Microsoft Monthly Security Update (August 2023)

Release Date: 9 Aug 2023 3738 Views

RISK: Extremely High Risk

Extremely High Risk

TYPE: Operating Systems - Windows OS

TYPE: Windows OS

Microsoft has released monthly security update for their products:

 

Vulnerable ProductRisk LevelImpactsNotes
BrowserMedium Risk Medium RiskSecurity Restriction Bypass 
Microsoft OfficeExtremely High Risk Extremely High RiskRemote Code Execution
Information Disclosure
Spoofing		CVE-2023-36884 is being exploited in the wild. The vulnerability can be exploited to bypass the Mark of the Web (MoTW) security feature. This allows the files to be opened without triggering a security warning, and facilitated the execution of remote code. It is rated as extremely high risk.
WindowsMedium Risk Medium RiskElevation of Privilege
Remote Code Execution
Security Restriction Bypass
Information Disclosure
Denial of Service		 
Extended Security Updates (ESU)Medium Risk Medium RiskElevation of Privilege
Remote Code Execution
Security Restriction Bypass
Information Disclosure
Denial of Service		 
Exchange ServerMedium Risk Medium RiskRemote Code Execution
Elevation of Privilege
Spoofing		 
Developer ToolsExtremely High Risk Extremely High RiskSpoofing
Elevation of Privilege
Remote Code Execution
Information Disclosure
Denial of Service		CVE-2023-38180 is being exploited in the wild. The vulnerability can cause a DDoS attack on .NET applications and Visual Studio. It is rated as extremely high risk.
AzureMedium Risk Medium RiskSpoofing
Elevation of Privilege		 
Microsoft DynamicsMedium Risk Medium RiskRemote Code Execution
Elevation of Privilege		 
System CenterMedium Risk Medium RiskElevation of Privilege 
SQL ServerMedium Risk Medium RiskRemote Code Execution 

 

Number of 'Extremely High Risk' product(s): 2

Number of 'High Risk' product(s): 0

Number of 'Medium Risk' product(s): 8

Number of 'Low Risk' product(s): 0

Evaluation of overall 'Risk Level': Extremely High Risk

Impact

  • Denial of Service
  • Elevation of Privilege
  • Information Disclosure
  • Remote Code Execution
  • Spoofing
  • Security Restriction Bypass

System / Technologies affected

  • Browser
  • Microsoft Office
  • Windows
  • Extended Security Updates (ESU)
  • Exchange Server
  • Developer Tools
  • Azure
  • Microsoft Dynamics
  • System Center
  • SQL Server

Solutions

Before installation of the software, please visit the vendor web-site for more details.

  •  Apply fixes issued by the vendor.

Vulnerability Identifier

Source

Related Link

 

Related Tags

MicrosoftDenial of ServiceElevation of PrivilegeRemote Code ExecutionSecurity Restriction BypassInformation DisclosureSpoofingZero-dayExploit In The Wild

Share with

Next

IBM WebSphere Application Server Remote Code Execution Vulnerability

9 Aug 2023 3175 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY