32
Supply: Microsoft
Windows Update Addressed 2 Zero-Days and 52 Other Vulnerabilities
Microsoft has released its Patch Tuesday update, which contains 59 vulnerabilities along with two Zero-Days. The severity for these vulnerabilities ranges from 4.3 (Medium) to eight.8 (High).
Lessons of the vulnerabilities patched embody Info Disclosure (9), Elevation of Privilege (18), Remote Code Execution (26), Security Feature Bypass(3), Spoofing (5) and Denial of Provider (3).
As well, there had been two Chromium vulnerabilities and two Non-Microsoft flaws in AutoDesk and Electron.
Zero Days
The Two zero-days patched by Microsoft had been CVE-2023-36802 – Microsoft Streaming Provider Proxy Elevation of Privilege Vulnerability and CVE-2023-36761 – Microsoft Be aware Info Disclosure Vulnerability.
CVE-2023-36802 native privilege escalation vulnerability also can moreover be exploited by risk actors to invent SYSTEM privileges whereas CVE-2023-36761 also can moreover be exploited for stealing NTLM (Fresh Technology LAN Manager) hashes when opening a MS Region of labor doc.
These hashes can then be cracked to invent secure admission to to the accounts and can moreover be long-established for NTLM Relay assaults.
Amongst the mounted patches, some vulnerabilities had the most life like possible severity of 8.8 (High), which had been CVE-2023-38148 (Web Connection Sharing (ICS) Remote Code Execution Vulnerability) CVE-2023-33136 (Azure DevOps Server Remote Code Execution Vulnerability), CVE-2023-36764 (Microsoft SharePoint Server Elevation of Privilege Vulnerability), CVE-2023-38146 (Dwelling windows Issues Remote Code Execution Vulnerability) and CVE-2023-38147 (Dwelling windows Miracast Wireless Screech Remote Code Execution Vulnerability).
Varied mounted patches and their severity also can moreover be verbalize in the desk below.
| CVE Number | CVE Title | Impact | Max Severity | Ticket |
| CVE-2023-4863 | Chromium: CVE-2023-4863 Heap buffer overflow in WebP | Microsoft Edge (Chromium-essentially based) | ||
| CVE-2023-41764 | Microsoft Region of labor Spoofing Vulnerability | Spoofing | Moderate | Microsoft Region of labor |
| CVE-2023-39956 | Electron: CVE-2023-39956 -Visual Studio Code Remote Code Execution Vulnerability | Remote Code Execution | Critical | Visual Studio Code |
| CVE-2023-38164 | Microsoft Dynamics 365 (on-premises) Detrimental-place of residing Scripting Vulnerability | Spoofing | Critical | Microsoft Dynamics |
| CVE-2023-38163 | Dwelling windows Defender Assault Floor Reduction Security Feature Bypass | Security Feature Bypass | Critical | Dwelling windows Defender |
| CVE-2023-38162 | DHCP Server Provider Denial of Provider Vulnerability | Denial of Provider | Critical | Dwelling windows DHCP Server |
| CVE-2023-38161 | Dwelling windows GDI Elevation of Privilege Vulnerability | Elevation of Privilege | Critical | Dwelling windows GDI |
| CVE-2023-38160 | Dwelling windows TCP/IP Info Disclosure Vulnerability | Info Disclosure | Critical | Dwelling windows TCP/IP |
| CVE-2023-38156 | Azure HDInsight Apache Ambari Elevation of Privilege Vulnerability | Elevation of Privilege | Critical | Azure HDInsights |
| CVE-2023-38155 | Azure DevOps Server Remote Code Execution Vulnerability | Elevation of Privilege | Critical | Azure DevOps |
| CVE-2023-38152 | DHCP Server Provider Info Disclosure Vulnerability | Info Disclosure | Critical | Dwelling windows DHCP Server |
| CVE-2023-38150 | Dwelling windows Kernel Elevation of Privilege Vulnerability | Elevation of Privilege | Critical | Dwelling windows Kernel |
| CVE-2023-38149 | Dwelling windows TCP/IP Denial of Provider Vulnerability | Denial of Provider | Critical | Dwelling windows TCP/IP |
