Skip to main content
All Posts By

Kyleigh Andries

Microsoft Patch Tuesday Update | September 2023

By Patch Management, Patch Tuesday, Video, Webinars

Watch September’s Microsoft Patch Tuesday Forecast On Demand

Dive into this month’s bulletins and strategies for tackling the latest and most important Patch Tuesday updates.  Syxsense’s Chief Customer Success Officer, Rob Brown, covers all of the latest updates live.

Watch the Webinar

syxsense - patch management, cybersecurity, mobile device management, security scanning, remediation

Hosted by Rob Brown, Chief Customer Success Officer

During his 17 years at Syxsense, Rob’s role has evolved from onsite technical consultant through providing solutions around Patch Management, Vulnerability Management and Security Best Practices. His team have deployed over 100M patches to our global customers over the last decade.

September 13, 2023
Love0

September 2023 Patch Tuesday: Microsoft releases 59 fixes this month including 2 Critical and 2 Weaponised Threats

By Blog, Patch Management, Patch Tuesday

Microsoft releases 59 fixes this month including 2 Critical and 2 Weaponised Threats

There are 2 Critical, 55 Important, 1 Moderate and an NA severity fixed this month.  Microsoft Windows and Windows Components, Exchange Server, Office, .NET and Visual Studio, Azure, Microsoft Dynamics and Windows Defender have all received fixes this month.

Robert Brown, Head of Customer Success for Syxsense said, “We have 2 patches that resolve vulnerabilities which are Weaponised and one of those are also Publicly Aware. If you count all the individual CVSS scores together, September has a combined CVSS score of 434.3 down from 531.5 last month; however, the average CVSS score was 7.4 which was higher than last month’s even though there were a larger quantity of updates which were fixed.”

Based on the Vendor Severity & CVSS Score, we have made a few recommendations below.  As usual we recommend our customers enter the CVE numbers below into your Patch Management solution and deploy as soon as testing is complete.

 

CVE-2023-36761 – Microsoft Word Information Disclosure Vulnerability

Exploiting this vulnerability could allow the disclosure of NTLM hashes, the Preview Pane is an attack vector.

Note:  The vulnerability is Weaponised and Publicly Aware

Syxscore

  • Vendor Severity: Important
  • CVSS: 6.2
  • Weaponised: Yes
  • Public Aware: Yes
  • Countermeasure: No

Risk

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope / Jump Point: Unchanged / No

CVE-2023-36802 – Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability

This vulnerability has been found by the Microsoft Threat Intelligence team and could be linked to an existing Ransomware attack.  An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

Note:  The vulnerability is Weaponised

Syxscore

  • Vendor Severity: Important
  • CVSS: 7.8
  • Weaponised: Yes
  • Public Aware: No
  • Countermeasure: No

Risk

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope / Jump Point: Unchanged / No

CVE-2023-38148 – Internet Connection Sharing (ICS) Remote Code Execution Vulnerability

An unauthorized attacker could exploit this Internet Connection Sharing (ICS) vulnerability by sending a specially crafted network packet to the Internet Connection Sharing (ICS) Service.

Note:  The vulnerability is More Likely to be Weaponised

Syxscore

  • Vendor Severity: Critical
  • CVSS: 8.8
  • Weaponised: No
  • Public Aware: No
  • Countermeasure: No

Risk

  • Attack Vector: Adjacent
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope / Jump Point: Unchanged / No
Reference Description Vendor Severity CVSS Score Weaponised Publicly Aware Additional Information Countermeasure Exploitability Assessment Impact
CVE-2023-36761 Microsoft Word Information Disclosure Vulnerability Important 6.2 Yes Yes Exploiting this vulnerability could allow the disclosure of NTLM hashes, the Preview Pane is an attack vector. No Exploitation Detected Information Disclosure
CVE-2023-36802 Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability Important 7.8 Yes No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. No Exploitation Detected Elevation of Privilege
CVE-2023-38148 Internet Connection Sharing (ICS) Remote Code Execution Vulnerability Critical 8.8 No No Yes Exploitation More Likely Remote Code Execution
CVE-2023-33136 Azure DevOps Server Remote Code Execution Vulnerability Important 8.8 No No No Exploitation Less Likely Remote Code Execution
CVE-2023-36764 Microsoft SharePoint Server Elevation of Privilege Vulnerability Important 8.8 No No An attacker who successfully exploited this vulnerability could gain administrator privileges. No Exploitation Less Likely Elevation of Privilege
CVE-2023-38146 Windows Themes Remote Code Execution Vulnerability Important 8.8 No No No Exploitation Less Likely Remote Code Execution
CVE-2023-38147 Windows Miracast Wireless Display Remote Code Execution Vulnerability Important 8.8 No No No Exploitation Less Likely Remote Code Execution
CVE-2023-36744 Microsoft Exchange Server Remote Code Execution Vulnerability Important 8 No No An attacker could exploit the vulnerability by leveraging the known (Type 4) UnitySerializationHolder gadget through a deserialization of untrusted data. Exploitation of this vulnerability requires that a user gain LAN-access as well as obtain credentials for a valid Exchange user. No Exploitation More Likely Remote Code Execution
CVE-2023-36745 Microsoft Exchange Server Remote Code Execution Vulnerability Important 8 No No An attacker could exploit the vulnerability by leveraging the known (Type 4) UnitySerializationHolder gadget through a deserialization of untrusted data. Exploitation of this vulnerability requires that a user gain LAN-access as well as obtain credentials for a valid Exchange user. No Exploitation More Likely Remote Code Execution
CVE-2023-36757 Microsoft Exchange Server Spoofing Vulnerability Important 8 No No No Exploitation Less Likely Spoofing
CVE-2023-36756 Microsoft Exchange Server Remote Code Execution Vulnerability None 8 No No In a network-based attack, an attacker could trigger malicious code in the context of the server’s account through a network call. No Exploitation More Likely Not a Vulnerability
CVE-2023-35355 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Important 7.8 No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. No Exploitation Less Likely Elevation of Privilege
CVE-2023-36739 3D Viewer Remote Code Execution Vulnerability Important 7.8 No No This vulnerability affects FBX component used within the 3D Viewer product. No Exploitation Unlikely Remote Code Execution
CVE-2023-36740 3D Viewer Remote Code Execution Vulnerability Important 7.8 No No This vulnerability affects FBX component used within the 3D Viewer product. No Exploitation Unlikely Remote Code Execution
CVE-2023-36742 Visual Studio Code Remote Code Execution Vulnerability Important 7.8 No No No Exploitation Less Likely Remote Code Execution
CVE-2023-36758 Visual Studio Elevation of Privilege Vulnerability Important 7.8 No No A domain user could use this vulnerability to elevate privileges to SYSTEM assigned integrity level. No Exploitation Less Likely Elevation of Privilege
CVE-2023-36760 3D Viewer Remote Code Execution Vulnerability Important 7.8 No No No Exploitation Less Likely Remote Code Execution
CVE-2023-36765 Microsoft Office Elevation of Privilege Vulnerability Important 7.8 No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. No Exploitation Less Likely Elevation of Privilege
CVE-2023-36766 Microsoft Excel Information Disclosure Vulnerability Important 7.8 No No No Exploitation Less Likely Information Disclosure
CVE-2023-36770 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No Exploitation Less Likely Remote Code Execution
CVE-2023-36771 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No Exploitation Less Likely Remote Code Execution
CVE-2023-36772 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No Exploitation Less Likely Remote Code Execution
CVE-2023-36773 3D Builder Remote Code Execution Vulnerability Important 7.8 No No No Exploitation Less Likely Remote Code Execution
CVE-2023-36788 .NET Framework Remote Code Execution Vulnerability Important 7.8 No No No Exploitation Less Likely Remote Code Execution
CVE-2023-36792 Visual Studio Remote Code Execution Vulnerability Important 7.8 No No No Exploitation Less Likely Remote Code Execution
CVE-2023-36793 Visual Studio Remote Code Execution Vulnerability Important 7.8 No No No Exploitation Less Likely Remote Code Execution
CVE-2023-36794 Visual Studio Remote Code Execution Vulnerability Important 7.8 No No No Exploitation Less Likely Remote Code Execution
CVE-2023-36796 Visual Studio Remote Code Execution Vulnerability Important 7.8 No No No Exploitation Less Likely Remote Code Execution
CVE-2023-36804 Windows GDI Elevation of Privilege Vulnerability Important 7.8 No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. No Exploitation More Likely Elevation of Privilege
CVE-2023-38139 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. No Exploitation Less Likely Elevation of Privilege
CVE-2023-38141 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. No Exploitation Less Likely Elevation of Privilege
CVE-2023-38142 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. No Exploitation More Likely Elevation of Privilege
CVE-2023-38143 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. No Exploitation More Likely Elevation of Privilege
CVE-2023-38144 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. No Exploitation More Likely Elevation of Privilege
CVE-2023-38150 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Exploitation Less Likely Elevation of Privilege
CVE-2023-38161 Windows GDI Elevation of Privilege Vulnerability Important 7.8 No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. No Exploitation More Likely Elevation of Privilege
CVE-2023-38163 Windows Defender Attack Surface Reduction Security Feature Bypass Important 7.8 No No No Exploitation Less Likely Security Feature Bypass
CVE-2023-36800 Dynamics Finance and Operations Cross-site Scripting Vulnerability Important 7.6 No No No Exploitation Less Likely Spoofing
CVE-2023-36886 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Important 7.6 No No Scope = Changed, Jump Point = True
The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.		 No Exploitation Less Likely Spoofing
CVE-2023-38164 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Important 7.6 No No Scope = Changed, Jump Point = True
The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.		 No Exploitation Less Likely Spoofing
CVE-2023-29332 Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability Critical 7.5 No No An attacker who successfully exploited this vulnerability could gain Cluster Administrator privileges. No Exploitation Less Likely Elevation of Privilege
CVE-2023-36763 Microsoft Outlook Information Disclosure Vulnerability Important 7.5 No No Exploiting this vulnerability could allow the disclosure of credentials. No Exploitation Less Likely Information Disclosure
CVE-2023-38149 Windows TCP/IP Denial of Service Vulnerability Important 7.5 No No Yes Exploitation Less Likely Denial of Service
CVE-2023-38162 DHCP Server Service Denial of Service Vulnerability Important 7.5 No No Customers who have not configured their DHCP server as a failover are not affected by this vulnerability. Exploitation Less Likely Denial of Service
CVE-2023-36762 Microsoft Word Remote Code Execution Vulnerability Important 7.3 No No The attachment Preview Pane that is accessed when a user clicks to preview an attached file is an attack vector; however, the email Preview Pane itself is not. No Exploitation Unlikely Remote Code Execution
CVE-2023-38156 Azure HDInsight Apache Ambari Elevation of Privilege Vulnerability Important 7.2 No No An attacker who successfully exploited this vulnerability could gain domain administrator privileges. No Exploitation Less Likely Elevation of Privilege
CVE-2023-36805 Windows MSHTML Platform Security Feature Bypass Vulnerability Important 7 No No An attacker who successfully exploited this vulnerability could maintain high privileges, which include read, write, and delete functionality. No Exploitation Less Likely Remote Code Execution
CVE-2023-38155 Azure DevOps Server and Team Foundation Server Elevation of Privilege Vulnerability Important 7 No No An attacker who successfully exploited this vulnerability could gain administrator privileges. No Exploitation Less Likely Elevation of Privilege
CVE-2023-36759 Visual Studio Elevation of Privilege Vulnerability Important 6.7 No No A domain user could use this vulnerability to elevate privileges to SYSTEM assigned integrity level. No Exploitation Less Likely Denial of Service
CVE-2023-36799 .NET Core and Visual Studio Denial of Service Vulnerability Important 6.5 No No No Exploitation Less Likely Denial of Service
CVE-2023-36777 Microsoft Exchange Server Information Disclosure Vulnerability Important 5.7 No No No Exploitation More Likely Information Disclosure
CVE-2023-36803 Windows Kernel Information Disclosure Vulnerability Important 5.5 No No An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. No Exploitation Less Likely Information Disclosure
CVE-2023-38140 Windows Kernel Information Disclosure Vulnerability Important 5.5 No No No Exploitation Less Likely Information Disclosure
CVE-2023-38160 Windows TCP/IP Information Disclosure Vulnerability Important 5.5 No No An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. No Exploitation More Likely Information Disclosure
CVE-2023-36801 DHCP Server Service Information Disclosure Vulnerability Important 5.3 No No Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. Yes Exploitation Less Likely Information Disclosure
CVE-2023-38152 DHCP Server Service Information Disclosure Vulnerability Important 5.3 No No Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. Yes Exploitation More Likely Information Disclosure
CVE-2023-36736 Microsoft Identity Linux Broker Arbitrary Code Execution Vulnerability Important 4.4 No No No Exploitation Less Likely Remote Code Execution
CVE-2023-36767 Microsoft Office Security Feature Bypass Vulnerability Important 4.3 No No No Exploitation Less Likely Security Feature Bypass
CVE-2023-41764 Microsoft Office Spoofing Vulnerability Moderate No No No Exploitation Less Likely Spoofing
Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
September 12, 2023
Love0

