploitationofthemostsevereofthesevulnerabilitiescouldallowforarbitrarycodeexecution.Dependingontheprivilegesassociatedwiththeuseranattackercouldtheninstallprograms;view,change,ordeletedata;orcreatenewaccountswithfulluserrights.Userswhoseaccountsareconfiguredtohavefeweruserrightsonthesystemcouldbelessimpactedthanthosewhooperatewithadministrativeuserrights.</p><p><strong>RECOMMENDATIONS:</strong><br/>Werecommendthefollowingactionsbetaken:</p><ul><li>ApplyappropriateupdatesprovidedbyAdobetovulnerablesystemsimmediatelyafterappropriatetesting.(<ahref="https://learn.cisecurity.org/e/799323/mitigations-M1051-/4t6f54/1255084143?h=JNwLGejOj9pxbAFgXup2w-9UwbqTuFUxOpYaear8KLE"><strong>M1051</strong></a><strong>:UpdateSoftware</strong>)<ul><li><strong>Safeguard7.1:EstablishandMaintainaVulnerabilityManagementProcess:</strong>Establishandmaintainadocumentedvulnerabilitymanagementprocessforenterpriseassets.Reviewandupdatedocumentationannually,orwhensignificantenterprisechangesoccurthatcouldimpactthisSafeguard.</li><li><strong>Safeguard7.2:EstablishandMaintainaRemediationProcess:</strong>Establishandmaintainarisk-basedremediationstrategydocumentedinaremediationprocess,withmonthly,ormorefrequent,reviews.</li><li><strong>Safeguard7.4:PerformAutomatedApplicationPatchManagement:</strong>Performapplicationupdatesonenterpriseassetsthroughautomatedpatchmanagementonamonthly,ormorefrequent,basis.</li><li><strong>Safeguard7.5:PerformAutomatedVulnerabilityScansofInternalEnterpriseAssets:</strong>Performautomatedvulnerabilityscansofinternalenterpriseassetsonaquarterly,ormorefrequent,basis.Conductbothauthenticatedandunauthenticatedscans,usingaSCAP-compliantvulnerabilityscanningtool.</li><li><strong>Safeguard7.7:RemediateDetectedVulnerabilities:</strong>Remediatedetectedvulnerabilitiesinsoftwarethroughprocessesandtoolingonamonthly,ormorefrequent,basis,basedontheremediationprocess.</li><li><strong>Safeguard12.1:EnsureNetworkInfrastructureisUp-to-Date:</strong>Ensurenetworkinfrastructureiskeptup-to-date.Exampleimplementationsincluderunningthelateststablereleaseofsoftwareand/orusingcurrentlysupportednetwork-as-a-service(NaaS)offerings.Reviewsoftwareversionsmonthly,ormorefrequently,toverifysoftwaresupport.</li><li><strong>Safeguard18.1:EstablishandMaintainaPenetrationTestingProgram:</strong>Establishandmaintainapenetrationtestingprogramappropriatetothesize,complexity,andmaturityoftheenterprise.Penetrationtestingprogramcharacteristicsincludescope,suchasnetwork,webapplication,ApplicationProgrammingInterface(API),hostedservices,andphysicalpremisecontrols;frequency;limitations,suchasacceptablehours,andexcludedattacktypes;pointofcontactinformation;remediation,suchashowfindingswillberoutedinternally;andretrospectiverequirements.</li><li><strong>Safeguard18.2:PerformPeriodicExternalPenetrationTests:</strong>Performperiodicexternalpenetrationtestsbasedonprogramrequirements,nolessthanannually.Externalpenetrationtestingmustincludeenterpriseandenvironmentalreconnaissancetodetectexploitableinformation.Penetrationtestingrequiresspecializedskillsandexperienceandmustbeconductedthroughaqualifiedparty.Thetestingmaybeclearboxoropaquebox.</li><li><strong>Safeguard18.3:RemediatePenetrationTestFindings:</strong>Remediatepenetrationtestfindingsbasedontheenterprise’spolicyforremediationscopeandprioritization.</li></ul></li><li>Vulnerabilityscanningisusedtofindpotentiallyexploitablesoftwarevulnerabilitiestoremediatethem.