Microsoft Patch Tuesday august 2023
Microsoft Patch Tuesday august 2023
This month’s Patch Tuesday fixes a total of 73 vulnerabilities, with 23 of those being for Remote Code Execution. 6 vulnerabilities are rated as Critical by Microsoft.
2 of vulnerabilities is associated with a zero day this month:
Fixes for multiple products were released as usual. The most important patches are:
CVE-2023-35385, CVE-2023-36910 and CVE-2023-36911 – Microsoft Message Queuing Remote Code Execution Vulnerability. An unauthenticated attacked could exploit these vulnerabilities by sending malicious MSMQ packets to a vulnerable server. CVSS 3.1: 9. 8 (Critical)
CVE-2023-21709 – Microsoft Exchange Server Elevation of Privilege Vulnerability. An attacker could exploit this vulnerability in a network-based attack. The attacker could then brute force user account passwords and log in as that user. The advisory has additional steps required to protect against this vulnerability. After applying the patch, you have to run a PowerShell script. CVSS 3.1: 9.8 (Critical)
ADV230003 – Microsoft has put out a security advisory for multiple vulnerabilities including a zero day cve, CVE-2023-36884. CVSS 3.1: 7.8 (High)
The main list of patches breaks down as follows:
- 23 Remote Code Execution vulnerabilities 18 Elevation of Privilege vulnerabilities
- 12 Information Disclosure vulnerabilities 12 Spoofing vulnerability
- 8 Denial of Service vulnerabilities
- 3 Security Feature Bypass vulnerabilities