Randy Franklin Smith's Ultimate Windows Security

Upcoming Webinars

Building an Incident Response Playbook on the Fly Against Scattered Spider Lateral Movement

Webinar Library

Latest Blogs

How to Detect Pass-the-Hash Attacks Blog Series

Come meet Randy in Orlando at Microsoft Ignite at Quest's Booth #1818

Detecting Pass-the-Hash with Honeypots

Catch Malware Hiding in WMI with Sysmon

For of all sad words of tongue or pen, the saddest are these: 'We weren’t logging’

Experimenting with Windows Security: Controls for Enforcing Policies

Sysmon Event IDs 1, 6, 7 Report All the Binary Code Executing on Your Network

Yet Another Ransomware Can That Can be Immediately Detected with Process Tracking on Workstations

Cracking AD Passwords with NTDSXtract, Dsusers.py and John the Ripper

Cracking local windows passwords with Mimikatz, LSA dump and Hashcat

Top Resources

Security Log

Additional Resources

October, 2023: Patch Tuesday - Four Zero Days; Alert about a WEC/WEF bug

Since our last Patch Tuesday newsletter in September, Microsoft has released updates for 122 vulnerabilities with 104 of those being released today. This month we have three zero days (public/exploited) and another vulnerability being exploited although not publicly disclosed. CVE-2023-41763 fixes a Skype for Business exploit and CVE-2023-36563 fixes a WordPad exploit. CVE-2023-44487 will be more widespread as it exploits the HTTP/2's stream but do note that it's not publicly disclosed. Microsoft does recommend a few workarounds such as disabling the HTTP/2 protocol on your web servers and/or limiting your webapp to only HTTP1.1. For .NET and Kestral servers without HTTP/2 enabled there is nothing to do as these are not affected. There is also CVE-2023-5217 released by Google that affects Chromium-based Microsoft Edge.

As you know I am connected to LOGbinder software which includes Supercharger for Windows Event Collection. We have been closely tracking a Microsoft bug related to security log forwarding and Windows 11. Microsoft released an update, KB5030310, which addresses a few issues with Windows Event Collection. So if you are using WEC/WEF and have Windows 11 endpoints forwarding events, you will want to test and deploy this update. A few of our customers discovered the issue when they saw that the number of securtiy log events began to decrease over the past few months. You can reach out to us at LOGbinder if you have any questions. If you have experienced this issue with WEC or if you've already applied the fix and it helped you, please let my LOGbinder team know.

