Microsoft releases 75 fixes this month including 6 Critical and 4 CVSS Rated over 9.0
There are 6 Critical, 67 Important and 2 Moderate severity fixes this month. Microsoft Windows, Components, Office and Office Components, .NET and Visual Studio, Azure, SQL Server, Exchange, SharePoint & Teams have all received fixes this month.
Robert Brown, Head of Customer Success for Syxsense said, “We have 4 patches that resolve vulnerabilities which have a CVSS score of more than 9 (Critical) and if you count all the individual CVSS scores together, August has a combined CVSS score of 531.5 compared to 861.7 last month. The average CVSS score was 7.3 which was higher than last month’s even though there were a larger quantity of updates which were fixed.”
Based on the Vendor Severity & CVSS Score, we have made a few recommendations below. As usual we recommend our customers enter the CVE numbers below into your Patch Management solution and deploy as soon as testing is complete.
ADV230003 – Microsoft Office Defense in Depth Update
This defense in depth update is not a vulnerability, but installing this update stops the attack chain leading to the Windows Search security feature bypass vulnerability (CVE-2023-36884). Microsoft recommends installing this update as well as upgrading to the latest version of Windows.
Note: The vulnerability is Weaponised.
Syxscore
- Vendor Severity: Moderate
- CVSS: TBC
- Weaponised: Yes
- Public Aware: Yes
- Countermeasure: No
CVE-2023-35385 & CVE-2023-36910- Microsoft Message Queuing Remote Code Execution Vulnerability
To exploit this vulnerability, an attacker would need to send a specially crafted malicious MSMQ packet to a MSMQ server. This could result in remote code execution on the server side.
The Windows message queuing service needs to be enabled for a system to be exploitable by this vulnerability. This feature can be added via the Control Panel, you can check to see if there is a service running named Message Queuing and TCP port 1801 is listening on the machine however Successful exploitation of this vulnerability could allow an unauthenticated attacker to remotely execute code on the target server.
Note: The vulnerability requires a Reboot.
Syxscore
- Vendor Severity: Critical
- CVSS: 9.8
- Weaponised: No
- Public Aware: No
- Countermeasure: No
Syxscore Risk
- Attack Vector: Network
- Attack Complexity: Low
- Privileges: None
- User Interaction: None
- Scope (Jump Point): Unchanged / No
CVE-2023-21709 – Microsoft Exchange Server Elevation of Privilege Vulnerability
In addition to installing the updates a script must also be run.
(Recommended) Install Exchange Server 2016 or 2019 August SU (or later)
Do one of the following:
- Apply the solution for the CVE automatically on your servers, run the CVE-2023-21709.ps1 script.
- Apply the solution for the CVE manually on each server, by running the following command from an elevated PowerShell window:
Clear-WebConfiguration -Filter “/system.webServer/globalModules/add” -PSPath “IIS:\”
Syxscore
- Vendor Severity: Important
- CVSS: 9.8
- Weaponised: No
- Public Aware: No
- Countermeasure: No
Syxscore Risk
- Attack Vector: Network
- Attack Complexity: Low
- Privileges: None
- User Interaction: None
- Scope (Jump Point): Unchanged / No
|
Reference |
Description |
Vendor |
CVSS |
Weaponised |
Publicly |
Impact |
Exploitability |
Additional |
|
ADV230003 |
Microsoft Office Defense in Depth Update |
Moderate |
NA |
Yes |
Yes |
Defense in |
Exploitation |
This defense in depth update is not a vulnerability, but installing this update stops the attack chain leading to the Windows Search security feature bypass vulnerability (CVE-2023-36884). Microsoft recommends installing this update as well as upgrading to the latest version of Windows. |
