Microsoft Monthly Security Update (September 2023)

Microsoft has released monthly security update for their products:

 

Vulnerable ProductRisk LevelImpactsNotes
BrowserLow Risk Low Risk  
WindowsHigh Risk High RiskElevation of Privilege
Denial of Service
Information Disclosure
Remote Code Execution
Security Restriction Bypass
CVE-2023-36802 is being exploited in the wild. The vulnerability can be exploited to local privilege elevation vulnerability that allows attackers to gain SYSTEM privileges.
Extended Security Updates (ESU)Medium Risk Medium RiskElevation of Privilege
Information Disclosure
Denial of Service
 
AzureMedium Risk Medium RiskElevation of Privilege
Remote Code Execution
 
Microsoft OfficeHigh Risk High RiskSecurity Restriction Bypass
Information Disclosure
Elevation of Privilege
Spoofing
Remote Code Execution
CVE-2023-36761 is being exploited in the wild. The vulnerability can be used to steal NTLM hashes when opening a document, including in the preview pane. These NTLM hashes can be cracked or used in NTLM Relay attacks to gain access to the account.
Developer ToolsMedium Risk Medium RiskElevation of Privilege
Remote Code Execution
Denial of Service
 
Exchange ServerMedium Risk Medium RiskSpoofing
Remote Code Execution
Information Disclosure
 
AppsMedium Risk Medium RiskRemote Code Execution 
Microsoft DynamicsLow Risk Low RiskSpoofing 
System CenterMedium Risk Medium RiskSecurity Restriction Bypass 

 

Number of ‘Extremely High Risk’ product(s): 0

Number of ‘High Risk’ product(s): 2

Number of ‘Medium Risk’ product(s): 6

Number of ‘Low Risk’ product(s): 2

Evaluation of overall ‘Risk Level’: High Risk

RISK: High Risk

TYPE: Operating Systems – Windows OS

TYPE: Windows OS

Impact

  • Denial of Service
  • Elevation of Privilege
  • Information Disclosure
  • Remote Code Execution
  • Spoofing
  • Security Restriction Bypass

System / Technologies affected

  • Browser
  • Windows
  • Extended Security Updates (ESU)
  • Azure
  • Microsoft Office
  • Developer Tools
  • Exchange Server
  • Apps
  • Microsoft Dynamics
  • System Center

Solutions

Before installation of the software, please visit the vendor web-site for more details.

  •  Apply fixes issued by the vendor.

Vulnerability Identifier

 

Source


Related Link

 


A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

 To keep up to date follow us on the below channels.