Microsoft Monthly Security Update (October 2023)

Microsoft has released monthly security update for their products:

Vulnerable Product	Risk Level	Impacts	Notes
Browser	Low Risk
Windows	Extremely High Risk	Remote Code Execution Denial of Service Elevation of Privilege Information Disclosure Security Restriction Bypass	CVE-2023-36563 is being exploited in the wild.   CVE-2023-44487 is being exploited in the wild.
Extended Security Updates (ESU)	Medium Risk	Remote Code Execution Elevation of Privilege Information Disclosure Denial of Service Security Restriction Bypass	CVE-2023-36563 is being exploited in the wild.
Developer Tools	Extremely High Risk	Denial of Service Elevation of Privilege	CVE-2023-44487 is being exploited in the wild.
Azure	Medium Risk	Elevation of Privilege Remote Code Execution
Microsoft Office	High Risk	Elevation of Privilege Remote Code Execution	CVE-2023-41763 is being exploited in the wild.
SQL Server	Medium Risk	Remote Code Execution Denial of Service
Microsoft Dynamics	Medium Risk	Information Disclosure Denial of Service Spoofing
Exchange Server	Medium Risk	Remote Code Execution

Number of ‘Extremely High Risk’ product(s): 2

Number of ‘High Risk’ product(s): 1

Number of ‘Medium Risk’ product(s): 5

Number of ‘Low Risk’ product(s): 1

Evaluation of overall ‘Risk Level’: Extremely High Risk

Impact

• Remote Code Execution
• Denial of Service
• Elevation of Privilege
• Information Disclosure
• Security Restriction Bypass
• Spoofing

System / Technologies affected

• Browser
• Windows
• Extended Security Updates (ESU)
• Developer Tools
• Azure
• Microsoft Office
• SQL Server
• Microsoft Dynamics
• Exchange Server

Solutions

Before installation of the software, please visit the vendor web-site for more details.

•  Apply fixes issued by the vendor.

Vulnerability Identifier

• https://www.cvedetails.com/vulnerability-list.php?vendor_id=26&year=2023&month=10

Source

• Microsoft

Related Link

• https://msrc.microsoft.com/update-guide/releaseNote/2023-Oct