Skip to content

Microsoft's September 2023 Patch Tuesday and fixes for two zero-day exploits - 20230913001

Overview

Microsoft has released their September 2023 Patch Tuesday updates, with security updates for 59 flaws, including two actively exploited zero-day vulnerabilities.

What are the critical vulnerabilities?

  • Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability CVE-2023-36802 - CVSS v3 Base Score: 7.8
  • Microsoft Word Information Disclosure Vulnerability CVE-2023-36761 - CVSS v3 Base Score: 6.2

Patch Tuesday updates includes the following:

  • 3 Security Feature Bypass Vulnerabilities
  • 24 Remote Code Execution Vulnerabilities
  • 9 Information Disclosure Vulnerabilities
  • 3 Denial of Service Vulnerabilities
  • 5 Spoofing Vulnerabilities
  • 5 Edge - Chromium Vulnerabilities

What has been observed?

Microsoft have added these vulnerabilties to their September Security Updates catalog on September 12 2023. There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of two weeks... (refer Patch Management):