2023 State of Vulnerability Management: Key Insights & Strategies

By Cybersecurity, Report, Vulnerability Management

Download the Report

In conjunction with Cybersecurity Insiders, we’re pleased to present this report of findings from a recent survey on the 2023 State of Vulnerability Management.

Managing cybersecurity vulnerabilities is a significant challenge for most organizations. Unaddressed vulnerabilities open doors to cyber threats, while the sheer volume of potential risks can make it difficult to prioritize remediation tasks effectively. Rapid technology advancements and ever increasing attack surfaces often outpace organizations’ abilities to stay ahead of emerging threats.

This survey was designed to shed light on current practices, obstacles, and perspectives in vulnerability management. Through understanding how organizations are tackling these challenges, the “2023 State of Vulnerability Management” report offers strategic insights and industry benchmarks.

August 28, 2023
Love1

Spotlight Webinar | Harnessing Automation: Streamlining IT Automation with Drag-and-Drop Workflows

By Spotlight Webinar, Video, Webinars

Spotlight Webinar | Harnessing Automation: Streamlining IT Automation with Drag-and-Drop Workflows

In August’s class, Syxsense’s Pre-Sales Manager Graham Brooks demonstrated how to leverage IT security automation through drag-and-drop workflows to streamline configuration management. We went on a deep dive into the automation process, showing you how to use intuitive workflows to manage configurations efficiently and effectively. This session offers valuable insights into detecting and addressing configuration issues, enhancing consistency, and reducing system downtime. Embark on this educational journey with us to bolster your digital security infrastructure and ensure your organization runs at peak performance.

Watch the Webinar

August 17, 2023
Love0

Microsoft Patch Tuesday Update | August 2023

By Patch Management, Patch Tuesday, Video, Webinars

Watch August’s Microsoft Patch Tuesday Forecast On Demand

Dive into this month’s bulletins and strategies for tackling the latest and most important Patch Tuesday updates.  Syxsense’s Chief Customer Success Officer, Rob Brown, covers all of the latest updates live.

Watch the Webinar

syxsense - patch management, cybersecurity, mobile device management, security scanning, remediation

Hosted by Rob Brown, Chief Customer Success Officer

During his 17 years at Syxsense, Rob’s role has evolved from onsite technical consultant through providing solutions around Patch Management, Vulnerability Management and Security Best Practices. His team have deployed over 100M patches to our global customers over the last decade.

