Microsoft Security Updates – 9 Critical Flaws Fixed Along With 3 Zero-Days

As segment of their 2nd Patch Tuesday for the Twelve months, Microsoft now no longer too long up to now launched patches for 78 vulnerabilities alongside with the three actively exploited zero-day vulnerabilities in a single day, 66 of which had been marked essential by the firm.

Moreover, there are nine vulnerabilities that allow A ways-off Code Execution (RCE) on inclined devices, so, they’ve been categorized as ‘Extreme’.

Following is a checklist of how many bugs are level to in each of the vulnerability categories:-

• A ways-off Code Execution Vulnerabilities: 38
• Elevation of Privilege Vulnerabilities: 12
• Denial of Carrier Vulnerabilities: 10
• Data Disclosure Vulnerabilities: 8
• Spoofing Vulnerabilities: 8
• Safety Feature Bypass Vulnerabilities: 2

Three vulnerabilities had been mounted earlier this month in Microsoft Edge, which is now no longer incorporated on this depend.

Extreme Flaws Patched

Here below we have mentioned the total flaws which would be marked as “Extreme”:-

• CVE-2023-21808: .NET and Visible Studio A ways-off Code Execution Vulnerability
• CVE-2023-21716: Microsoft Discover A ways-off Code Execution Vulnerability
• CVE-2023-21718: Microsoft SQL ODBC Driver A ways-off Code Execution Vulnerability
• CVE-2023-21815: Visible Studio A ways-off Code Execution Vulnerability
• CVE-2023-23381: Visible Studio A ways-off Code Execution Vulnerability
• CVE-2023-21803: Home windows iSCSI Discovery Carrier A ways-off Code Execution Vulnerability
• CVE-2023-21692: Microsoft Secure Extensible Authentication Protocol (PEAP) A ways-off Code Execution Vulnerability
• CVE-2023-21690: Microsoft Secure Extensible Authentication Protocol (PEAP) A ways-off Code Execution Vulnerability
• CVE-2023-21689: Microsoft Secure Extensible Authentication Protocol (PEAP) A ways-off Code Execution Vulnerability

Zero-days Patched

It’s a ways severe to level out that Patch Tuesday for this month resolves three zero-day vulnerabilities which would be actively exploited. If a scenario is publicly disclosed and not using a official fix on hand, or if it’s actively exploited, Microsoft classifies it as a 0-day.

In this safety replace, three actively exploited zero-day vulnerabilities have been mounted, and apart from they’re as follows:-

• CVE-2023-21823: Home windows Graphics Part A ways-off Code Execution Vulnerability (Stumbled on by Dhanesh Kizhakkinan, Genwei Jiang, and Dhanesh Kizhakkinan of Mandiant)
• CVE-2023-21715: Microsoft Publisher Safety Formulation Bypass Vulnerability (Stumbled on by Hidetake Jo of Microsoft)
• CVE-2023-23376: Home windows Fashionable Log File System Driver Elevation of Privilege Vulnerability (Stumbled on by the Microsoft Menace Intelligence Center (MSTIC) and Microsoft Safety Response Center)

There have been several vulnerabilities that have crippled Microsoft Alternate Servers around across the enviornment the previous few years, alongside with:-

• ProxyLogon
• ProxyShell
• ProxyNotShell
• OWASSRF
• TabShell

Negate-backed probability actors in the next countries have discovered these flaws to be precious property in their arsenal of attacks:-

• Iran
• Russia
• China

It’s endorsed that organizations that rely on Microsoft Alternate Server note basically the most modern cumulative updates to that server at the moment to prevent future exploitation.