Skip to main content

Microsoft Monthly Security Update (September 2023)

Last Update Date: 15 Sep 2023 Release Date: 13 Sep 2023 5397 Views

RISK: High Risk

TYPE: Operating Systems - Windows OS

TYPE: Windows OS

Microsoft has released monthly security update for their products:

 

Vulnerable ProductRisk LevelImpactsNotes
BrowserLow Risk Low Risk  
WindowsHigh Risk High RiskElevation of Privilege
Denial of Service
Information Disclosure
Remote Code Execution
Security Restriction Bypass

CVE-2023-36802 is being exploited in the wild. The vulnerability can be exploited to local privilege elevation vulnerability that allows attackers to gain SYSTEM privileges.

 

Proof of Concept exploit code is publicly available for CVE-2023-38146, impacting Windows 11.

Extended Security Updates (ESU)Medium Risk Medium RiskElevation of Privilege
Information Disclosure
Denial of Service
 
AzureMedium Risk Medium RiskElevation of Privilege
Remote Code Execution
 
Microsoft OfficeHigh Risk High RiskSecurity Restriction Bypass
Information Disclosure
Elevation of Privilege
Spoofing
Remote Code Execution
CVE-2023-36761 is being exploited in the wild. The vulnerability can be used to steal NTLM hashes when opening a document, including in the preview pane. These NTLM hashes can be cracked or used in NTLM Relay attacks to gain access to the account.
Developer ToolsMedium Risk Medium RiskElevation of Privilege
Remote Code Execution
Denial of Service
 
Exchange ServerMedium Risk Medium RiskSpoofing
Remote Code Execution
Information Disclosure
 
AppsMedium Risk Medium RiskRemote Code Execution 
Microsoft DynamicsLow Risk Low RiskSpoofing 
System CenterMedium Risk Medium RiskSecurity Restriction Bypass 

 

Number of 'Extremely High Risk' product(s): 0

Number of 'High Risk' product(s): 2

Number of 'Medium Risk' product(s): 6

Number of 'Low Risk' product(s): 2

Evaluation of overall 'Risk Level': High Risk


Impact

  • Denial of Service
  • Elevation of Privilege
  • Information Disclosure
  • Remote Code Execution
  • Spoofing
  • Security Restriction Bypass

System / Technologies affected

  • Browser
  • Windows
  • Extended Security Updates (ESU)
  • Azure
  • Microsoft Office
  • Developer Tools
  • Exchange Server
  • Apps
  • Microsoft Dynamics
  • System Center

Solutions

Before installation of the software, please visit the vendor web-site for more details.

  •  Apply fixes issued by the vendor.

Vulnerability Identifier

 

Source


Related Link