August 9, 2023
Love0

August 2023 Patch Tuesday: Microsoft releases 75 fixes this month including 6 Critical and 4 CVSS Rated over 9.0

By Blog, Patch Management, Patch Tuesday

Microsoft releases 75 fixes this month including 6 Critical and 4 CVSS Rated over 9.0

There are 6 Critical, 67 Important and 2 Moderate severity fixes this month.  Microsoft Windows, Components, Office and Office Components, .NET and Visual Studio, Azure, SQL Server, Exchange, SharePoint & Teams have all received fixes this month.

Robert Brown, Head of Customer Success for Syxsense said, “We have 4 patches that resolve vulnerabilities which have a CVSS score of more than 9 (Critical) and if you count all the individual CVSS scores together, August has a combined CVSS score of 531.5 compared to 861.7 last month.  The average CVSS score was 7.3 which was higher than last month’s even though there were a larger quantity of updates which were fixed.”

Based on the Vendor Severity & CVSS Score, we have made a few recommendations below.  As usual we recommend our customers enter the CVE numbers below into your Patch Management solution and deploy as soon as testing is complete.

ADV230003 – Microsoft Office Defense in Depth Update

This defense in depth update is not a vulnerability, but installing this update stops the attack chain leading to the Windows Search security feature bypass vulnerability (CVE-2023-36884). Microsoft recommends installing this update as well as upgrading to the latest version of Windows.

Note:  The vulnerability is Weaponised.

Syxscore

  • Vendor Severity: Moderate
  • CVSS: TBC
  • Weaponised: Yes
  • Public Aware: Yes
  • Countermeasure: No

CVE-2023-35385 & CVE-2023-36910- Microsoft Message Queuing Remote Code Execution Vulnerability

To exploit this vulnerability, an attacker would need to send a specially crafted malicious MSMQ packet to a MSMQ server. This could result in remote code execution on the server side.

The Windows message queuing service needs to be enabled for a system to be exploitable by this vulnerability. This feature can be added via the Control Panel, you can check to see if there is a service running named Message Queuing and TCP port 1801 is listening on the machine however Successful exploitation of this vulnerability could allow an unauthenticated attacker to remotely execute code on the target server.

Note:  The vulnerability requires a Reboot.

Syxscore

  • Vendor Severity: Critical
  • CVSS: 9.8
  • Weaponised: No
  • Public Aware: No
  • Countermeasure: No

Syxscore Risk

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged / No

CVE-2023-21709 – Microsoft Exchange Server Elevation of Privilege Vulnerability

In addition to installing the updates a script must also be run.

(Recommended) Install Exchange Server 2016 or 2019 August SU (or later)

Do one of the following:

  1. Apply the solution for the CVE automatically on your servers, run the CVE-2023-21709.ps1 script.
  2. Apply the solution for the CVE manually on each server, by running the following command from an elevated PowerShell window:

Clear-WebConfiguration -Filter “/system.webServer/globalModules/add[@name=’TokenCacheModule’]” -PSPath “IIS:\”

Syxscore

  • Vendor Severity: Important
  • CVSS: 9.8
  • Weaponised: No
  • Public Aware: No
  • Countermeasure: No

Syxscore Risk

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged / No

Reference

Description

Vendor
Severity

CVSS
Score

Weaponised

Publicly
Aware

Impact

Exploitability
Assessment

Additional
Information

ADV230003

Microsoft Office Defense in Depth Update

Moderate

NA

Yes

Yes

Defense in
Depth

Exploitation
Detected

 This defense in depth update is not a vulnerability, but installing this update stops the attack chain leading to the Windows Search security feature bypass vulnerability (CVE-2023-36884). Microsoft recommends installing this update as well as upgrading to the latest version of Windows.

CVE-2023-38180

.NET and Visual Studio Denial of Service Vulnerability

Important

7.5

Yes

No

Denial of
Service

Exploitation
Less Likely

ADV230004

Memory Integrity System Readiness Scan Tool Defense in Depth Update

Moderate

NA

No

Yes

Defense in
Depth

Exploitation
More Likely

 Detect compatibility issues with memory integrity (also known as hypervisor-protected code integrity (HVCI)). The memory integrity scan tool is available to download on Windows 10, Windows 11, and Windows Server machines.

CVE-2023-35385

Microsoft Message Queuing Remote Code Execution Vulnerability

Critical

9.8

No

No

Remote Code
Execution

Exploitation
Less Likely

 The Windows message queuing service, which is a Windows component, needs to be enabled for a system to be exploitable by this vulnerability. This feature can be added via the Control Panel.You can check to see if there is a service running named Message Queuing and TCP port 1801 is listening on the machine.

CVE-2023-36910

Microsoft Message Queuing Remote Code Execution Vulnerability

Critical

9.8

No

No

Remote Code
Execution

Exploitation
Less Likely

 To exploit this vulnerability, an attacker would need to send a specially crafted malicious MSMQ packet to a MSMQ server. This could result in remote code execution on the server side.The Windows message queuing service, which is a Windows component, needs to be enabled for a system to be exploitable by this vulnerability. This feature can be added via the Control Panel.You can check to see if there is a service running named Message Queuing and TCP port 1801 is listening on the machine.