|
CVE-2023-38180 |
.NET and Visual Studio Denial of Service Vulnerability |
Important |
7.5 |
Yes |
No |
Denial of |
Exploitation |
|
|
ADV230004 |
Memory Integrity System Readiness Scan Tool Defense in Depth Update |
Moderate |
NA |
No |
Yes |
Defense in |
Exploitation |
Detect compatibility issues with memory integrity (also known as hypervisor-protected code integrity (HVCI)). The memory integrity scan tool is available to download on Windows 10, Windows 11, and Windows Server machines. |
|
CVE-2023-35385 |
Microsoft Message Queuing Remote Code Execution Vulnerability |
Critical |
9.8 |
No |
No |
Remote Code |
Exploitation |
The Windows message queuing service, which is a Windows component, needs to be enabled for a system to be exploitable by this vulnerability. This feature can be added via the Control Panel.You can check to see if there is a service running named Message Queuing and TCP port 1801 is listening on the machine. |
|
CVE-2023-36910 |
Microsoft Message Queuing Remote Code Execution Vulnerability |
Critical |
9.8 |
No |
No |
Remote Code |
Exploitation |
To exploit this vulnerability, an attacker would need to send a specially crafted malicious MSMQ packet to a MSMQ server. This could result in remote code execution on the server side.The Windows message queuing service, which is a Windows component, needs to be enabled for a system to be exploitable by this vulnerability. This feature can be added via the Control Panel.You can check to see if there is a service running named Message Queuing and TCP port 1801 is listening on the machine. |
|
CVE-2023-36911 |
Microsoft Message Queuing Remote Code Execution Vulnerability |
Critical |
9.8 |
No |
No |
Remote Code |
Exploitation |
Successful exploitation of this vulnerability could allow an unauthenticated attacker to remotely execute code on the target server.The Windows message queuing service, which is a Windows component, needs to be enabled for a system to be exploitable by this vulnerability. This feature can be added via the Control Panel.You can check to see if there is a service running named Message Queuing and TCP port 1801 is listening on the machine. |
|
CVE-2023-21709 |
Microsoft Exchange Server Elevation of Privilege Vulnerability |
Important |
9.8 |
No |
No |
Elevation of |
Exploitation |
In addition to installing the updates a script must be run. Alternatively, you can accomplish the same by running commands from the command line in a PowerShell window or some other terminal.Follow the following steps:(Recommended) Install Exchange Server 2016 or 2019 August SU (or later)Do one of the following:1. Apply the solution for the CVE automatically on your servers, run the CVE-2023-21709.ps1 script.2. Apply the solution for the CVE manually on each server, by running the following command from an elevated PowerShell window:Clear-WebConfiguration -Filter “/system.webServer/globalModules/add” -PSPath “IIS:\” |
|
CVE-2023-29328 |
Microsoft Teams Remote Code Execution Vulnerability |
Critical |
8.8 |
No |
No |
Remote Code |
Exploitation |
Successful exploitation could potentially cause downtime for the client machine. |
|
CVE-2023-29330 |
Microsoft Teams Remote Code Execution Vulnerability |
Critical |
8.8 |
No |
No |
Remote Code |
Exploitation |
|
|
CVE-2023-35368 |
Microsoft Exchange Remote Code Execution Vulnerability |
Important |
8.8 |
No |
No |
Remote Code |
Exploitation |
Successful exploitation of this vulnerability could allow an attacker the ability to gain remote code execution via an in-network attacker calling arbitrary endpoints. |
|
CVE-2023-35381 |
Windows Fax Service Remote Code Execution Vulnerability |
Important |
8.8 |
No |
No |
Remote Code |
Exploitation |
|
|
CVE-2023-35387 |