<strong>(</strong><ahref="https://learn.cisecurity.org/e/799323/mitigations-M1016-/4t6f57/1255084143?h=JNwLGejOj9pxbAFgXup2w-9UwbqTuFUxOpYaear8KLE"><strong>M1016</strong></a><strong>:VulnerabilityScanning)</strong><ul><li><strong>Safeguard16.13:ConductApplicationPenetrationTesting:</strong>Conductapplicationpenetrationtesting.Forcriticalapplications,authenticatedpenetrationtestingisbettersuitedtofindingbusinesslogicvulnerabilitiesthancodescanningandautomatedsecuritytesting.Penetrationtestingreliesontheskillofthetestertomanuallymanipulateanapplicationasanauthenticatedandunauthenticateduser.</li></ul></li><li>ApplythePrincipleofLeastPrivilegetoallsystemsandservices.Runallsoftwareasanon-privilegeduser(onewithoutadministrativeprivileges)todiminishtheeffectsofasuccessfulattack.(<ahref="https://learn.cisecurity.org/e/799323/mitigations-M1026-/4t6f5b/1255084143?h=JNwLGejOj9pxbAFgXup2w-9UwbqTuFUxOpYaear8KLE"><strong>M1026</strong></a><strong>:PrivilegedAccountManagement</strong>)<ul><li><strong>Safeguard4.7:ManageDefaultAccountsonEnterpriseAssetsandSoftware:</strong>Managedefaultaccountsonenterpriseassetsandsoftware,suchasroot,administrator,andotherpre-configuredvendoraccounts.Exampleimplementationscaninclude:disablingdefaultaccountsormakingthemunusable.</li><li><strong>Safeguard5.4:RestrictAdministratorPrivilegestoDedicatedAdministratorAccounts:</strong>Restrictadministratorprivilegestodedicatedadministratoraccountsonenterpriseassets.Conductgeneralcomputingactivities,suchasinternetbrowsing,email,andproductivitysuiteuse,fromtheuser’sprimary,non-privilegedaccount.</li><li><strong>Safeguard5.5:EstablishandMaintainanInventoryofServiceAccounts:</strong>Establishandmaintainaninventoryofserviceaccounts.Theinventory,ataminimum,mustcontaindepartmentowner,reviewdate,andpurpose.Performserviceaccountreviewstovalidatethatallactiveaccountsareauthorized,onarecurringscheduleataminimumquarterly,ormorefrequently</li></ul></li><li>Architectsectionsofthenetworktoisolatecriticalsystems,functions,orresources.Usephysicalandlogicalsegmentationtopreventaccesstopotentiallysensitivesystemsandinformation.UseaDMZtocontainanyinternet-facingservicesthatshouldnotbeexposedfromtheinternalnetwork.Configureseparatevirtualprivatecloud(VPC)instancestoisolatecriticalcloudsystems.<strong>(</strong><ahref="https://learn.cisecurity.org/e/799323/mitigations-M1030-/4t6f5f/1255084143?h=JNwLGejOj9pxbAFgXup2w-9UwbqTuFUxOpYaear8KLE"><strong>M1030</strong></a><strong>:NetworkSegmentation)</strong><ul><li><strong>Safeguard12.2:EstablishandMaintainaSecureNetworkArchitecture:</strong>Establishandmaintainasecurenetworkarchitecture.Asecurenetworkarchitecturemustaddresssegmentation,leastprivilege,andavailability,ataminimum.</li></ul></li><li>Usecapabilitiestodetectandblockconditionsthatmayleadtoorbeindicativeofasoftwareexploitoccurring.(<ahref="https://learn.cisecurity.org/e/799323/mitigations-M1050-/4t6f5j/1255084143?h=JNwLGejOj9pxbAFgXup2w-9UwbqTuFUxOpYaear8KLE"><strong>M1050</strong></a><strong>:ExploitProtection</strong>)<ul><li><strong>Safeguard10.5:</strong><strong>EnableAnti-ExploitationFeatures:</strong>Enableanti-exploitationfeaturesonenterpriseassetsandsoftware,wherepossible,suchasMicrosoft®DataExecutionPrevention(DEP),Windows®DefenderExploitGuard(WDEG),orApple®SystemIntegrityProtection(SIP)andGatekeeper™.