Microsoft releases 59 fixes this month including 2 Critical and 2 Weaponised Threats
There are 2 Critical, 55 Important, 1 Moderate and an NA severity fixed this month. Microsoft Windows and Windows Components, Exchange Server, Office, .NET and Visual Studio, Azure, Microsoft Dynamics and Windows Defender have all received fixes this month.
Robert Brown, Head of Customer Success for Syxsense said, “We have 2 patches that resolve vulnerabilities which are Weaponised and one of those are also Publicly Aware. If you count all the individual CVSS scores together, September has a combined CVSS score of 434.3 down from 531.5 last month; however, the average CVSS score was 7.4 which was higher than last month’s even though there were a larger quantity of updates which were fixed.”
Based on the Vendor Severity & CVSS Score, we have made a few recommendations below. As usual we recommend our customers enter the CVE numbers below into your Patch Management solution and deploy as soon as testing is complete.
CVE-2023-36761 – Microsoft Word Information Disclosure Vulnerability
Exploiting this vulnerability could allow the disclosure of NTLM hashes, the Preview Pane is an attack vector.
Note: The vulnerability is Weaponised and Publicly Aware
Syxscore
- Vendor Severity: Important
- CVSS: 6.2
- Weaponised: Yes
- Public Aware: Yes
- Countermeasure: No
Risk
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope / Jump Point: Unchanged / No
CVE-2023-36802 – Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability
This vulnerability has been found by the Microsoft Threat Intelligence team and could be linked to an existing Ransomware attack. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Note: The vulnerability is Weaponised
Syxscore
- Vendor Severity: Important
- CVSS: 7.8
- Weaponised: Yes
- Public Aware: No
- Countermeasure: No
Risk
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope / Jump Point: Unchanged / No
CVE-2023-38148 – Internet Connection Sharing (ICS) Remote Code Execution Vulnerability
An unauthorized attacker could exploit this Internet Connection Sharing (ICS) vulnerability by sending a specially crafted network packet to the Internet Connection Sharing (ICS) Service.
Note: The vulnerability is More Likely to be Weaponised
Syxscore
- Vendor Severity: Critical
- CVSS: 8.8
- Weaponised: No
- Public Aware: No
- Countermeasure: No
Risk
- Attack Vector: Adjacent
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope / Jump Point: Unchanged / No
| Reference | Description | Vendor Severity | CVSS Score | Weaponised | Publicly Aware | Additional Information | Countermeasure | Exploitability Assessment | Impact |
| CVE-2023-36761 | Microsoft Word Information Disclosure Vulnerability | Important | 6.2 | Yes | Yes | Exploiting this vulnerability could allow the disclosure of NTLM hashes, the Preview Pane is an attack vector. | No | Exploitation Detected | Information Disclosure |
| CVE-2023-36802 | Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability | Important | 7.8 | Yes | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | No | Exploitation Detected | Elevation of Privilege |
| CVE-2023-38148 | Internet Connection Sharing (ICS) Remote Code Execution Vulnerability | Critical | 8.8 | No | No | Yes | Exploitation More Likely | Remote Code Execution | |
| CVE-2023-33136 | Azure DevOps Server Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Exploitation Less Likely | Remote Code Execution | |
| CVE-2023-36764 | Microsoft SharePoint Server Elevation of Privilege Vulnerability | Important | 8.8 | No | No | An attacker who successfully exploited this vulnerability could gain administrator privileges. | No | Exploitation Less Likely | Elevation of Privilege |
| CVE-2023-38146 | Windows Themes Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Exploitation Less Likely | Remote Code Execution | |
| CVE-2023-38147 | Windows Miracast Wireless Display Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Exploitation Less Likely | Remote Code Execution | |
| CVE-2023-36744 | Microsoft Exchange Server Remote Code Execution Vulnerability | Important | 8 | No | No | An attacker could exploit the vulnerability by leveraging the known (Type 4) UnitySerializationHolder gadget through a deserialization of untrusted data. Exploitation of this vulnerability requires that a user gain LAN-access as well as obtain credentials for a valid Exchange user. | No | Exploitation More Likely | Remote Code Execution |
| CVE-2023-36745 | Microsoft Exchange Server Remote Code Execution Vulnerability | Important | 8 | No | No | An attacker could exploit the vulnerability by leveraging the known (Type 4) UnitySerializationHolder gadget through a deserialization of untrusted data. Exploitation of this vulnerability requires that a user gain LAN-access as well as obtain credentials for a valid Exchange user. | No | Exploitation More Likely | Remote Code Execution |
