VMware has released a security upgrade to address a critical injection vulnerability that impacts several versions of Carbon Black App Control for Windows. Injection vulnerabilities allow attackers to execute code or commands in a target application. The security rating of this vulnerability is a 9.1 out of 10 and allows for an attacker to leverage it to gain access to the underlying operating system using a specially crafted input. This vulnerability is tracked as CVE-2023-20858 and was discovered by a security analyst named Jari Jääskelä.
This vulnerability affects Carbon Black App Control for Windows version 8.7.7 and older, version 8.8.5 and older, and version 8.9.3 and older. VMware recommends that administrators upgrade to versions 8.9.4, 8.8.6, or 8.7.8 as soon as possible – no workarounds or mitigation advice was provided in their announcement. These patches follow an additional patch from VMware on Monday where they patched CVE-2023-20855, a high-severity XXE injection flaw that impacted VMware Orchestrator below v8.11.1, vRealize Automation below v8.11.1, and VMware Cloud Foundation 4.x.
While patches for new vulnerabilities are released nearly every day, it is up to organizations themselves to implement these patches. Organizations are recommended to implement the recommended patch from Vmware as quickly as feasible. All patches are recommended to be tested on selected machines ahead of deployment as per standard enterprise practices. The Threat Hunting and Managed Detection and Response (MDR) services offered by Binary Defense represent an effective way to incorporate a post-exploitation focus into a defense-in-depth strategy.