CVE-2023-36911

Microsoft Message Queuing Remote Code Execution Vulnerability

Critical

9.8

No

No

Remote Code
Execution

Exploitation
Less Likely

 Successful exploitation of this vulnerability could allow an unauthenticated attacker to remotely execute code on the target server.The Windows message queuing service, which is a Windows component, needs to be enabled for a system to be exploitable by this vulnerability. This feature can be added via the Control Panel.You can check to see if there is a service running named Message Queuing and TCP port 1801 is listening on the machine.

CVE-2023-21709

Microsoft Exchange Server Elevation of Privilege Vulnerability

Important

9.8

No

No

Elevation of
Privilege

Exploitation
Less Likely

 In addition to installing the updates a script must be run.  Alternatively, you can accomplish the same by running commands from the command line in a PowerShell window or some other terminal.Follow the following steps:(Recommended) Install Exchange Server 2016 or 2019 August SU (or later)Do one of the following:1. Apply the solution for the CVE automatically on your servers, run the CVE-2023-21709.ps1 script.2. Apply the solution for the CVE manually on each server, by running the following command from an elevated PowerShell window:Clear-WebConfiguration -Filter “/system.webServer/globalModules/add[@name=’TokenCacheModule’]” -PSPath “IIS:\”

CVE-2023-29328

Microsoft Teams Remote Code Execution Vulnerability

Critical

8.8

No

No

Remote Code
Execution

Exploitation
Less Likely

 Successful exploitation could potentially cause downtime for the client machine.

CVE-2023-29330

Microsoft Teams Remote Code Execution Vulnerability

Critical

8.8

No

No

Remote Code
Execution

Exploitation
Less Likely

CVE-2023-35368

Microsoft Exchange Remote Code Execution Vulnerability

Important

8.8

No

No

Remote Code
Execution

Exploitation
Less Likely

 Successful exploitation of this vulnerability could allow an attacker the ability to gain remote code execution via an in-network attacker calling arbitrary endpoints.

CVE-2023-35381

Windows Fax Service Remote Code Execution Vulnerability

Important

8.8

No

No

Remote Code
Execution

Exploitation
Less Likely

CVE-2023-35387

Windows Bluetooth A2DP driver Elevation of Privilege Vulnerability

Important

8.8

No

No

Elevation of
Privilege

Exploitation
Less Likely

 Scope = Changed, Jump Point = TrueAn authorized attacker could exploit the Windows Bluetooth driver vulnerability by programmatically running certain functions that could lead to elevation of privilege on the Bluetooth component.

CVE-2023-38169

Microsoft OLE DB Remote Code Execution Vulnerability

Important

8.8

No

No

Remote Code
Execution

Exploitation
Less Likely

 An attacker could exploit the vulnerability by tricking an authenticated user into attempting to connect to a malicious SQL server via OLEDB, which could result in the server receiving a malicious networking packet. This could allow the attacker to execute code remotely on the client.

CVE-2023-38181

Microsoft Exchange Server Spoofing Vulnerability

Important

8.8

No

No

Spoofing

Exploitation
Less Likely

 An authenticated attacker could achieve exploitation given a PowerShell remoting session to the server.

CVE-2023-38185

Microsoft Exchange Server Remote Code Execution Vulnerability

Important

8.8

No

No

Remote Code
Execution

Exploitation
Less Likely

CVE-2023-36897

Visual Studio Tools for Office Runtime Spoofing Vulnerability

Important

8.1

No

No

Spoofing

Exploitation
Less Likely

CVE-2023-35388

Microsoft Exchange Server Remote Code Execution Vulnerability

Important

8.0

No

No

Remote Code
Execution

Exploitation
More Likely

 An authenticated attacker could gain remote code execution rights on the server mailbox backend as NT AUTHORITY\SYSTEM.

CVE-2023-36891

Microsoft SharePoint Server Spoofing Vulnerability

Important

8.0

No

No

Spoofing

Exploitation
Less Likely

CVE-2023-36892

Microsoft SharePoint Server Spoofing Vulnerability

Important

8.0

No

No

Spoofing

Exploitation
Less Likely

CVE-2023-38182

Microsoft Exchange Server Remote Code Execution Vulnerability

Important

8.0

No

No

Remote Code
Execution

Exploitation
More Likely

CVE-2023-36895

Microsoft Outlook Remote Code Execution Vulnerability

Critical

7.8

No

No

Remote Code
Execution

Exploitation
Less Likely

CVE-2023-35359

Windows Kernel Elevation of Privilege Vulnerability

Important

7.8

No

No

Elevation of
Privilege

Exploitation
More Likely

 An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2023-35371

Microsoft Office Remote Code Execution Vulnerability

Important

7.8

No

No

Remote Code
Execution

Exploitation
Less Likely

CVE-2023-35372

Microsoft Office Visio Remote Code Execution Vulnerability

Important

7.8

No

No

Remote Code
Execution

Exploitation
Less Likely

CVE-2023-35379

Reliability Analysis Metrics Calculation Engine (RACEng) Elevation of Privilege Vulnerability

Important

7.8

No

No

Elevation of
Privilege

Exploitation
Less Likely

 An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges.

