Webinar Library
This month Microsoft released updates for only 57 vulnerabilties so we are under the average triple digits for patches. Of the 57 vulnerabilities only 7 are critical this month. We do have three zero days to deal with though. CVE-2023-24932 is exploited and public. This vulnerability allows and attacker to bypass Secure Boot and install the BlackLotus UEFI bootkit. CVE-2023-29325 is public but not currently being reported as exploited by Microsoft. CVE-2023-29336 is currently being exploited and a successful exploit results in the attacker gaining SYSTEM privileges. You will want to make sure all three of these are updated ASAP. I'm really surprised that we have so few vulnerabilities this month. I guess we'll see if next month makes up for it. Happy patching!
So, without further ado, here’s the chart of MS patches that affect Windows platforms in the past month.
Patch data provided by:
Technology
Products Affected
Severity
Reference
Workaround/ Exploited / Publicly Disclosed
Vulnerability Info
Windows
Windows 10, 11
Server 2008 SP2, 2008R2 SP1, 2012, 2012 R2, 2016, 2019, 2022 including Server Core Installations AV1 Video Extension Remote Desktop
Critical
CVE-2023-24898 CVE-2023-24899 CVE-2023-24900 CVE-2023-24901 CVE-2023-24902 CVE-2023-24903 CVE-2023-24904 CVE-2023-24905 CVE-2023-24932** CVE-2023-24939 CVE-2023-24940 CVE-2023-24941 CVE-2023-24942 CVE-2023-24943 CVE-2023-24944 CVE-2023-24945 CVE-2023-24946 CVE-2023-24947 CVE-2023-24948 CVE-2023-24949 CVE-2023-28251 CVE-2023-28283 CVE-2023-28290 CVE-2023-29324 CVE-2023-29325** CVE-2023-29336 CVE-2023-29340 CVE-2023-29341
Workaround: No Exploited: Yes Public: Yes**
Denial of Service
Elevation of Privilege
Information Disclosure
Remote Code Execution Security Feature Bypass
Edge
Chromium-based Edge for Android
CVE-2023-2033 CVE-2023-2133 CVE-2023-2134 CVE-2023-2135 CVE-2023-2136 CVE-2023-2137 CVE-2023-2459 CVE-2023-2460 CVE-2023-2462 CVE-2023-2463 CVE-2023-2464 CVE-2023-2465 CVE-2023-2466 CVE-2023-2467 CVE-2023-2468 CVE-2023-29334 CVE-2023-29350 CVE-2023-29354
Workaround: No Exploited: No Public: No
Elevation of Privilege Security Feature Bypass Spoofing
Office
365 Apps for Enterprise
Office 2019, LTSC 2021
2019 for Mac, LTSC Mac 2021 Excel/Word 2013 RT SP1, 2013 SP1, 2016 Teams Online Server
CVE-2023-24881 CVE-2023-24953 CVE-2023-29333 CVE-2023-29335 CVE-2023-29344
Denial of Service Information Disclosure Remote Code Execution Security Feature Bypass Spoofing
SharePoint
Enterprise Server 2016
Server 2019
Server Subscription Edition
Important
CVE-2023-24950 CVE-2023-24954 CVE-2023-24955
Information Disclosure Remote Code Execution Spoofing
Visual Studio
VS Code
CVE-2023-29338
Sysmon
N/A
CVE-2023-29343
System Center
Malware Protection Platform
CVE-2023-24934
Security Feature Bypass