Skip to main content

Microsoft Monthly Security Update (August 2023)

Release Date: 9 Aug 2023 3720 Views

RISK: Extremely High Risk

TYPE: Operating Systems - Windows OS

TYPE: Windows OS

Microsoft has released monthly security update for their products:

 

Vulnerable ProductRisk LevelImpactsNotes
BrowserMedium Risk Medium RiskSecurity Restriction Bypass 
Microsoft OfficeExtremely High Risk Extremely High RiskRemote Code Execution
Information Disclosure
Spoofing
CVE-2023-36884 is being exploited in the wild. The vulnerability can be exploited to bypass the Mark of the Web (MoTW) security feature. This allows the files to be opened without triggering a security warning, and facilitated the execution of remote code. It is rated as extremely high risk.
WindowsMedium Risk Medium RiskElevation of Privilege
Remote Code Execution
Security Restriction Bypass
Information Disclosure
Denial of Service
 
Extended Security Updates (ESU)Medium Risk Medium RiskElevation of Privilege
Remote Code Execution
Security Restriction Bypass
Information Disclosure
Denial of Service
 
Exchange ServerMedium Risk Medium RiskRemote Code Execution
Elevation of Privilege
Spoofing
 
Developer ToolsExtremely High Risk Extremely High RiskSpoofing
Elevation of Privilege
Remote Code Execution
Information Disclosure
Denial of Service
CVE-2023-38180 is being exploited in the wild. The vulnerability can cause a DDoS attack on .NET applications and Visual Studio. It is rated as extremely high risk.
AzureMedium Risk Medium RiskSpoofing
Elevation of Privilege
 
Microsoft DynamicsMedium Risk Medium RiskRemote Code Execution
Elevation of Privilege
 
System CenterMedium Risk Medium RiskElevation of Privilege 
SQL ServerMedium Risk Medium RiskRemote Code Execution 

 

Number of 'Extremely High Risk' product(s): 2

Number of 'High Risk' product(s): 0

Number of 'Medium Risk' product(s): 8

Number of 'Low Risk' product(s): 0

Evaluation of overall 'Risk Level': Extremely High Risk


Impact

  • Denial of Service
  • Elevation of Privilege
  • Information Disclosure
  • Remote Code Execution
  • Spoofing
  • Security Restriction Bypass

System / Technologies affected

  • Browser
  • Microsoft Office
  • Windows
  • Extended Security Updates (ESU)
  • Exchange Server
  • Developer Tools
  • Azure
  • Microsoft Dynamics
  • System Center
  • SQL Server

Solutions

Before installation of the software, please visit the vendor web-site for more details.

  •  Apply fixes issued by the vendor.

Vulnerability Identifier


Source


Related Link