CVE-2023-35380

Windows Kernel Elevation of Privilege Vulnerability

Important

7.8

No

No

Elevation of
Privilege

Exploitation
More Likely

CVE-2023-35382

Windows Kernel Elevation of Privilege Vulnerability

Important

7.8

No

No

Elevation of
Privilege

Exploitation
More Likely

 An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2023-35386

Windows Kernel Elevation of Privilege Vulnerability

Important

7.8

No

No

Elevation of
Privilege

Exploitation
More Likely

 An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2023-35390

.NET and Visual Studio Remote Code Execution Vulnerability

Important

7.8

No

No

Remote Code
Execution

Exploitation
Less Likely

CVE-2023-36865

Microsoft Office Visio Remote Code Execution Vulnerability

Important

7.8

No

No

Remote Code
Execution

Exploitation
Less Likely

CVE-2023-36866

Microsoft Office Visio Remote Code Execution Vulnerability

Important

7.8

No

No

Remote Code
Execution

Exploitation
Less Likely

CVE-2023-36896

Microsoft Excel Remote Code Execution Vulnerability

Important

7.8

No

No

Remote Code
Execution

Exploitation
Less Likely

CVE-2023-36898

Tablet Windows User Interface Application Core Remote Code Execution Vulnerability

Important

7.8

No

No

Remote Code
Execution

Exploitation
Less Likely

CVE-2023-36900

Windows Common Log File System Driver Elevation of Privilege Vulnerability

Important

7.8

No

No

Elevation of
Privilege

Exploitation
More Likely

 An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2023-36903

Windows System Assessment Tool Elevation of Privilege Vulnerability

Important

7.8

No

No

Elevation of
Privilege

Exploitation
Less Likely

 An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges.

CVE-2023-36904

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

Important

7.8

No

No

Elevation of
Privilege

Exploitation
Less Likely

 An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges.

CVE-2023-38154

Windows Kernel Elevation of Privilege Vulnerability

Important

7.8

No

No

Elevation of
Privilege

Exploitation
Unlikely

 An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2023-38170

HEVC Video Extensions Remote Code Execution Vulnerability

Important

7.8

No

No

Remote Code
Execution

Exploitation
Less Likely

CVE-2023-38175

Microsoft Windows Defender Elevation of Privilege Vulnerability

Important

7.8

No

No

Elevation of
Privilege

Exploitation
Less Likely

 Windows Defender Antimalware Platform

CVE-2023-38186

Windows Mobile Device Management Elevation of Privilege Vulnerability

Important

7.8

No

No

Elevation of
Privilege

Exploitation
Less Likely

 An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2023-35383

Microsoft Message Queuing Information Disclosure Vulnerability

Important

7.5

No

No

Information
Disclosure

Exploitation
Less Likely

 An attacker who successfully exploited the vulnerability could potentially read User Mode Service Memory.

CVE-2023-36899

ASP.NET Elevation of Privilege Vulnerability

Important

7.5

No

No

Elevation of
Privilege

Exploitation
Less Likely

 The attacker would gain the rights of the user that is running the affected application.

CVE-2023-36912

Microsoft Message Queuing Denial of Service Vulnerability

Important

7.5

No

No

Denial of
Service

Exploitation
Less Likely

CVE-2023-38172

Microsoft Message Queuing Denial of Service Vulnerability

Important

7.5

No

No

Denial of
Service

Exploitation
Less Likely

CVE-2023-38178

.NET Core and Visual Studio Denial of Service Vulnerability

Important

7.5

No

No

Denial of
Service

Exploitation
Less Likely

CVE-2023-38184

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

Important

7.5

No

No

Remote Code
Execution

Exploitation
Less Likely

CVE-2023-36873

.NET Framework Spoofing Vulnerability

Important

7.4

No

No

Spoofing

Exploitation
Less Likely

CVE-2023-38167

Microsoft Dynamics Business Central Elevation Of Privilege Vulnerability

Important

7.2

No

No

Elevation of
Privilege

Exploitation
Less Likely

 Successful exploitation of this vulnerability requires an attacker to already have admin or high privilege access to a security group within the tenant.

CVE-2023-35391

ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability

Important

7.1

No

No

Information
Disclosure

Exploitation
Less Likely

 This vulnerability makes it possible to listen to any group or user with a specially crafted group/username. By exploiting this vulnerability, the attacker can now receive messages for group(s) that they are unauthorized to view.

CVE-2023-36876

Reliability Analysis Metrics Calculation (RacTask) Elevation of Privilege Vulnerability

Important

7.1

No

No

Elevation of
Privilege

Exploitation
Less Likely

 An attacker who successfully exploited this vulnerability could create or delete files in the security context of the “NT AUTHORITY\ LOCAL SERVICE” account.

CVE-2023-35378

Windows Projected File System Elevation of Privilege Vulnerability

Important

7.0

No

No

Elevation of
Privilege

Exploitation
Less Likely

 An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2023-38176

Azure Arc-Enabled Servers Elevation of Privilege Vulnerability

Important

7.0

No

No

Elevation of
Privilege

Exploitation
Less Likely

 An attacker who successfully exploited this vulnerability could gain administrator privileges.

