Microsoft Monthly Security Update (August 2023)
Release Date:
9 Aug 2023
4908
Views
RISK: Extremely High Risk
TYPE: Operating Systems - Windows OS
Microsoft has released monthly security update for their products:
Vulnerable Product | Risk Level | Impacts | Notes |
Browser | Medium Risk | Security Restriction Bypass | |
Microsoft Office | Extremely High Risk | Remote Code Execution Information Disclosure Spoofing | CVE-2023-36884 is being exploited in the wild. The vulnerability can be exploited to bypass the Mark of the Web (MoTW) security feature. This allows the files to be opened without triggering a security warning, and facilitated the execution of remote code. It is rated as extremely high risk. |
Windows | Medium Risk | Elevation of Privilege Remote Code Execution Security Restriction Bypass Information Disclosure Denial of Service | |
Extended Security Updates (ESU) | Medium Risk | Elevation of Privilege Remote Code Execution Security Restriction Bypass Information Disclosure Denial of Service | |
Exchange Server | Medium Risk | Remote Code Execution Elevation of Privilege Spoofing | |
Developer Tools | Extremely High Risk | Spoofing Elevation of Privilege Remote Code Execution Information Disclosure Denial of Service | CVE-2023-38180 is being exploited in the wild. The vulnerability can cause a DDoS attack on .NET applications and Visual Studio. It is rated as extremely high risk. |
Azure | Medium Risk | Spoofing Elevation of Privilege | |
Microsoft Dynamics | Medium Risk | Remote Code Execution Elevation of Privilege | |
System Center | Medium Risk | Elevation of Privilege | |
SQL Server | Medium Risk | Remote Code Execution |
Number of 'Extremely High Risk' product(s): 2
Number of 'High Risk' product(s): 0
Number of 'Medium Risk' product(s): 8
Number of 'Low Risk' product(s): 0
Evaluation of overall 'Risk Level': Extremely High Risk
Impact
- Denial of Service
- Elevation of Privilege
- Information Disclosure
- Remote Code Execution
- Spoofing
- Security Restriction Bypass
System / Technologies affected
- Browser
- Microsoft Office
- Windows
- Extended Security Updates (ESU)
- Exchange Server
- Developer Tools
- Azure
- Microsoft Dynamics
- System Center
- SQL Server
Solutions
Before installation of the software, please visit the vendor web-site for more details.
- Apply fixes issued by the vendor.
Vulnerability Identifier
Source
Related Link
Related Tags
Share with