Windows Update Addressed 2 Zero-Days and 52 Other Vulnerabilities

Microsoft has released its Patch Tuesday update, which includes 59 vulnerabilities along with two Zero-Days. The severity for these vulnerabilities ranges from 4.3 (Medium) to 8.8 (High).

Categories of the vulnerabilities patched include Information Disclosure (9), Elevation of Privilege (18), Remote Code Execution (26), Security Feature Bypass(3), Spoofing (5) and Denial of Service (3).

In addition, there were two Chromium vulnerabilities and two Non-Microsoft flaws in AutoDesk and Electron.

Zero Days

The Two zero-days patched by Microsoft were CVE-2 0 23-36802 – Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability and CVE-2023-36761 – Microsoft Word Information Disclosure Vulnerability.

CVE-2023-36802 local privilege escalation vulnerability can be exploited by threat actors to gain SYSTEM privileges whereas CVE-2023-36761 can be exploited for stealing NTLM (New Technology LAN Manager) hashes when opening a MS Office document.

These hashes can then be cracked to gain access to the accounts and can also be used for NTLM Relay attacks.

Among the fixed patches, some vulnerabilities had the highest severity of 8.8 (High), which were CVE-2023-38148 (Internet Connection Sharing (ICS) Remote Code Execution Vulnerability) CVE-2023-33136 (Azure DevOps Server Remote Code Execution Vulnerability), CVE-2023-36764 (Microsoft SharePoint Server Elevation of Privilege Vulnerability), CVE-2023-38146 (Windows Themes Remote Code Execution Vulnerability) and CVE-2023-38147 (Windows Miracast Wireless Display Remote Code Execution Vulnerability).

Other fixed patches and their severity can be found in the table below.

