Sept 2023 Monthly Patch

Published on 13 Sep 2023 | Updated on 13 Sep 2023

Microsoft has released security patches to address multiple vulnerabilities in their software and products.

The vulnerabilities that have been classified as Critical in severity are listed in the table below.

Microsoft has also released a security fixes for two zero-day vulnerabilities (CVE-2023-36761 & CVE-2023-36802) impacting Microsoft Word and Microsoft Streaming Service Proxy. 

CVE-2023-36761: Successful exploitation of this vulnerability could allow an attacker to steal New Technology LAN Manager (NTLM) password hashes when opening a document, including in preview pane. 
CVE-2023-36802: Successful exploitation of this vulnerability could allow an attacker to gain SYSTEM-level privileges. 

Users and administrators are advised to upgrade to the latest versions immediately.

 

For the full list of security patches released by Microsoft, please refer to https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2023-Sep

CRITICAL VULNERABILITIES
CVE NumberCVE NameBase ScoreReference
CVE-2023-38148Internet Connection Sharing (ICS) Remote Code Execution Vulnerability8.8https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-38148
CVE-2023-36796Visual Studio Remote Code Execution Vulnerability7.8https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36796
CVE-2023-36793Visual Studio Remote Code Execution Vulnerability7.8https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36793
CVE-2023-36792Visual Studio Remote Code Execution Vulnerability7.8https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36792
CVE-2023-29332Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability7.5https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-29332
Tags
Alerts Alerts & Advisories Monthly Patch
Share