CVE-2023-35376

Microsoft Message Queuing Denial of Service Vulnerability

Important

6.5

No

No

Denial of
Service

Exploitation
Less Likely

CVE-2023-35377

Microsoft Message Queuing Denial of Service Vulnerability

Important

6.5

No

No

Denial of
Service

Exploitation
Less Likely

CVE-2023-35389

Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability

Important

6.5

No

No

Remote Code
Execution

Exploitation
Less Likely

 Scope = Changed, Jump Point = True

CVE-2023-36890

Microsoft SharePoint Server Information Disclosure Vulnerability

Important

6.5

No

No

Information
Disclosure

Exploitation
Less Likely

CVE-2023-36893

Microsoft Outlook Spoofing Vulnerability

Important

6.5

No

No

Spoofing

Exploitation
Less Likely

CVE-2023-36894

Microsoft SharePoint Server Information Disclosure Vulnerability

Important

6.5

No

No

Information
Disclosure

Exploitation
Less Likely

 An attacker that successfully exploited this vulnerability could leak private property values.

CVE-2023-36909

Microsoft Message Queuing Denial of Service Vulnerability

Important

6.5

No

No

Denial of
Service

Exploitation
Less Likely

CVE-2023-36913

Microsoft Message Queuing Information Disclosure Vulnerability

Important

6.5

No

No

Information
Disclosure

Exploitation
Less Likely

CVE-2023-38254

Microsoft Message Queuing Denial of Service Vulnerability

Important

6.5

No

No

Denial of
Service

Exploitation
Less Likely

CVE-2023-36869

Azure DevOps Server Spoofing Vulnerability

Important

6.3

No

No

Spoofing

Exploitation
Less Likely

CVE-2023-36908

Windows Hyper-V Information Disclosure Vulnerability

Important

5.7

No

No

Information
Disclosure

Exploitation
Less Likely

CVE-2023-36889

Windows Group Policy Security Feature Bypass Vulnerability

Important

5.5

No

No

Security Feature
Bypass

Exploitation
Less Likely

 An authenticated attacker who successfully exploited this vulnerability could read specific Group Policy configuration settings.

CVE-2023-36905

Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability

Important

5.5

No

No

Information
Disclosure

Exploitation
Less Likely

 An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.

CVE-2023-36906

Windows Cryptographic Services Information Disclosure Vulnerability

Important

5.5

No

No

Information
Disclosure

Exploitation
Less Likely

 An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.

CVE-2023-36907

Windows Cryptographic Services Information Disclosure Vulnerability

Important

5.5

No

No

Information
Disclosure

Exploitation
Less Likely

 An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.

CVE-2023-36914

Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability

Important

5.5

No

No

Security Feature
Bypass

Exploitation
Less Likely

 An attacker who successfully exploited this vulnerability could bypass the Fast Identity Online (FIDO) secure authentication feature.

CVE-2023-35384

Windows HTML Platforms Security Feature Bypass Vulnerability

Important

5.4

No

No

Security Feature
Bypass

Exploitation
More Likely

CVE-2023-35394

Azure HDInsight Jupyter Notebook Spoofing Vulnerability

Important

4.6

No

No

Spoofing

Exploitation
Less Likely

CVE-2023-35393

Azure Apache Hive Spoofing Vulnerability

Important

4.5

No

No

Spoofing

Exploitation
Less Likely

CVE-2023-36877

Azure Apache Oozie Spoofing Vulnerability

Important

4.5

No

No

Spoofing

Exploitation
Less Likely

CVE-2023-36881

Azure Apache Ambari Spoofing Vulnerability

Important

4.5

No

No

Spoofing

Exploitation
Less Likely

CVE-2023-36882

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

Important

4.5

No

No

Remote Code
Execution

Exploitation
Less Likely

CVE-2023-38188

Azure Apache Hadoop Spoofing Vulnerability

Important

4.5

No

No

Spoofing

Exploitation
Less Likely
Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
August 8, 2023
Love0

Syxsense Recognized by Cyber Security News as One of the 12 Best Vulnerability Management Tools in 2023

By Awards, Cybersecurity, News, Patch Management

Syxsense was recently named by Cyber Security News as one of the 12 Best Vulnerability Management Tools in 2023.

Vulnerability management tools play a significant role in detecting, analyzing, and patching vulnerabilities in web and network-based applications. Tools like Syxsense are designed in a way to identify those weaknesses, but Syxsense is unique in that it employs a Unified Endpoint Security (UES) approach. Unified Endpoint Security (UES) is a critical architecture for organizations looking to integrate endpoint operations and endpoint security workflows for risk identification.

Syxsense is one of the best vulnerability management tools with complete visibility and knowledge of every endpoint in every location, everywhere inside and outside the network, and in the cloud. It combines the power of artificial intelligence with industry expertise to manage and secure endpoints by stopping threats before they occur and neutralizing threats when they happen.

Syxsense delivers security with managed services, 24-hour coverage, and compliance regulation. It includes vulnerability scanning, and patch management, enabling organizations to align their core IT management processes with their cybersecurity strategies.

Syxsense allows you to connect with remote computers easily without approving the connection, which becomes handy while working with non-technical people.

The remote control tool can also work as an asset DB and patch management tool.

You can prioritize device groups and patches based on conditions that you customize to meet your organization’s unique needs based on severity and risk, system configurations, and affected processes using Syxsense’s dynamic queries.

Features:

  • Syxsense provides endpoint management capabilities to help organizations manage and control their endpoints, including desktops, laptops, servers, and mobile devices.
  • Syxsense automates the patching process for operating systems, third-party software, and applications.
  • Syxsense enables organizations to deploy software and applications to endpoints seamlessly.
  • Syxsense helps organizations maintain an accurate inventory of their IT assets.
  • Provides real-time data during scans and deployments.
  • Customization of notifications, queries, and reporting.
  • No-code interface grants a drag-and-drop process builder.
  • Proactively quarantines devices to prevent further infection.

