Microsoft: Multiple Perforce Server Flaws Allow for Network Takeover

Microsoft: Multiple Perforce Server Flaws Allow for Network Takeover

December 19, 2023 at 01:20PM

Microsoft identified four critical vulnerabilities in the Perforce source-code management platform, allowing attackers to access a highly privileged Windows OS account, enabling remote code execution and supply chain attacks. The flaws can lead to various malicious activities, including denial-of-service attacks. Perforce has issued a patch (version 2023.1/2513900) to address these vulnerabilities, and affected organizations are advised to update immediately.

The meeting notes discuss Microsoft’s identification of four vulnerabilities in the Perforce source-code management platform, particularly in the Perforce Helix Core Server. The most critical vulnerability, labeled CVE-2023-45849, allows unauthenticated attackers to execute code from LocalSystem, a highly privileged Windows OS account, potentially leading to system takeover and supply chain attacks.

The other three vulnerabilities – CVE-2023-35767, CVE-2023-45319, and CVE-2023-5759 – enable denial-of-service (DoS) attacks. Microsoft credited its Principal Security Architect Jason Geffner with the discovery of the flaws and reported them to Perforce, leading to the release of an update, version 2023.1/2513900, by Perforce Software in November to patch the vulnerabilities.

There is currently no evidence of exploitation in the wild, but affected organizations are urged to update to the patched version of Perforce Server and implement security recommendations provided by Microsoft and SOCRadar, including monitoring and applying patches regularly, using a VPN or IP allow-list, and deploying TLS certificates and termination proxy.

Additional mitigation actions proposed by Microsoft involve logging all access to instances of Perforce, configuring alert systems, and implementing network segmentation to limit attackers’ ability to pivot within the network.

Let me know if you need further details or have any specific questions.

Full Article