Windows Bluetooth A2DP driver Elevation of Privilege Vulnerability |
Important |
8.8 |
No |
No |
Elevation of |
Exploitation |
Scope = Changed, Jump Point = TrueAn authorized attacker could exploit the Windows Bluetooth driver vulnerability by programmatically running certain functions that could lead to elevation of privilege on the Bluetooth component. |
|
CVE-2023-38169 |
Microsoft OLE DB Remote Code Execution Vulnerability |
Important |
8.8 |
No |
No |
Remote Code |
Exploitation |
An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client. |
|
CVE-2023-38181 |
Microsoft Exchange Server Spoofing Vulnerability |
Important |
8.8 |
No |
No |
Spoofing |
Exploitation |
An authenticated attacker could achieve exploitation given a PowerShell remoting session to the server. |
|
CVE-2023-38185 |
Microsoft Exchange Server Remote Code Execution Vulnerability |
Important |
8.8 |
No |
No |
Remote Code |
Exploitation |
|
|
CVE-2023-36897 |
Visual Studio Tools for Office Runtime Spoofing Vulnerability |
Important |
8.1 |
No |
No |
Spoofing |
Exploitation |
|
|
CVE-2023-35388 |
Microsoft Exchange Server Remote Code Execution Vulnerability |
Important |
8.0 |
No |
No |
Remote Code |
Exploitation |
An authenticated attacker could gain remote code execution rights on the server mailbox backend as NT AUTHORITY\SYSTEM. |
|
CVE-2023-36891 |
Microsoft SharePoint Server Spoofing Vulnerability |
Important |
8.0 |
No |
No |
Spoofing |
Exploitation |
|
|
CVE-2023-36892 |
Microsoft SharePoint Server Spoofing Vulnerability |
Important |
8.0 |
No |
No |
Spoofing |
Exploitation |
|
|
CVE-2023-38182 |
Microsoft Exchange Server Remote Code Execution Vulnerability |
Important |
8.0 |
No |
No |
Remote Code |
Exploitation |
|
|
CVE-2023-36895 |
Microsoft Outlook Remote Code Execution Vulnerability |
Critical |
7.8 |
No |
No |
Remote Code |
Exploitation |
|
|
CVE-2023-35359 |
Windows Kernel Elevation of Privilege Vulnerability |
Important |
7.8 |
No |
No |
Elevation of |
Exploitation |
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
|
CVE-2023-35371 |
Microsoft Office Remote Code Execution Vulnerability |
Important |
7.8 |
No |
No |
Remote Code |
Exploitation |
|
|
CVE-2023-35372 |
Microsoft Office Visio Remote Code Execution Vulnerability |
Important |
7.8 |
No |
No |
Remote Code |
Exploitation |
|
|
CVE-2023-35379 |
Reliability Analysis Metrics Calculation Engine (RACEng) Elevation of Privilege Vulnerability |
Important |
7.8 |
No |
No |
Elevation of |
Exploitation |
An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges. |
|
CVE-2023-35380 |
Windows Kernel Elevation of Privilege Vulnerability |
Important |
7.8 |
No |
No |
Elevation of |
Exploitation |
|
|
CVE-2023-35382 |
Windows Kernel Elevation of Privilege Vulnerability |
Important |
7.8 |
No |
No |
Elevation of |
Exploitation |
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
|
CVE-2023-35386 |
Windows Kernel Elevation of Privilege Vulnerability |
Important |
7.8 |
No |
No |
Elevation of |
Exploitation |
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
|
CVE-2023-35390 |
.NET and Visual Studio Remote Code Execution Vulnerability |
Important |
7.8 |
No |
No |
Remote Code |
Exploitation |
|
|
CVE-2023-36865 |
Microsoft Office Visio Remote Code Execution Vulnerability |
Important |
7.8 |
No |
No |
Remote Code |
Exploitation |
|
|
CVE-2023-36866 |
Microsoft Office Visio Remote Code Execution Vulnerability |
Important |
7.8 |
No |
No |
Remote Code |
Exploitation |
|
|
CVE-2023-36896 |
Microsoft Excel Remote Code Execution Vulnerability |
Important |
7.8 |
No |
No |
Remote Code |
Exploitation |
|
|
CVE-2023-36898 |
Tablet Windows User Interface Application Core Remote Code Execution Vulnerability |
Important |
7.8 |
No |
No |
Remote Code |
Exploitation |
|
|
CVE-2023-36900 |