</li></ul></li><li>Restrictuseofcertainwebsites,blockdownloads/attachments,blockJavascript,restrictbrowserextensions,etc.(<ahref="https://learn.cisecurity.org/e/799323/mitigations-M1021-/4t6f5m/1255084143?h=JNwLGejOj9pxbAFgXup2w-9UwbqTuFUxOpYaear8KLE"><strong>M1021</strong></a><strong>:RestrictWeb-BasedContent</strong>)<ul><li><strong>Safeguard9.2:UseDNSFilteringServices:</strong>UseDNSfilteringservicesonallenterpriseassetstoblockaccesstoknownmaliciousdomains.</li><li><strong>Safeguard9.3:MaintainandEnforceNetwork-BasedURLFilters:</strong>Enforceandupdatenetwork-basedURLfilterstolimitanenterpriseassetfromconnectingtopotentiallymaliciousorunapprovedwebsites.Exampleimplementationsincludecategory-basedfiltering,reputation-basedfiltering,orthroughtheuseofblocklists.Enforcefiltersforallenterpriseassets.</li><li><strong>Safeguard9.6:BlockUnnecessaryFileTypes:</strong>Blockunnecessaryfiletypesattemptingtoentertheenterprise’semailgateway.</li></ul></li><li>Remindusersnottovisitun-trustedwebsitesorfollowlinksprovidedbyunknownorun-trustedsources.Informandeducateusersregardingthethreatsposedbyhypertextlinkscontainedinemailsorattachmentsespeciallyfromun-trustedsources.(<ahref="https://learn.cisecurity.org/e/799323/mitigations-M1017-/4t6f5q/1255084143?h=JNwLGejOj9pxbAFgXup2w-9UwbqTuFUxOpYaear8KLE"><strong>M1017</strong></a><strong>:UserTraining</strong>)<ul><li><strong>Safeguard14.1:EstablishandMaintainaSecurityAwarenessProgram:</strong>Establishandmaintainasecurityawarenessprogram.Thepurposeofasecurityawarenessprogramistoeducatetheenterprise’sworkforceonhowtointeractwithenterpriseassetsanddatainasecuremanner.Conducttrainingathireand,ataminimum,annually.Reviewandupdatecontentannually,orwhensignificantenterprisechangesoccurthatcouldimpactthisSafeguard.</li><li><strong>Safeguard14.2:TrainWorkforceMemberstoRecognizeSocialEngineeringAttacks:</strong>Trainworkforcememberstorecognizesocialengineeringattacks,suchasphishing,pre-texting,andtailgating.</li></ul></li></ul><p><strong>REFERENCES:</strong></p><blockquote><p><strong>Adobe:</strong><br/><ahref="https://helpx.adobe.com/security.html">https://helpx.adobe.com/security.html</a><br/><ahref="https://helpx.adobe.com/security/products/acrobat/apsb23-34.html">https://helpx.adobe.com/security/products/acrobat/apsb23-34.html</a><br/><ahref="https://helpx.adobe.com/security/products/experience-manager/apsb23-43.html">https://helpx.adobe.com/security/products/experience-manager/apsb23-43.html</a><br/><ahref="https://helpx.adobe.com/security/products/connect/apsb23-33.html">https://helpx.adobe.com/security/products/connect/apsb23-33.html</a><br/><strong>CVE:</strong><br/><ahref="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26369">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26369</a><br/><ahref="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29305">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29305</a><br/><ahref="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29306">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29306</a><br/><ahref="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38214">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38214</a><br/><ahref="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38215">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38215</a></p></blockquote></div><!--SC_ON-->

LucianNitescu

Proud author of CVE-2023-29306 at /Adobe on /Hacker0x01 #BugBounty https://t.co/HaVIuVAdV0