The October 2023 Patch Tuesday report has been released, providing critical information for organizations and individuals to address security vulnerabilities and software updates. This monthly event plays a crucial role in maintaining the security and stability of the Windows operating system and various other software products people rely on. In this article, we’ll break down the key highlights of the October 2023 Patch Tuesday report, focusing on the most pressing concerns for users and administrators.
Notably, Microsoft has released fixes for 105 vulnerabilities in the October 2023 Patch Tuesday report, out of which 12 were rated Critical. Microsoft also warned about the active exploitation of 3 vulnerabilities. Again, as with other Patch Tuesday reports, the Remote Code Execution (RCE) vulnerability has topped the list with 45 occurrences in the list of vulnerabilities. Let’s break down what is there in the October patches that Microsoft released on 10th October.
As part of October’s patch Tuesday, Microsoft patched three zero-day vulnerabilities that are being actively exploited in the wild. In addition to the RCE flaws, patches were released for privilege escalation bugs, information disclosure issues, spoofing weaknesses, security feature bypass, and denial of service vulnerabilities across a wide range of Microsoft products.
Key affected products include Windows, Skype for Business, Azure, Edge, Office, Exchange Server, SQL Server, Visual Studio, and Microsoft Dynamics. Administrators and end users are advised to apply these security updates as soon as possible to ensure systems are not vulnerable to any of the fixed flaws.
Key Highlights are:
Microsoft released patches for 105 vulnerabilities, including 3 zero-days and 12 critical vulnerabilities.
The 3 zero-day vulnerabilities patched are:
CVE-2023-36563 – Microsoft WordPad Information Disclosure Vulnerability (publicly disclosed)
CVE-2023-41763 – Skype for Business Elevation of Privilege Vulnerability
CVE-2023-44487 – HTTP/2 ‘Reset Flood’ Denial of Service Vulnerability
There are 45 remote code execution (RCE) vulnerabilities patched, with 12 rated as critical severity.
Other high-severity issues patched include 26 elevation of privilege bugs, 17 denial of service flaws, 12 information disclosure vulnerabilities, and more.
Key products receiving security updates include Windows, Exchange Server, Office, Skype for Business, Dynamics, SQL Server, and more.
Windows Server 2012 and 2012 R2 have reached the end of support, except for those with paid Extended Security Updates.
In total, 105 vulnerabilities were addressed, with remote code execution being the most common vulnerability type patched by Microsoft this month, occurring 45 times. Elevation of privilege bugs also accounted for a significant portion of the flaws fixed with the occurrence of 26 times. The least common vulnerability category was spoofing, with only 1 such flaw patched in October. Please refer to the below chart for complete details on all categories of vulnerabilities:
Here is a table with the vulnerability categories and associated CVE IDs from Microsoft’s October 2023 Patch Tuesday:
Vulnerability Category | CVE IDs |
---|---|
Remote Code Execution (RCE) | CVE-2023-36418 CVE-2023-36414 CVE-2023-36415 CVE-2023-36778 CVE-2023-36577 CVE-2023-36710 CVE-2023-36786 CVE-2023-36780 CVE-2023-36789 CVE-2023-36417 CVE-2023-36785 CVE-2023-36598 CVE-2023-36730 CVE-2023-36420 CVE-2023-36902 CVE-2023-36436 CVE-2023-36557 CVE-2023-41770 CVE-2023-41765 CVE-2023-41767 CVE-2023-38166 CVE-2023-41774 CVE-2023-41773 CVE-2023-41771 CVE-2023-41769 CVE-2023-41768 CVE-2023-36571 CVE-2023-36570 CVE-2023-35349 CVE-2023-36591 CVE-2023-36590 CVE-2023-36589 CVE-2023-36583 CVE-2023-36592 CVE-2023-36697 CVE-2023-36593 CVE-2023-36582 CVE-2023-36574 CVE-2023-36575 CVE-2023-36573 CVE-2023-36572 CVE-2023-36578 CVE-2023-36702 CVE-2023-36704 CVE-2023-36718 |