Windows Common Log File System Driver Elevation of Privilege Vulnerability |
Important |
7.8 |
No |
No |
Elevation of |
Exploitation |
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
|
CVE-2023-36903 |
Windows System Assessment Tool Elevation of Privilege Vulnerability |
Important |
7.8 |
No |
No |
Elevation of |
Exploitation |
An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges. |
|
CVE-2023-36904 |
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
Important |
7.8 |
No |
No |
Elevation of |
Exploitation |
An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges. |
|
CVE-2023-38154 |
Windows Kernel Elevation of Privilege Vulnerability |
Important |
7.8 |
No |
No |
Elevation of |
Exploitation |
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
|
CVE-2023-38170 |
HEVC Video Extensions Remote Code Execution Vulnerability |
Important |
7.8 |
No |
No |
Remote Code |
Exploitation |
|
|
CVE-2023-38175 |
Microsoft Windows Defender Elevation of Privilege Vulnerability |
Important |
7.8 |
No |
No |
Elevation of |
Exploitation |
Windows Defender Antimalware Platform |
|
CVE-2023-38186 |
Windows Mobile Device Management Elevation of Privilege Vulnerability |
Important |
7.8 |
No |
No |
Elevation of |
Exploitation |
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
|
CVE-2023-35383 |
Microsoft Message Queuing Information Disclosure Vulnerability |
Important |
7.5 |
No |
No |
Information |
Exploitation |
An attacker who successfully exploited the vulnerability could potentially read User Mode Service Memory. |
|
CVE-2023-36899 |
ASP.NET Elevation of Privilege Vulnerability |
Important |
7.5 |
No |
No |
Elevation of |
Exploitation |
The attacker would gain the rights of the user that is running the affected application. |
|
CVE-2023-36912 |
Microsoft Message Queuing Denial of Service Vulnerability |
Important |
7.5 |
No |
No |
Denial of |
Exploitation |
|
|
CVE-2023-38172 |
Microsoft Message Queuing Denial of Service Vulnerability |
Important |
7.5 |
No |
No |
Denial of |
Exploitation |
|
|
CVE-2023-38178 |
.NET Core and Visual Studio Denial of Service Vulnerability |
Important |
7.5 |
No |
No |
Denial of |
Exploitation |
|
|
CVE-2023-38184 |
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability |
Important |
7.5 |
No |
No |
Remote Code |
Exploitation |
|
|
CVE-2023-36873 |
.NET Framework Spoofing Vulnerability |
Important |
7.4 |
No |
No |
Spoofing |
Exploitation |
|
|
CVE-2023-38167 |
Microsoft Dynamics Business Central Elevation Of Privilege Vulnerability |
Important |
7.2 |
No |
No |
Elevation of |
Exploitation |
Successful exploitation of this vulnerability requires an attacker to already have admin or high privilege access to a security group within the tenant. |
|
CVE-2023-35391 |
ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability |
Important |
7.1 |
No |
No |
Information |
Exploitation |
This vulnerability makes it possible to listen to any group or user with a specially crafted group/username. By exploiting this vulnerability, the attacker can now receive messages for group(s) that they are unauthorized to view. |
|
CVE-2023-36876 |
Reliability Analysis Metrics Calculation (RacTask) Elevation of Privilege Vulnerability |
Important |
7.1 |
No |
No |
Elevation of |
Exploitation |
An attacker who successfully exploited this vulnerability could create or delete files in the security context of the “NT AUTHORITY\ LOCAL SERVICE” account. |
|
CVE-2023-35378 |
Windows Projected File System Elevation of Privilege Vulnerability |
Important |
7.0 |
No |
No |
Elevation of |
Exploitation |
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. |
|
CVE-2023-38176 |
Azure Arc-Enabled Servers Elevation of Privilege Vulnerability |
Important |
7.0 |
No |
No |
Elevation of |
Exploitation |