| CVE-2023-36757 | Microsoft Exchange Server Spoofing Vulnerability | Important | 8 | No | No | No | Exploitation Less Likely | Spoofing | |
| CVE-2023-36756 | Microsoft Exchange Server Remote Code Execution Vulnerability | None | 8 | No | No | In a network-based attack, an attacker could trigger malicious code in the context of the server’s account through a network call. | No | Exploitation More Likely | Not a Vulnerability |
| CVE-2023-35355 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | No | Exploitation Less Likely | Elevation of Privilege |
| CVE-2023-36739 | 3D Viewer Remote Code Execution Vulnerability | Important | 7.8 | No | No | This vulnerability affects FBX component used within the 3D Viewer product. | No | Exploitation Unlikely | Remote Code Execution |
| CVE-2023-36740 | 3D Viewer Remote Code Execution Vulnerability | Important | 7.8 | No | No | This vulnerability affects FBX component used within the 3D Viewer product. | No | Exploitation Unlikely | Remote Code Execution |
| CVE-2023-36742 | Visual Studio Code Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | Exploitation Less Likely | Remote Code Execution | |
| CVE-2023-36758 | Visual Studio Elevation of Privilege Vulnerability | Important | 7.8 | No | No | A domain user could use this vulnerability to elevate privileges to SYSTEM assigned integrity level. | No | Exploitation Less Likely | Elevation of Privilege |
| CVE-2023-36760 | 3D Viewer Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | Exploitation Less Likely | Remote Code Execution | |
| CVE-2023-36765 | Microsoft Office Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | No | Exploitation Less Likely | Elevation of Privilege |
| CVE-2023-36766 | Microsoft Excel Information Disclosure Vulnerability | Important | 7.8 | No | No | No | Exploitation Less Likely | Information Disclosure | |
| CVE-2023-36770 | 3D Builder Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | Exploitation Less Likely | Remote Code Execution | |
| CVE-2023-36771 | 3D Builder Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | Exploitation Less Likely | Remote Code Execution | |
| CVE-2023-36772 | 3D Builder Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | Exploitation Less Likely | Remote Code Execution | |
| CVE-2023-36773 | 3D Builder Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | Exploitation Less Likely | Remote Code Execution | |
| CVE-2023-36788 | .NET Framework Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | Exploitation Less Likely | Remote Code Execution | |
| CVE-2023-36792 | Visual Studio Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | Exploitation Less Likely | Remote Code Execution | |
| CVE-2023-36793 | Visual Studio Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | Exploitation Less Likely | Remote Code Execution | |
| CVE-2023-36794 | Visual Studio Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | Exploitation Less Likely | Remote Code Execution | |
| CVE-2023-36796 | Visual Studio Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | Exploitation Less Likely | Remote Code Execution | |
| CVE-2023-36804 | Windows GDI Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | No | Exploitation More Likely | Elevation of Privilege |
| CVE-2023-38139 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | No | Exploitation Less Likely | Elevation of Privilege |
| CVE-2023-38141 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | No | Exploitation Less Likely | Elevation of Privilege |
| CVE-2023-38142 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | No | Exploitation More Likely | Elevation of Privilege |
| CVE-2023-38143 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | No | Exploitation More Likely | Elevation of Privilege |
| CVE-2023-38144 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | No | Exploitation More Likely | Elevation of Privilege |
| CVE-2023-38150 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Exploitation Less Likely | Elevation of Privilege | |
| CVE-2023-38161 | Windows GDI Elevation of Privilege Vulnerability | Important | 7.8 | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | No | Exploitation More Likely | Elevation of Privilege |
| CVE-2023-38163 | Windows Defender Attack Surface Reduction Security Feature Bypass | Important | 7.8 | No | No | No | Exploitation Less Likely | Security Feature Bypass | |
| CVE-2023-36800 | Dynamics Finance and Operations Cross-site Scripting Vulnerability | Important | 7.6 | No | No | No | Exploitation Less Likely | Spoofing | |