Patch data provided by:
Technology	Products Affected	Severity	Reference	Workaround/ Exploited / Publicly Disclosed	Vulnerability Info
Windows	Windows 10, 11 Server 2008 SP2, 2008R2 SP1, 2012, 2012 R2, 2016, 2019, 2022 including Server Core Installations	Critical	CVE-2023-29348 CVE-2023-35349 CVE-2023-36431 CVE-2023-36434 CVE-2023-36435 CVE-2023-36436 CVE-2023-36438 CVE-2023-36557 CVE-2023-36563* CVE-2023-36564 CVE-2023-36567 CVE-2023-36570 CVE-2023-36571 CVE-2023-36572 CVE-2023-36573 CVE-2023-36574 CVE-2023-36575 CVE-2023-36576 CVE-2023-36577 CVE-2023-36578 CVE-2023-36579 CVE-2023-36581 CVE-2023-36582 CVE-2023-36583 CVE-2023-36584 CVE-2023-36585 CVE-2023-36589 CVE-2023-36590 CVE-2023-36591 CVE-2023-36592 CVE-2023-36593 CVE-2023-36594 CVE-2023-36596 CVE-2023-36598 CVE-2023-36602 CVE-2023-36603 CVE-2023-36605 CVE-2023-36606 CVE-2023-36697 CVE-2023-36698 CVE-2023-36701 CVE-2023-36702 CVE-2023-36703 CVE-2023-36704 CVE-2023-36706 CVE-2023-36707 CVE-2023-36709 CVE-2023-36710 CVE-2023-36711 CVE-2023-36712 CVE-2023-36713 CVE-2023-36717 CVE-2023-36718 CVE-2023-36720 CVE-2023-36721 CVE-2023-36722 CVE-2023-36723 CVE-2023-36724 CVE-2023-36725 CVE-2023-36726 CVE-2023-36729 CVE-2023-36731 CVE-2023-36732 CVE-2023-36743 CVE-2023-36776 CVE-2023-36790 CVE-2023-36902 CVE-2023-38159 CVE-2023-38166 CVE-2023-38171 CVE-2023-41765 CVE-2023-41766 CVE-2023-41767 CVE-2023-41768 CVE-2023-41769 CVE-2023-41770 CVE-2023-41771 CVE-2023-41772 CVE-2023-41773 CVE-2023-41774 CVE-2023-44487*	Workaround: No Exploited: Yes* *Public: Yes*	Denial of Service Elevation of Privilege Information Disclosure Remote Code Execution Security Feature Bypass
Edge	Chromium-based	Important	CVE-2023-1999 CVE-2023-36562 CVE-2023-36727 CVE-2023-36735 CVE-2023-4900 CVE-2023-4901 CVE-2023-4902 CVE-2023-4903 CVE-2023-4904 CVE-2023-4905 CVE-2023-4906 CVE-2023-4907 CVE-2023-4908 CVE-2023-4909 CVE-2023-5186 CVE-2023-5187 CVE-2023-5217* CVE-2023-5346	Workaround: No Exploited: Yes* *Public: Yes*	Elevation of Privilege Spoofing
Office	365 Apps for Enterprise 2019, LTSC 2021 2019 for Mac, LTSC for Mac 2021 Skype for Business Server 2015 CU13, 2019 CU7 for Android and Universal	Important	CVE-2023-36565 CVE-2023-36568 CVE-2023-36569 CVE-2023-36780 CVE-2023-36786 CVE-2023-36789 CVE-2023-41763*	Workaround: No Exploited: Yes* *Public: Yes*	Elevation of Privilege Remote Code Execution
SQL Server	ODBC Driver 17 and 18 on Linux, MacOS and Windows OLE DB Drive 18 and 19 2014 SP3 CU4/GDR 2106 SP3 GDR and Azure Connect Feature Pack 2017 CU31/GDR 2019 CU22/GDR 2022 CU8/GDR	Important	CVE-2023-36417 CVE-2023-36420 CVE-2023-36728 CVE-2023-36730 CVE-2023-36785	Workaround: No Exploited: No Public: No	Denial of Service Remote Code Execution
.NET	6 and 7 ASP.NET Core 6 and 7	Important	CVE-2023-36435 CVE-2023-38171 CVE-2023-44487*	Workaround: No Exploited: No Public: No	Denial of Service
Visual Studio	2022 17.7 and earlier	Important	CVE-2023-38171 CVE-2023-44487*	Workaround: No Exploited: No Public: No	Denial of Service
Dynamics 365	On-Premises 9.0 & 9.1 Common Data Model SDK for C#, Phython, TypeScript and Java	Important	CVE-2023-36416 CVE-2023-36429 CVE-2023-36433 CVE-2023-36566	Workaround: No Exploited: No Public: No	Denial of Service Information Disclosure Spoofing
Exchange	Server 2016 CU23 Server 2019 CU12 & CU13	Important	CVE-2023-36778	Workaround: No Exploited: No Public: No	Remote Code Execution
Azure	DevOps Server 2020.0.2, 2020.1.2 Identity SDK for .NET, Pyhthon and Java RTOS GUIX Studio and Installer HDInsight Network Watcher VM Extension	Important	CVE-2023-36414 CVE-2023-36415 CVE-2023-36418 CVE-2023-36419 CVE-2023-36561 CVE-2023-36737	Workaround: No Exploited: No Public: No	Elevation of Privilege Remote Code Execution
System Center	MS Defender Security Intelligence Updates	Important	CVE-2023-38163	Workaround: No Exploited: No Public: No	Security Feature Bypass
Apps	3D Viewer 3D Builder	Important	CVE-2022-41303 CVE-2023-36739 CVE-2023-36740 CVE-2023-36760 CVE-2023-36770 CVE-2023-36771 CVE-2023-36772 CVE-2023-36773	Workaround: No Exploited: No Public: No	Remote Code Execution

Send me this chart next Patch Tuesday.

User name:
Password:
	/ Forgot?
	Register

October 2023 Patch Tuesday	"Patch Tuesday - Four Zero Days; Alert about a WEC/WEF bug " - sponsored by LOGbinder

Home

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2023 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.