An attacker who successfully exploited this vulnerability could gain administrator privileges. |
|
CVE-2023-35376 |
Microsoft Message Queuing Denial of Service Vulnerability |
Important |
6.5 |
No |
No |
Denial of |
Exploitation |
|
|
CVE-2023-35377 |
Microsoft Message Queuing Denial of Service Vulnerability |
Important |
6.5 |
No |
No |
Denial of |
Exploitation |
|
|
CVE-2023-35389 |
Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability |
Important |
6.5 |
No |
No |
Remote Code |
Exploitation |
Scope = Changed, Jump Point = True |
|
CVE-2023-36890 |
Microsoft SharePoint Server Information Disclosure Vulnerability |
Important |
6.5 |
No |
No |
Information |
Exploitation |
|
|
CVE-2023-36893 |
Microsoft Outlook Spoofing Vulnerability |
Important |
6.5 |
No |
No |
Spoofing |
Exploitation |
|
|
CVE-2023-36894 |
Microsoft SharePoint Server Information Disclosure Vulnerability |
Important |
6.5 |
No |
No |
Information |
Exploitation |
An attacker that successfully exploited this vulnerability could leak private property values. |
|
CVE-2023-36909 |
Microsoft Message Queuing Denial of Service Vulnerability |
Important |
6.5 |
No |
No |
Denial of |
Exploitation |
|
|
CVE-2023-36913 |
Microsoft Message Queuing Information Disclosure Vulnerability |
Important |
6.5 |
No |
No |
Information |
Exploitation |
|
|
CVE-2023-38254 |
Microsoft Message Queuing Denial of Service Vulnerability |
Important |
6.5 |
No |
No |
Denial of |
Exploitation |
|
|
CVE-2023-36869 |
Azure DevOps Server Spoofing Vulnerability |
Important |
6.3 |
No |
No |
Spoofing |
Exploitation |
|
|
CVE-2023-36908 |
Windows Hyper-V Information Disclosure Vulnerability |
Important |
5.7 |
No |
No |
Information |
Exploitation |
|
|
CVE-2023-36889 |
Windows Group Policy Security Feature Bypass Vulnerability |
Important |
5.5 |
No |
No |
Security Feature |
Exploitation |
An authenticated attacker who successfully exploited this vulnerability could read specific Group Policy configuration settings. |
|
CVE-2023-36905 |
Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability |
Important |
5.5 |
No |
No |
Information |
Exploitation |
An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. |
|
CVE-2023-36906 |
Windows Cryptographic Services Information Disclosure Vulnerability |
Important |
5.5 |
No |
No |
Information |
Exploitation |
An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. |
|
CVE-2023-36907 |
Windows Cryptographic Services Information Disclosure Vulnerability |
Important |
5.5 |
No |
No |
Information |
Exploitation |
An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. |
|
CVE-2023-36914 |
Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability |
Important |
5.5 |
No |
No |
Security Feature |
Exploitation |
An attacker who successfully exploited this vulnerability could bypass the Fast Identity Online (FIDO) secure authentication feature. |
|
CVE-2023-35384 |
Windows HTML Platforms Security Feature Bypass Vulnerability |
Important |
5.4 |
No |
No |
Security Feature |
Exploitation |
|
|
CVE-2023-35394 |
Azure HDInsight Jupyter Notebook Spoofing Vulnerability |
Important |
4.6 |
No |
No |
Spoofing |
Exploitation |
|
|
CVE-2023-35393 |
Azure Apache Hive Spoofing Vulnerability |
Important |
4.5 |
No |
No |
Spoofing |
Exploitation |
|
|
CVE-2023-36877 |
Azure Apache Oozie Spoofing Vulnerability |
Important |
4.5 |
No |
No |
Spoofing |
Exploitation |
|
|
CVE-2023-36881 |
Azure Apache Ambari Spoofing Vulnerability |
Important |
4.5 |
No |
No |
Spoofing |
Exploitation |
|
|
CVE-2023-36882 |
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
Important |
4.5 |
No |
No |
Remote Code |
Exploitation |
|
|
CVE-2023-38188 |
Azure Apache Hadoop Spoofing Vulnerability |
Important |
4.5 |
No |
No |
Spoofing |
Exploitation |
