Sept 2023 Monthly Patch
Published on 13 Sep 2023
Microsoft has released security patches to address multiple vulnerabilities in their software and products.
The vulnerabilities that have been classified as Critical in severity are listed in the table below.
Microsoft has also released a security fixes for two zero-day vulnerabilities (CVE-2023-36761 & CVE-2023-36802) impacting Microsoft Word and Microsoft Streaming Service Proxy.
CVE-2023-36761: Successful exploitation of this vulnerability could allow an attacker to steal New Technology LAN Manager (NTLM) password hashes when opening a document, including in preview pane.
CVE-2023-36802: Successful exploitation of this vulnerability could allow an attacker to gain SYSTEM-level privileges.
Users and administrators are advised to upgrade to the latest versions immediately.
For the full list of security patches released by Microsoft, please refer to https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2023-Sep
CRITICAL VULNERABILITIES
| CVE Number | CVE Name | Base Score | Reference |
|---|---|---|---|
| CVE-2023-38148 | Internet Connection Sharing (ICS) Remote Code Execution Vulnerability | 8.8 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-38148 |
| CVE-2023-36796 | Visual Studio Remote Code Execution Vulnerability | 7.8 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36796 |
| CVE-2023-36793 | Visual Studio Remote Code Execution Vulnerability | 7.8 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36793 |
| CVE-2023-36792 | Visual Studio Remote Code Execution Vulnerability | 7.8 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-36792 |
| CVE-2023-29332 | Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability | 7.5 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-29332 |
