Microsoft Patch Tuesday
This month’s Patch Tuesday fixes a total of 78 vulnerabilities, with 38 of those being for Remote Code Execution. 6 vulnerabilities are rated as Critical by Microsoft.
None of the vulnerabilities this month are zero-days.
Fixes for multiple products were released as usual. The most important patches are:
CVE-2023-29357 – Microsoft SharePoint Server Privilege Escalation Vulnerability. An attacker who has gained access to spoofed JWT authentication tokens can use them to execute a network attack which bypasses authentication and allows them to gain access to the privileges of an authenticated user. CVSS 3.1: 9.8 (Critical)
CVE-2023-32031 – Microsoft Exchange Server Remote Code Execution Vulnerability. An attacker could run arbitrary code in the context of the server’s account through a network call. CVSS 3.1: 8.8 (High)
The main list of patches breaks down as follows:
- 32 Remote Code Execution
- 17 Privilege Escalation
- 10 Spoofing
- 10 Denial of Service
- 5 Information Disclosure
- 3 Security Feature Bypass
- 1 Edge – Chromium
This month also includes numerous updates for vulnerabilities in Microsoft Outlook, and an RCE vulnerability in Windows Hello (CVE-2023-32018)