Webinar Library
Since our last Patch Tuesday newsletter in August, Microsoft has released updates for 98 vulnerabilities with 63 of those being released today. Just like last month we have two zero days this month currently being exploited; CVE-2023-36802 and CVE-2023-36761. CVE-2023-36802 is exploited but not publicly disclosed and could allow an attacker who is successful to gain SYSTEM privileges. CVE-2023-36761 is both publicly disclosed and being exploited. A successful exploit could allow an attacker access to NTLM hashes. Both of these should be updated immediately. The only other thing to mention are five updates that are rated as critical. These are CVE-2023-29332, CVE-2023-36792, CVE-2023-36793, CVE-2023-36796 and CVE-2023-38148. Besides our two zero days and these five criticals, there isn't much excitement with this months Patch Tuesday.
So, without further ado, here’s the chart of MS patches that affect Windows platforms in the past month.
Patch data provided by:
Technology
Products Affected
Severity
Reference
Workaround/ Exploited / Publicly Disclosed
Vulnerability Info
Windows
Windows 10, 11
Server 2008 SP2, 2008R2 SP1, 2012, 2012 R2, 2016, 2019, 2022 including Server Core Installations
Critical
CVE-2023-35355 CVE-2023-36801 CVE-2023-36802* CVE-2023-36803 CVE-2023-36804 CVE-2023-36805 CVE-2023-38139 CVE-2023-38140 CVE-2023-38141 CVE-2023-38142 CVE-2023-38143 CVE-2023-38144 CVE-2023-38146 CVE-2023-38147 CVE-2023-38148 CVE-2023-38149 CVE-2023-38150 CVE-2023-38152 CVE-2023-38160 CVE-2023-38161 CVE-2023-38162
Denial of Service
Elevation of Privilege
Information Disclosure
Remote Code Execution Security Feature Bypass
Edge
Chromium-based For iOS and Android
Moderate
CVE-2023-2312 CVE-2023-36741 CVE-2023-36787 CVE-2023-38158 CVE-2023-4349 CVE-2023-4350 CVE-2023-4351 CVE-2023-4352 CVE-2023-4353 CVE-2023-4354 CVE-2023-4355 CVE-2023-4356 CVE-2023-4357 CVE-2023-4358 CVE-2023-4359 CVE-2023-4360 CVE-2023-4361 CVE-2023-4362 CVE-2023-4363 CVE-2023-4364 CVE-2023-4365 CVE-2023-4366 CVE-2023-4367 CVE-2023-4368 CVE-2023-4427 CVE-2023-4428 CVE-2023-4429 CVE-2023-4430 CVE-2023-4431 CVE-2023-4572 CVE-2023-4761 CVE-2023-4762 CVE-2023-4763 CVE-2023-4764 CVE-2023-4863
Workaround: No Exploited: No Public: No
Elevation of Privilege Information Disclosure
Office
365 Apps for Enterprise
Excel/Word/OneNote 2013 RT SP1, 2013 SP1, 2016 Outlook 2016 2013 RT SP1, 2013 SP1, 2016, 2019, LTSC 2021 2019 for Mac, LTSC for Mac 2021
Online Server
CVE-2023-36761* CVE-2023-36762 CVE-2023-36763 CVE-2023-36765 CVE-2023-36766 CVE-2023-36767 CVE-2023-36769 CVE-2023-41764
Elevation of Privilege Information Disclosure Remote Code Execution Security Feature Bypass Spoofing
SharePoint
Enterprise Server 2016
Server 2019
Server Subscription Edition
Important
CVE-2023-36762 CVE-2023-36764
Elevation of Privilege Remote Code Execution
.NET
6 and 7 .NET Framework 2.0 SP2, 3.0 SP2, 3.5.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8, 4.8.1
CVE-2023-36788 CVE-2023-36792 CVE-2023-36793 CVE-2023-36794 CVE-2023-36796 CVE-2023-36799
Visual Studio
2022 17.7 and earlier 2019 16.11 and earlier 2017 15.9 and earlier VS Code
Dynamics 365
On-Premises 9.0 & 9.1 Finance and Operations
CVE-2023-36800 CVE-2023-36886 CVE-2023-38164
Spoofing
Exchange
Server 2016 CU23 Server 2019 CU12 & CU13
CVE-2023-36744 CVE-2023-36745 CVE-2023-36756 CVE-2023-36757 CVE-2023-36777
Information Disclosure Remote Code Execution Spoofing
Azure
DevOps Server 2020.0.2, 2020.1.2, 2019.1.2, 2019.0.1 MS Identity Linux Broker HDInsights Kubernetes Service
CVE-2023-29332 CVE-2023-33136 CVE-2023-36736 CVE-2023-38155 CVE-2023-38156
System Center
MS Defender Security Intelligence Updates
CVE-2023-38163
Security Feature Bypass
Apps
3D Viewer 3D Builder
CVE-2022-41303 CVE-2023-36739 CVE-2023-36740 CVE-2023-36760 CVE-2023-36770 CVE-2023-36771 CVE-2023-36772 CVE-2023-36773
Remote Code Execution