Microsoft Patch Tuesday
This month’s Patch Tuesday has security updates to fix three actively exploited zero-days and a total of 77 fixes.
Fixes for multiple products were released as usual – including nine Critical severity vulnerabilities, which allow Remote Code Execution on vulnerable devices.
The most important patches are:
CVE-2023-21823 – Remote Code Execution vulnerability in the Windows Graphics Component. An attack exploiting this vulnerability can execute commands with SYSTEM account privileges. CVSS 3.1: 7.8 (High)
CVE-2023-21715 – Microsoft Publisher Security Features Bypass. An attack exploiting this vulnerability would allows macros in a malicious Publisher document to run without warning the user. CVSS 3.1: 7.3 (High)
CVE-2023-23376 – Privilege Escalation vulnerability in the Windows Common Log File System Driver. An active exploiting this vulnerability allows an attacker to gain SYSTEM account privileges. CVSS 3.1: 7.8 (High)
The 77 patches this month break down as follows:
- 38 Remote Code Execution
- 12 Privilege Escalation
- 10 Denial of Service
- 8 Information Disclosure
- 8 Spoofing
- 2 Security Feature Bypass
Affected Products
- .NET and Visual Studio
- .NET Framework
- 3D Builder
- Azure App Service
- Azure Data Box Gateway
- Azure DevOps
- Azure Machine Learning
- HoloLens
- Internet Storage Name Service
- Microsoft Defender for Endpoint
- Microsoft Defender for IoT
- Microsoft Dynamics
- Microsoft Edge (Chromium-based)
- Microsoft Exchange Server
- Microsoft Graphics Component
- Microsoft Office
- Microsoft Office OneNote
- Microsoft Office Publisher
- Microsoft Office SharePoint
- Microsoft Office Word
- Microsoft PostScript Printer Driver
- Microsoft WDAC OLE DB provider for SQL
- Microsoft Windows Codecs Library
- Power BI
- SQL Server
- Visual Studio
- Windows Active Directory
- Windows ALPC
- Windows Common Log File System Driver
- Windows Cryptographic Services
- Windows Distributed File System (DFS)
- Windows Fax and Scan Service
- Windows HTTP.sys
- Windows Installer
- Windows iSCSI
- Windows Kerberos
- Windows MSHTML Platform
- Windows ODBC Driver
- Windows Protected EAP (PEAP)
- Windows SChannel
- Windows Win32K