To learn more, book your Syxsense product demo or start a free trial today.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
July 25, 2023
Love0

July 2023 3rd Party Roundup Webinar

By Patch Management, Patch Tuesday, Video, Webinars

Don’t miss out on July’s powerful 3rd Party Patch Management Update.

Fill out the form to the right to watch as we dive into July’s bulletins and show you strategies for tackling the latest and most important 3rd Party Patch updates. Our IT industry expert, Jon Cassell, Syxsense’s Senior Solutions Architect, covers all of the latest updates.

Syxsense spots critical threats early and deploys instantly, with curated patch content that includes risk assessment, patch prioritization, and dedicated Patch scheduling for simple deployment every month.

Our experts have deployed over 100 million patches. Join us as we tackle this month’s updates and then get your own customized demo to see how Syxsense can help you manage Patch vulnerabilities and more.

Watch the Webinar

Jon_Cassell

Hosted By: Jon Cassell, Syxsense Senior Solutions Architect

Jon is currently a Senior Solutions Architect at Syxsense and has been working in the IT and Infrastructure industries for the last 15 years. Before working at Syxsense, he was an IT Manager for a large financial services firm and has a background in Accounting and Tax consultation. He currently holds an MCSA in Server Infrastructure, A+, Network+, Security+, and Server+ certifications.

July 25, 2023
Love0
business wire

Syxsense Recognized as a Sample Vendor for Unified Endpoint Security in the Gartner® Hype Cycle™ for Hybrid Work, 2023

By Awards, Cybersecurity, News, Press Release

Unified Endpoint Security (UES) is a critical architecture for organizations looking to integrate endpoint operations and endpoint security workflows for risk identification.

NEWPORT BEACH, Calif.–(BUSINESS WIRE)– Syxsense, a global leader in Unified Security and Endpoint Management (USEM) solutions, is proud to announce it has been recognized as a Sample Vendor in the Gartner Hype Cycle for Hybrid Work, 2023, in the Unified Endpoint Security (UES) category(1).

With more enterprises transitioning to hybrid work models, organizations are facing new challenges around endpoint management and security. As Gartner(2) notes in the report, “Endpoint protection tools can thwart exploits before the device vulnerability is even remediated, but many cannot resolve the underlying misconfiguration, missing patch or update.”

Syxsense helps organizations overcome these challenges by offering a comprehensive approach to managing and securing all devices (including clients, servers, and mobile devices) regardless of where those devices are located. By consolidating device, patch, vulnerability, and configuration management, Syxsense provides customers with a more complete view of their attack surface in a single console. This gives enterprises a real-time view of their entire environment, while validating security and compliance requirements, and reducing risk and total cost of ownership. Its unique security automation engine, Syxsense Cortex, allows administrators to quickly build automated workflows, without the need for scripting expertise, for software deployment, patch management, vulnerability remediation, compliance reporting, and hundreds of other endpoint security and management tasks.

“Hybrid work is putting added pressure on IT and security teams. They need consolidated security and endpoint management solutions that deliver complete visibility and offer intelligent tools for automated remediation across those endpoints at scale,” said Ashley Leonard, Founder and CEO at Syxsense. “We’re excited to be recognized by Gartner, and believe this acknowledgement reflects the innovative work our team has done to consolidate both foundational and innovative security and endpoint management functionality and deliver complete visibility and control over every endpoint across complex environments.”

To read the entire Gartner Hype Cycle for Hybrid Work, 2023, please visit Gartner.com. For more information on Syxsense or to arrange a demo, please visit www.syxsense.com.

1. GARTNER and HYPE CYCLE are registered trademarks of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

2. Gartner, Hype Cycle for Hybrid Work, 2023, Published 12 July 2023 – ID G00793018, Tori Paulman, Caitlin Duffy, Graham Waller, Emily Rose McRae.

About Syxsense

Syxsense is a leading software vendor providing endpoint security and IT operations management solutions to Managed Service Providers (MSPs), enterprises, and government organizations. Its solutions provide real-time visibility and control over endpoint devices, networks, and cloud infrastructure, helping organizations to protect against cyber threats, improve IT operations, and reduce risk. Syxsense is the first Unified Security and Endpoint Management (USEM) platform that centralizes the three key elements of endpoint security management: security and patch vulnerability management, remediation, and compliance controlled by a powerful drag-and-drop workflow automation technology called Syxsense Cortex™. Syxsense is a single cloud-based platform supporting Windows, Linux, Mac, and mobile devices on-premises and in the cloud. For more information, visit www.syxsense.com.

Contacts

PR Contact
Raymond Fenton
Voxus PR
rfenton@voxuspr.com

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
July 24, 2023
Love0

Spotlight Webinar: Simple, Extendable Automation with Syxsense Cortex

By Spotlight Webinar, Video, Webinars

Spotlight Webinar: Simple, Extendable Automation with Syxsense Cortex

In July’s class Syxsense’s Pre-Sales Manager Graham Brooks demonstrated how to quickly create useful, reusable automation using Syxsense Cortex so that you can reduce complexity and gain efficiency over your IT management practice.

Watch the Webinar

July 20, 2023
Love0