CVE Number	CVE Title	Impact	Max Severity	Tag
CVE-2023-4863	Chromium: CVE-2023-4863 Heap buffer overflow in WebP			Microsoft Edge (Chromium-based)
CVE-2023-41764	Microsoft Office Spoofing Vulnerability	Spoofing	Moderate	Microsoft Office
CVE-2023-39956	Electron: CVE-2023-39956 -Visual Studio Code Remote Code Execution Vulnerability	Remote Code Execution	Important	Visual Studio Code
CVE-2023-38164	Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability	Spoofing	Important	Microsoft Dynamics
CVE-2023-38163	Windows Defender Attack Surface Reduction Security Feature Bypass	Security Feature Bypass	Important	Windows Defender
CVE-2023-38162	DHCP Server Service Denial of Service Vulnerability	Denial of Service	Important	Windows DHCP Server
CVE-2023-38161	Windows GDI Elevation of Privilege Vulnerability	Elevation of Privilege	Important	Windows GDI
CVE-2023-38160	Windows TCP/IP Information Disclosure Vulnerability	Information Disclosure	Important	Windows TCP/IP
CVE-2023-38156	Azure HDInsight Apache Ambari Elevation of Privilege Vulnerability	Elevation of Privilege	Important	Azure HDInsights
CVE-2023-38155	Azure DevOps Server Remote Code Execution Vulnerability	Elevation of Privilege	Important	Azure DevOps
CVE-2023-38152	DHCP Server Service Information Disclosure Vulnerability	Information Disclosure	Important	Windows DHCP Server
CVE-2023-38150	Windows Kernel Elevation of Privilege Vulnerability	Elevation of Privilege	Important	Windows Kernel
CVE-2023-38149	Windows TCP/IP Denial of Service Vulnerability	Denial of Service	Important	Windows TCP/IP
CVE-2023-38148	Internet Connection Sharing (ICS) Remote Code Execution Vulnerability	Remote Code Execution	Critical	Windows Internet Connection Sharing (ICS)
CVE-2023-38147	Windows Miracast Wireless Display Remote Code Execution Vulnerability	Remote Code Execution	Important	Microsoft Windows Codecs Library
CVE-2023-38146	Windows Themes Remote Code Execution Vulnerability	Remote Code Execution	Important	Windows Themes
CVE-2023-38144	Windows Common Log File System Driver Elevation of Privilege Vulnerability	Elevation of Privilege	Important	Windows Common Log File System Driver
CVE-2023-38143	Windows Common Log File System Driver Elevation of Privilege Vulnerability	Elevation of Privilege	Important	Windows Common Log File System Driver
CVE-2023-38142	Windows Kernel Elevation of Privilege Vulnerability	Elevation of Privilege	Important	Windows Kernel
CVE-2023-38141	Windows Kernel Elevation of Privilege Vulnerability	Elevation of Privilege	Important	Windows Kernel
CVE-2023-38140	Windows Kernel Information Disclosure Vulnerability	Information Disclosure	Important	Windows Kernel
CVE-2023-38139	Windows Kernel Elevation of Privilege Vulnerability	Elevation of Privilege	Important	Windows Kernel
CVE-2023-36886	Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability	Spoofing	Important	Microsoft Dynamics
CVE-2023-36805	Windows MSHTML Platform Security Feature Bypass Vulnerability	Remote Code Execution	Important	Windows Scripting
CVE-2023-36804	Windows GDI Elevation of Privilege Vulnerability	Elevation of Privilege	Important	Windows GDI
CVE-2023-36803	Windows Kernel Information Disclosure Vulnerability	Information Disclosure	Important	Windows Kernel
CVE-2023-36802	Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability	Elevation of Privilege	Important	Microsoft Streaming Service
CVE-2023-36801	DHCP Server Service Information Disclosure Vulnerability	Information Disclosure	Important	Windows DHCP Server
CVE-2023-36800	Dynamics Finance and Operations Cross-site Scripting Vulnerability	Spoofing	Important	Microsoft Dynamics Finance & Operations
CVE-2023-36799	.NET Core and Visual Studio Denial of Service Vulnerability	Denial of Service	Important	.NET Core & Visual Studio
CVE-2023-36796	Visual Studio Remote Code Execution Vulnerability	Remote Code Execution	Critical	.NET and Visual Studio
CVE-2023-36794	Visual Studio Remote Code Execution Vulnerability	Remote Code Execution	Important	.NET and Visual Studio
CVE-2023-36793	Visual Studio Remote Code Execution Vulnerability	Remote Code Execution	Critical	.NET and Visual Studio
CVE-2023-36792	Visual Studio Remote Code Execution Vulnerability	Remote Code Execution	Critical	.NET and Visual Studio
CVE-2023-36788	.NET Framework Remote Code Execution Vulnerability	Remote Code Execution	Important	.NET Framework
CVE-2023-36777	Microsoft Exchange Server Information Disclosure Vulnerability	Information Disclosure	Important	Microsoft Exchange Server
CVE-2023-36773	3D Builder Remote Code Execution Vulnerability	Remote Code Execution	Important	3D Builder
CVE-2023-36772	3D Builder Remote Code Execution Vulnerability	Remote Code Execution	Important	3D Builder
CVE-2023-36771	3D Builder Remote Code Execution Vulnerability	Remote Code Execution	Important	3D Builder
CVE-2023-36770	3D Builder Remote Code Execution Vulnerability	Remote Code Execution	Important	3D Builder
CVE-2023-36767	Microsoft Office Security Feature Bypass Vulnerability	Security Feature Bypass	Important	Microsoft Office
CVE-2023-36766	Microsoft Excel Information Disclosure Vulnerability	Information Disclosure	Important	Microsoft Office Excel
CVE-2023-36765	Microsoft Office Elevation of Privilege Vulnerability	Elevation of Privilege	Important	Microsoft Office
CVE-2023-36764	Microsoft SharePoint Server Elevation of Privilege Vulnerability	Elevation of Privilege	Important	Microsoft Office SharePoint
CVE-2023-36763	Microsoft Outlook Information Disclosure Vulnerability	Information Disclosure	Important	Microsoft Office Outlook
CVE-2023-36762	Microsoft Word Remote Code Execution Vulnerability	Remote Code Execution	Important	Microsoft Office Word
CVE-2023-36761	Microsoft Word Information Disclosure Vulnerability	Information Disclosure	Important	Microsoft Office Word
CVE-2023-36760	3D Viewer Remote Code Execution Vulnerability	Remote Code Execution	Important	3D Viewer
CVE-2023-36759	Visual Studio Elevation of Privilege Vulnerability	Elevation of Privilege	Important	Visual Studio
CVE-2023-36758	Visual Studio Elevation of Privilege Vulnerability	Elevation of Privilege	Important	Visual Studio
CVE-2023-36757	Microsoft Exchange Server Spoofing Vulnerability	Spoofing	Important	Microsoft Exchange Server
CVE-2023-36756	Microsoft Exchange Server Remote Code Execution Vulnerability	Remote Code Execution	Important	Microsoft Exchange Server
CVE-2023-36745	Microsoft Exchange Server Remote Code Execution Vulnerability	Remote Code Execution	Important	Microsoft Exchange Server
CVE-2023-36744	Microsoft Exchange Server Remote Code Execution Vulnerability	Remote Code Execution	Important	Microsoft Exchange Server
CVE-2023-36742	Visual Studio Code Remote Code Execution Vulnerability	Remote Code Execution	Important	Visual Studio Code
CVE-2023-36740	3D Viewer Remote Code Execution Vulnerability	Remote Code Execution	Important	3D Viewer
CVE-2023-36739	3D Viewer Remote Code Execution Vulnerability	Remote Code Execution	Important	3D Viewer
CVE-2023-36736	Microsoft Identity Linux Broker Remote Code Execution Vulnerability	Remote Code Execution	Important	Microsoft Identity Linux Broker
CVE-2023-35355	Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability	Elevation of Privilege	Important	Windows Cloud Files Mini Filter Driver
CVE-2023-33136	Azure DevOps Server Remote Code Execution Vulnerability	Remote Code Execution	Important	Azure DevOps
CVE-2023-32051	Raw Image Extension Remote Code Execution Vulnerability	Remote Code Execution	Important	Microsoft Windows Codecs Library
CVE-2023-29332	Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability	Elevation of Privilege	Critical	Microsoft Azure Kubernetes Service
CVE-2023-24936	.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability	Elevation of Privilege	Moderate	.NET and Visual Studio
CVE-2022-41303	AutoDesk: CVE-2022-41303 use-after-free vulnerability in Autodesk® FBX® SDK 2020 or prior	Remote Code Execution	Important	3D Viewer

Source: Microsoft

It is recommended that organizations upgrade to the latest version of patches released by Microsoft to fix these vulnerabilities and prevent them from getting exploited.

Keep informed about the latest Cyber Security News by following us on Google News, Linkedin, Twitter, and Facebook.

Guru Baran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.