| CVE-2023-36886 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important | 7.6 | No | No | Scope = Changed, Jump Point = True The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine. |
No | Exploitation Less Likely | Spoofing |
| CVE-2023-38164 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important | 7.6 | No | No | Scope = Changed, Jump Point = True The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine. |
No | Exploitation Less Likely | Spoofing |
| CVE-2023-29332 | Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability | Critical | 7.5 | No | No | An attacker who successfully exploited this vulnerability could gain Cluster Administrator privileges. | No | Exploitation Less Likely | Elevation of Privilege |
| CVE-2023-36763 | Microsoft Outlook Information Disclosure Vulnerability | Important | 7.5 | No | No | Exploiting this vulnerability could allow the disclosure of credentials. | No | Exploitation Less Likely | Information Disclosure |
| CVE-2023-38149 | Windows TCP/IP Denial of Service Vulnerability | Important | 7.5 | No | No | Yes | Exploitation Less Likely | Denial of Service | |
| CVE-2023-38162 | DHCP Server Service Denial of Service Vulnerability | Important | 7.5 | No | No | Customers who have not configured their DHCP server as a failover are not affected by this vulnerability. | Exploitation Less Likely | Denial of Service | |
| CVE-2023-36762 | Microsoft Word Remote Code Execution Vulnerability | Important | 7.3 | No | No | The attachment Preview Pane that is accessed when a user clicks to preview an attached file is an attack vector; however, the email Preview Pane itself is not. | No | Exploitation Unlikely | Remote Code Execution |
| CVE-2023-38156 | Azure HDInsight Apache Ambari Elevation of Privilege Vulnerability | Important | 7.2 | No | No | An attacker who successfully exploited this vulnerability could gain domain administrator privileges. | No | Exploitation Less Likely | Elevation of Privilege |
| CVE-2023-36805 | Windows MSHTML Platform Security Feature Bypass Vulnerability | Important | 7 | No | No | An attacker who successfully exploited this vulnerability could maintain high privileges, which include read, write, and delete functionality. | No | Exploitation Less Likely | Remote Code Execution |
| CVE-2023-38155 | Azure DevOps Server and Team Foundation Server Elevation of Privilege Vulnerability | Important | 7 | No | No | An attacker who successfully exploited this vulnerability could gain administrator privileges. | No | Exploitation Less Likely | Elevation of Privilege |
| CVE-2023-36759 | Visual Studio Elevation of Privilege Vulnerability | Important | 6.7 | No | No | A domain user could use this vulnerability to elevate privileges to SYSTEM assigned integrity level. | No | Exploitation Less Likely | Denial of Service |
| CVE-2023-36799 | .NET Core and Visual Studio Denial of Service Vulnerability | Important | 6.5 | No | No | No | Exploitation Less Likely | Denial of Service | |
| CVE-2023-36777 | Microsoft Exchange Server Information Disclosure Vulnerability | Important | 5.7 | No | No | No | Exploitation More Likely | Information Disclosure | |
| CVE-2023-36803 | Windows Kernel Information Disclosure Vulnerability | Important | 5.5 | No | No | An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. | No | Exploitation Less Likely | Information Disclosure |
| CVE-2023-38140 | Windows Kernel Information Disclosure Vulnerability | Important | 5.5 | No | No | No | Exploitation Less Likely | Information Disclosure | |
| CVE-2023-38160 | Windows TCP/IP Information Disclosure Vulnerability | Important | 5.5 | No | No | An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. | No | Exploitation More Likely | Information Disclosure |
| CVE-2023-36801 | DHCP Server Service Information Disclosure Vulnerability | Important | 5.3 | No | No | Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. | Yes | Exploitation Less Likely | Information Disclosure |
| CVE-2023-38152 | DHCP Server Service Information Disclosure Vulnerability | Important | 5.3 | No | No | Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. | Yes | Exploitation More Likely | Information Disclosure |
| CVE-2023-36736 | Microsoft Identity Linux Broker Arbitrary Code Execution Vulnerability | Important | 4.4 | No | No | No | Exploitation Less Likely | Remote Code Execution | |
| CVE-2023-36767 | Microsoft Office Security Feature Bypass Vulnerability | Important | 4.3 | No | No | No | Exploitation Less Likely | Security Feature Bypass | |
| CVE-2023-41764 | Microsoft Office Spoofing Vulnerability | Moderate | No | No | No | Exploitation Less Likely | Spoofing |