Elevation of Privilege | CVE-2023-36737 CVE-2023-36419 CVE-2023-36561 CVE-2023-41766 CVE-2023-36594 CVE-2023-38159 CVE-2023-36565 CVE-2023-36569 CVE-2023-36568 CVE-2023-41763 CVE-2023-36723 CVE-2023-36721 CVE-2023-36434 CVE-2023-36726 CVE-2023-36712 CVE-2023-36729 CVE-2023-36605 CVE-2023-36725 CVE-2023-36790 CVE-2023-36701 CVE-2023-36711 CVE-2023-36731 CVE-2023-36732 CVE-2023-36776 CVE-2023-36743 CVE-2023-41772 |
Information Disclosure | CVE-2023-36722 CVE-2023-36429 CVE-2023-36433 CVE-2023-36563 CVE-2023-36713 CVE-2023-36567 CVE-2023-36706 CVE-2023-36576 CVE-2023-36724 CVE-2023-29348 CVE-2023-36596 CVE-2023-36438 |
Denial of Service (DoS) | CVE-2023-36566 CVE-2023-38171 CVE-2023-36435 CVE-2023-36728 CVE-2023-36585 CVE-2023-36709 CVE-2023-36707 CVE-2023-36703 CVE-2023-36431 CVE-2023-36606 CVE-2023-36581 CVE-2023-36579 CVE-2023-36720 CVE-2023-36603 CVE-2023-36602 CVE-2023-36717 |
Security Feature Bypass | CVE-2023-36564 CVE-2023-36698 CVE-2023-36584 |
Spoofing | CVE-2023-36416 |
Microsoft’s October 2023 Patch Tuesday includes updates for a broad range of its products, applications, and services. Here are the applications and product components that have received patches:
Product Name | No. of Vulnerabilities Patched |
Windows Message Queuing | 20 |
Windows Layer 2 Tunneling Protocol | 9 |
SQL Server | 6 |
Windows Win32K | 5 |
Skype for Business | 4 |
Windows TCP/IP | 3 |
Windows Kernel | 3 |
Microsoft Dynamics | 3 |
Microsoft Office | 3 |
Windows Deployment Services | 3 |
Azure | 2 |
Windows Named Pipe File System | 2 |
Azure SDK | 2 |
Microsoft Graphics Component | 2 |
Windows RDP | 2 |
Microsoft QUIC | 2 |
Windows HTML Platform | 2 |
Azure DevOps | 1 |
Microsoft Windows Search Component | 1 |
Windows Mixed Reality Developer Tools | 1 |
Microsoft Common Data Model SDK | 1 |
Windows Setup Files Cleanup | 1 |
HTTP/2 | 1 |
Azure Real Time Operating System | 1 |
Windows Active Template Library | 1 |
Windows NT OS Kernel | 1 |
Windows AllJoyn API | 1 |
Windows Resilient File System (ReFS) | 1 |
Windows Client/Server Runtime Subsystem | 1 |
Windows TPM | 1 |
Windows Virtual Trusted Platform Module | 1 |
Windows Mark of the Web (MOTW) | 1 |
Active Directory Domain Services | 1 |
Windows Microsoft DirectMusic | 1 |
Microsoft WDAC OLE DB provider for SQL | 1 |
Microsoft Windows Media Foundation | 1 |
Windows DHCP Server | 1 |
Windows Power Management Service | 1 |
Windows Error Reporting | 1 |
Windows Remote Procedure Call | 1 |
Microsoft Exchange Server | 1 |
Windows Runtime C++ Template Library | 1 |
Windows IIS | 1 |
Microsoft Edge (Chromium-based) | 1 |
Windows IKE Extension | 1 |
Microsoft WordPad | 1 |
Client Server Run-time Subsystem (CSRSS) | 1 |
Windows Common Log File System Driver | 1 |
Windows Container Manager Service | 1 |
Grand Total | 105 |
Microsoft addressed three zero-day vulnerabilities in the October 2023 Patch Tuesday release. These vulnerabilities are notable because they were being actively exploited in the wild prior to the patches being made available. Let’s examine each of these critical vulnerabilities:
CVE-2023-44487 is an HTTP/2 vulnerability that could allow an unauthenticated attacker to trigger a denial of service condition against vulnerable HTTP/2 servers. This issue was exploited in August 2023 in a series of DDoS attacks observed by Cloudflare and others. While not exclusive to Microsoft products, patches were released for affected Windows Server versions. Other vendors utilizing HTTP/2 may also need to address this “reset flood” vulnerability.
