It affects Windows Server operating systems that are running Windows Server 2008 or later, but it might not occur on systems that are running Windows Server 2003 or Windows Server 2008 R2.
We recommend upgrading to a newer version of Windows.

SSH keys provide a way for a user to securely login to a remote server without entering a password. In order for keys to work, both the client and the server must support them. If the server does not support them, then the keys will not work. The keys will be rejected by the server and the connection will fail. A malicious server could cause problems for a user by rejecting the user's keys.

A malicious server could also cause problems for a user by accepting the user's keys, but then performing actions on the user's behalf without the user's knowledge or consent. For example, a malicious server could log the user's keystrokes or take some other action that the user would not expect.

To help prevent this kind of attack, servers should support at least one of the key types that are required for SSH keys to work. Servers that support at least one of the required key types will reject all other key types.

CVE-2021-36303

The vulnerability affects all versions of Windows Server 2003 and might not occur on systems that are running Windows Server 2008 or later.
The vulnerability could allow a remote code execution attack.
We recommend upgrading to a newer version of Windows.

In Microsoft SQL Server 2008, the stored procedure sp_makewebtask allows you to execute a task on the server and then return the results back to the client. This procedure is vulnerable to a remote code execution attack scenario in which an attacker who has access to either the database owner's login or managed account password can run arbitrary commands on the server by calling sp_makewebtask with an authentication context parameter that is set to "internal".

To help prevent this type of attack, we recommend using Transact-SQL functions instead of stored procedures whenever possible. For example, if you need to create a web task from within your application, use CREATE OR REPLACE PROCEDURE instead of sp_makewebtask.

CVE-2023-36315

It affects Windows Server operating systems that are running Windows Server 2008 or later, but it might not occur on systems that are running Windows Server 2003 or Windows Server 2008 R2.
We recommend upgrading to a newer version of Windows.

It affects Linux operating systems that are running Red Hat Enterprise Linux 5 or Fedora Core 12 or later.
We recommend upgrading to a newer version of Linux.

Elevation of privilege vulnerability - CVE-2022-36315

This vulnerability affects Windows Server operating systems that are running Windows Server 2008 or later, but it might not occur on systems that are running Windows Server 2003 or Windows Server 2008 R2.
We recommend upgrading to a newer version of Windows.

SR-IOV (Single Root I/O Virtualization) is an extension of the PCI Express technology and a virtualization mechanism for I/O devices. The difference between SR-IOV and other virtualization mechanisms is the way in which interrupts from I/O devices are handled by the hypervisor. There are two types of SR-IOV: "Local" SR-IOV and "Remote" SR-IOV.

In local SR-IOV, interrupts from a given device are processed in software through interrupt handlers called root complex interfaces (RCIs). In remote SR-IOV, interrupts from a given device are passed directly to the hardware through Direct Memory Access (DMA). Remote SR-IOV is particularly useful when there is no support for local IRQs on the system because this allows those particular IRQs to be used by external devices connected via PCIe rather than consumed by software layers.

Windows Server 2003 and Windows XP: CVE-2022-36315

We recommend upgrading to a newer version of Windows.

Windows Server 2003 and Windows XP are vulnerable to a denial of service attack. Attackers can exploit this vulnerability on affected systems by sending specially crafted requests from the server to the target system. If the target system is running an application that performs network packet filtering, such as an intrusion prevention system, then the attacker can cause that application to stop processing incoming network traffic. The denial of service will significantly disrupt on-going operations with little effort on the part of the attacker.

This vulnerability affects Linux and Unix operating systems as well, but it is not considered high risk for those operating systems because it does not affect common applications or services that are typically available to end users.

How do SSH keys prevent attacks?

SSH keys are designed to prevent attacks that allow a malicious server to impersonate the legitimate user. When a user logs in with a key, the server will reject it if the server doesn't support it. If a malicious server has compromised the legitimate user's account, then the malicious server might be able to log into the account and perform actions on behalf of the legitimate user.

If servers do not support at least one of the required key types, then the connection will fail and any attempt by a malicious server to perform this type of attack will have been thwarted by SSH keys. This is because SSH keys rely on public-key authentication for authentication purposes, so if servers don't support public-key authentication, then this type of attack won't work.

Timeline

Published on: 12/22/2022 20:15:00 UTC
Last modified on: 01/03/2023 20:15:00 UTC

References