Microsoft Monthly Security Update (September 2023)

Last Update Date: 15 Sep 2023 Release Date: 13 Sep 2023 6100 Views

RISK: High Risk

High Risk

TYPE: Operating Systems - Windows OS

TYPE: Windows OS

Microsoft has released monthly security update for their products:

 

Vulnerable ProductRisk LevelImpactsNotes
BrowserLow Risk Low Risk  
WindowsHigh Risk High RiskElevation of Privilege
Denial of Service
Information Disclosure
Remote Code Execution
Security Restriction Bypass

CVE-2023-36802 is being exploited in the wild. The vulnerability can be exploited to local privilege elevation vulnerability that allows attackers to gain SYSTEM privileges.

 

Proof of Concept exploit code is publicly available for CVE-2023-38146, impacting Windows 11.

Extended Security Updates (ESU)Medium Risk Medium RiskElevation of Privilege
Information Disclosure
Denial of Service		 
AzureMedium Risk Medium RiskElevation of Privilege
Remote Code Execution		 
Microsoft OfficeHigh Risk High RiskSecurity Restriction Bypass
Information Disclosure
Elevation of Privilege
Spoofing
Remote Code Execution		CVE-2023-36761 is being exploited in the wild. The vulnerability can be used to steal NTLM hashes when opening a document, including in the preview pane. These NTLM hashes can be cracked or used in NTLM Relay attacks to gain access to the account.
Developer ToolsMedium Risk Medium RiskElevation of Privilege
Remote Code Execution
Denial of Service		 
Exchange ServerMedium Risk Medium RiskSpoofing
Remote Code Execution
Information Disclosure		 
AppsMedium Risk Medium RiskRemote Code Execution 
Microsoft DynamicsLow Risk Low RiskSpoofing 
System CenterMedium Risk Medium RiskSecurity Restriction Bypass 

 

Number of 'Extremely High Risk' product(s): 0

Number of 'High Risk' product(s): 2

Number of 'Medium Risk' product(s): 6

Number of 'Low Risk' product(s): 2

Evaluation of overall 'Risk Level': High Risk

Impact

  • Denial of Service
  • Elevation of Privilege
  • Information Disclosure
  • Remote Code Execution
  • Spoofing
  • Security Restriction Bypass

System / Technologies affected

  • Browser
  • Windows
  • Extended Security Updates (ESU)
  • Azure
  • Microsoft Office
  • Developer Tools
  • Exchange Server
  • Apps
  • Microsoft Dynamics
  • System Center

Solutions

Before installation of the software, please visit the vendor web-site for more details.

  •  Apply fixes issued by the vendor.

Vulnerability Identifier

 

Source

Related Link

 

Related Tags

MicrosoftDenial of ServiceElevation of PrivilegeRemote Code ExecutionSecurity Restriction BypassInformation DisclosureSpoofingZero-dayExploit In The Wild

Share with

Previous

Mozilla Products Remote Code Execution Vulnerability

13 Sep 2023 5331 Views

Next

Cisco Products Multiple Vulnerabilities

15 Sep 2023 5331 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY