Microsoft Monthly Security Update (August 2023)

August 9, 2023

Microsoft has released monthly security update for their products:

 

Vulnerable ProductRisk LevelImpactsNotes
BrowserMedium Risk Medium RiskSecurity Restriction Bypass 
Microsoft OfficeExtremely High Risk Extremely High RiskRemote Code Execution
Information Disclosure
Spoofing		CVE-2023-36884 is being exploited in the wild. The vulnerability can be exploited to bypass the Mark of the Web (MoTW) security feature. This allows the files to be opened without triggering a security warning, and facilitated the execution of remote code. It is rated as extremely high risk.
WindowsMedium Risk Medium RiskElevation of Privilege
Remote Code Execution
Security Restriction Bypass
Information Disclosure
Denial of Service		 
Extended Security Updates (ESU)Medium Risk Medium RiskElevation of Privilege
Remote Code Execution
Security Restriction Bypass
Information Disclosure
Denial of Service		 
Exchange ServerMedium Risk Medium RiskRemote Code Execution
Elevation of Privilege
Spoofing		 
Developer ToolsExtremely High Risk Extremely High RiskSpoofing
Elevation of Privilege
Remote Code Execution
Information Disclosure
Denial of Service		CVE-2023-38180 is being exploited in the wild. The vulnerability can cause a DDoS attack on .NET applications and Visual Studio. It is rated as extremely high risk.
AzureMedium Risk Medium RiskSpoofing
Elevation of Privilege		 
Microsoft DynamicsMedium Risk Medium RiskRemote Code Execution
Elevation of Privilege		 
System CenterMedium Risk Medium RiskElevation of Privilege 
SQL ServerMedium Risk Medium RiskRemote Code Execution 

 

Number of ‘Extremely High Risk’ product(s): 2

Number of ‘High Risk’ product(s): 0

Number of ‘Medium Risk’ product(s): 8

Number of ‘Low Risk’ product(s): 0

Evaluation of overall ‘Risk Level’: Extremely High Risk

RISK: Extremely High Risk

Extremely High Risk

TYPE: Operating Systems – Windows OS

TYPE: Windows OS

Impact

  • Denial of Service
  • Elevation of Privilege
  • Information Disclosure
  • Remote Code Execution
  • Spoofing
  • Security Restriction Bypass

System / Technologies affected

  • Browser
  • Microsoft Office
  • Windows
  • Extended Security Updates (ESU)
  • Exchange Server
  • Developer Tools
  • Azure
  • Microsoft Dynamics
  • System Center
  • SQL Server

Solutions

Before installation of the software, please visit the vendor web-site for more details.

  •  Apply fixes issued by the vendor.

Vulnerability Identifier

Source

Related Link

 

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee
Patreon

 To keep up to date follow us on the below channels.

You may have missed

Cobalt Strike

Cobalt Strike Beacon Detected – 52[.]231[.]10[.]139:8080

November 23, 2024
Cobalt Strike

Cobalt Strike Beacon Detected – 54[.]224[.]145[.]120:443

November 23, 2024
Cobalt Strike

Cobalt Strike Beacon Detected – 118[.]193[.]37[.]157:8889

November 23, 2024
Cobalt Strike

Cobalt Strike Beacon Detected – 103[.]225[.]196[.]197:80

November 23, 2024
Cobalt Strike

Cobalt Strike Beacon Detected – 101[.]201[.]247[.]232:4433

November 23, 2024