| CVE-2023-38148 | Web Connection Sharing (ICS) Remote Code Execution Vulnerability | Remote Code Execution | Important | Dwelling windows Web Connection Sharing (ICS) |
| CVE-2023-38147 | Dwelling windows Miracast Wireless Screech Remote Code Execution Vulnerability | Remote Code Execution | Critical | Microsoft Dwelling windows Codecs Library |
| CVE-2023-38146 | Dwelling windows Issues Remote Code Execution Vulnerability | Remote Code Execution | Critical | Dwelling windows Issues |
| CVE-2023-38144 | Dwelling windows Total Log File System Driver Elevation of Privilege Vulnerability | Elevation of Privilege | Critical | Dwelling windows Total Log File System Driver |
| CVE-2023-38143 | Dwelling windows Total Log File System Driver Elevation of Privilege Vulnerability | Elevation of Privilege | Critical | Dwelling windows Total Log File System Driver |
| CVE-2023-38142 | Dwelling windows Kernel Elevation of Privilege Vulnerability | Elevation of Privilege | Critical | Dwelling windows Kernel |
| CVE-2023-38141 | Dwelling windows Kernel Elevation of Privilege Vulnerability | Elevation of Privilege | Critical | Dwelling windows Kernel |
| CVE-2023-38140 | Dwelling windows Kernel Info Disclosure Vulnerability | Info Disclosure | Critical | Dwelling windows Kernel |
| CVE-2023-38139 | Dwelling windows Kernel Elevation of Privilege Vulnerability | Elevation of Privilege | Critical | Dwelling windows Kernel |
| CVE-2023-36886 | Microsoft Dynamics 365 (on-premises) Detrimental-place of residing Scripting Vulnerability | Spoofing | Critical | Microsoft Dynamics |
| CVE-2023-36805 | Dwelling windows MSHTML Platform Security Feature Bypass Vulnerability | Remote Code Execution | Critical | Dwelling windows Scripting |
| CVE-2023-36804 | Dwelling windows GDI Elevation of Privilege Vulnerability | Elevation of Privilege | Critical | Dwelling windows GDI |
| CVE-2023-36803 | Dwelling windows Kernel Info Disclosure Vulnerability | Info Disclosure | Critical | Dwelling windows Kernel |
| CVE-2023-36802 | Microsoft Streaming Provider Proxy Elevation of Privilege Vulnerability | Elevation of Privilege | Critical | Microsoft Streaming Provider |
| CVE-2023-36801 | DHCP Server Provider Info Disclosure Vulnerability | Info Disclosure | Critical | Dwelling windows DHCP Server |
| CVE-2023-36800 | Dynamics Finance and Operations Detrimental-place of residing Scripting Vulnerability | Spoofing | Critical | Microsoft Dynamics Finance & Operations |
| CVE-2023-36799 | .NET Core and Visual Studio Denial of Provider Vulnerability | Denial of Provider | Critical | .NET Core & Visual Studio |
| CVE-2023-36796 | Visual Studio Remote Code Execution Vulnerability | Remote Code Execution | Important | .NET and Visual Studio |
| CVE-2023-36794 | Visual Studio Remote Code Execution Vulnerability | Remote Code Execution | Critical | .NET and Visual Studio |
| CVE-2023-36793 | Visual Studio Remote Code Execution Vulnerability | Remote Code Execution | Important | .NET and Visual Studio |
| CVE-2023-36792 | Visual Studio Remote Code Execution Vulnerability | Remote Code Execution | Important | .NET and Visual Studio |
| CVE-2023-36788 | .NET Framework Remote Code Execution Vulnerability | Remote Code Execution | Critical | .NET Framework |
| CVE-2023-36777 | Microsoft Exchange Server Info Disclosure Vulnerability | Info Disclosure | Critical | Microsoft Exchange Server |
| CVE-2023-36773 | 3D Builder Remote Code Execution Vulnerability | Remote Code Execution | Critical | 3D Builder |
| CVE-2023-36772 | 3D Builder Remote Code Execution Vulnerability | Remote Code Execution | Critical | 3D Builder |
| CVE-2023-36771 | 3D Builder Remote Code Execution Vulnerability | Remote Code Execution | Critical | 3D Builder |
