Microsoft Monthly Security Update (September 2023)

September 15, 2023

Microsoft has released monthly security update for their products:

 

Vulnerable ProductRisk LevelImpactsNotes
BrowserLow Risk Low Risk  
WindowsHigh Risk High RiskElevation of Privilege
Denial of Service
Information Disclosure
Remote Code Execution
Security Restriction Bypass

CVE-2023-36802 is being exploited in the wild. The vulnerability can be exploited to local privilege elevation vulnerability that allows attackers to gain SYSTEM privileges.

 

Proof of Concept exploit code is publicly available for CVE-2023-38146, impacting Windows 11.

Extended Security Updates (ESU)Medium Risk Medium RiskElevation of Privilege
Information Disclosure
Denial of Service		 
AzureMedium Risk Medium RiskElevation of Privilege
Remote Code Execution		 
Microsoft OfficeHigh Risk High RiskSecurity Restriction Bypass
Information Disclosure
Elevation of Privilege
Spoofing
Remote Code Execution		CVE-2023-36761 is being exploited in the wild. The vulnerability can be used to steal NTLM hashes when opening a document, including in the preview pane. These NTLM hashes can be cracked or used in NTLM Relay attacks to gain access to the account.
Developer ToolsMedium Risk Medium RiskElevation of Privilege
Remote Code Execution
Denial of Service		 
Exchange ServerMedium Risk Medium RiskSpoofing
Remote Code Execution
Information Disclosure		 
AppsMedium Risk Medium RiskRemote Code Execution 
Microsoft DynamicsLow Risk Low RiskSpoofing 
System CenterMedium Risk Medium RiskSecurity Restriction Bypass 

 

Number of ‘Extremely High Risk’ product(s): 0

Number of ‘High Risk’ product(s): 2

Number of ‘Medium Risk’ product(s): 6

Number of ‘Low Risk’ product(s): 2

Evaluation of overall ‘Risk Level’: High Risk

RISK: High Risk

High Risk

TYPE: Operating Systems – Windows OS

TYPE: Windows OS

Impact

  • Denial of Service
  • Elevation of Privilege
  • Information Disclosure
  • Remote Code Execution
  • Spoofing
  • Security Restriction Bypass

System / Technologies affected

  • Browser
  • Windows
  • Extended Security Updates (ESU)
  • Azure
  • Microsoft Office
  • Developer Tools
  • Exchange Server
  • Apps
  • Microsoft Dynamics
  • System Center

Solutions

Before installation of the software, please visit the vendor web-site for more details.

  •  Apply fixes issued by the vendor.

Vulnerability Identifier

 

Source

Related Link

 

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee
Patreon

 To keep up to date follow us on the below channels.

You may have missed

covenant

CovenantC2 Detected – 51[.]79[.]160[.]204:7443

November 18, 2024
unlock membership

DDoS Attacks Unveiled: Understanding the Digital Avalanche

November 18, 2024
image 1

CVE Alert: CVE-2024-52867

November 18, 2024
image 1

CVE Alert: CVE-2020-25720

November 18, 2024
image 1

CVE Alert: CVE-2023-4639

November 18, 2024