| CVE-2023-36770 | 3D Builder Remote Code Execution Vulnerability | Remote Code Execution | Critical | 3D Builder |
| CVE-2023-36767 | Microsoft Region of labor Security Feature Bypass Vulnerability | Security Feature Bypass | Critical | Microsoft Region of labor |
| CVE-2023-36766 | Microsoft Excel Info Disclosure Vulnerability | Info Disclosure | Critical | Microsoft Region of labor Excel |
| CVE-2023-36765 | Microsoft Region of labor Elevation of Privilege Vulnerability | Elevation of Privilege | Critical | Microsoft Region of labor |
| CVE-2023-36764 | Microsoft SharePoint Server Elevation of Privilege Vulnerability | Elevation of Privilege | Critical | Microsoft Region of labor SharePoint |
| CVE-2023-36763 | Microsoft Outlook Info Disclosure Vulnerability | Info Disclosure | Critical | Microsoft Region of labor Outlook |
| CVE-2023-36762 | Microsoft Be aware Remote Code Execution Vulnerability | Remote Code Execution | Critical | Microsoft Region of labor Be aware |
| CVE-2023-36761 | Microsoft Be aware Info Disclosure Vulnerability | Info Disclosure | Critical | Microsoft Region of labor Be aware |
| CVE-2023-36760 | 3D Viewer Remote Code Execution Vulnerability | Remote Code Execution | Critical | 3D Viewer |
| CVE-2023-36759 | Visual Studio Elevation of Privilege Vulnerability | Elevation of Privilege | Critical | Visual Studio |
| CVE-2023-36758 | Visual Studio Elevation of Privilege Vulnerability | Elevation of Privilege | Critical | Visual Studio |
| CVE-2023-36757 | Microsoft Exchange Server Spoofing Vulnerability | Spoofing | Critical | Microsoft Exchange Server |
| CVE-2023-36756 | Microsoft Exchange Server Remote Code Execution Vulnerability | Remote Code Execution | Critical | Microsoft Exchange Server |
| CVE-2023-36745 | Microsoft Exchange Server Remote Code Execution Vulnerability | Remote Code Execution | Critical | Microsoft Exchange Server |
| CVE-2023-36744 | Microsoft Exchange Server Remote Code Execution Vulnerability | Remote Code Execution | Critical | Microsoft Exchange Server |
| CVE-2023-36742 | Visual Studio Code Remote Code Execution Vulnerability | Remote Code Execution | Critical | Visual Studio Code |
| CVE-2023-36740 | 3D Viewer Remote Code Execution Vulnerability | Remote Code Execution | Critical | 3D Viewer |
| CVE-2023-36739 | 3D Viewer Remote Code Execution Vulnerability | Remote Code Execution | Critical | 3D Viewer |
| CVE-2023-36736 | Microsoft Identification Linux Broker Remote Code Execution Vulnerability | Remote Code Execution | Critical | Microsoft Identification Linux Broker |
| CVE-2023-35355 | Dwelling windows Cloud Recordsdata Mini Filter Driver Elevation of Privilege Vulnerability | Elevation of Privilege | Critical | Dwelling windows Cloud Recordsdata Mini Filter Driver |
| CVE-2023-33136 | Azure DevOps Server Remote Code Execution Vulnerability | Remote Code Execution | Critical | Azure DevOps |
| CVE-2023-32051 | Raw Characterize Extension Remote Code Execution Vulnerability | Remote Code Execution | Critical | Microsoft Dwelling windows Codecs Library |
| CVE-2023-29332 | Microsoft Azure Kubernetes Provider Elevation of Privilege Vulnerability | Elevation of Privilege | Important | Microsoft Azure Kubernetes Provider |
| CVE-2023-24936 | .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability | Elevation of Privilege | Moderate | .NET and Visual Studio |
| CVE-2022-41303 | AutoDesk: CVE-2022-41303 expend-after-free vulnerability in Autodesk® FBX® SDK 2020 or prior | Remote Code Execution | Critical | 3D Viewer |
It’s miles beneficial that organizations upgrade to the most modern model of patches released by Microsoft to fix these vulnerabilities and forestall them from getting exploited.
Source credit : cybersecuritynews.com