CVE-2023-36563 is an information disclosure vulnerability in WordPad that could allow remote code execution and disclosure of NTLM password hashes. Exploited as a zero-day prior to the October patches, this is the third WordPad vulnerability exploited in 2023 for NTLM hash theft.
CVE-2023-41763 is an elevation of privilege vulnerability in Skype for Business servers. Exploited as a zero-day, this issue could allow authentication bypass and information disclosure. It appears to be related to an SSRF vulnerability disclosed in research last year, which Microsoft had initially declined to patch.
Out of 105 vulnerabilities 12 were rated Critical in October 2023 Patch Tuesday report.
MSMQ RCE Vulnerabilities (CVE-2023-35349, CVE-2023-36697)
Two vulnerabilities were patched in Microsoft Message Queuing (MSMQ) that could allow RCE if an attacker sends malicious messages to a vulnerable server or compromises a legitimate MSMQ server. MSMQ allows reliable asynchronous messaging between Windows machines.
Virtual TPM RCE (CVE-2023-36718)
A flaw in the virtual Trusted Platform Module (TPM) implementation could enable a guest VM escape and RCE if an authenticated attacker performs complex memory manipulation. The TPM provides hardware-based security-related cryptographic functions.
CDM Denial of Service (CVE-2023-36566)
The Microsoft Common Data Model SDK contained a vulnerability permitting denial of service. Exploitation requires authentication but no elevated privileges.
L2TP RCE Vulnerabilities (CVE-2023-41770, CVE-2023-41765, CVE-2023-41767, CVE-2023-38166, CVE-2023-41774, CVE-2023-41773, CVE-2023-41771, CVE-2023-41769, CVE-2023-41768)
Multiple vulnerabilities were addressed in the Layer 2 Tunneling Protocol (L2TP) implementation used in VPN connections and by ISPs. These could enable unauthenticated remote code execution if an attacker wins a race condition when sending crafted connection requests.
See the table below for CVEID, description, and other details.
Sl. No | CVE ID | CVSS | Description | Actively Exploited | Public Exploit Available | Patch status |
1 | CVE-2023-41770 | 8.1 | A remote code execution vulnerability in the Windows Layer 2 Tunneling Protocol due to improper validation of user-supplied input. | No | No | Patch Released |
2 | CVE-2023-41765 | 8.1 | A remote code execution vulnerability in the Windows Layer 2 Tunneling Protocol due to improper validation of user-supplied input. | No | No | Patch Released |
3 | CVE-2023-41767 | 8.1 | A remote code execution vulnerability in the Windows Layer 2 Tunneling Protocol due to improper validation of user-supplied input. | No | No | Patch Released |
4 | CVE-2023-38166 | 8.1 | A remote code execution vulnerability in the Windows Layer 2 Tunneling Protocol due to improper validation of user-supplied input. | No | No | Patch Released |
5 | CVE-2023-41774 | 8.1 | A remote code execution vulnerability in the Windows Layer 2 Tunneling Protocol due to improper validation of user-supplied input. | No | No | Patch Released |
6 | CVE-2023-41773 | 8.1 | A remote code execution vulnerability in the Windows Layer 2 Tunneling Protocol due to improper validation of user-supplied input. | No | No | Patch Released |
7 | CVE-2023-41771 | 8.1 | A remote code execution vulnerability in the Windows Layer 2 Tunneling Protocol due to improper validation of user-supplied input. | No | No | Patch Released |
8 | CVE-2023-41769 | 8.1 | A remote code execution vulnerability in the Windows Layer 2 Tunneling Protocol due to improper validation of user-supplied input. | No | No | Patch Released |
9 | CVE-2023-41768 | 8.1 | A remote code execution vulnerability in the Windows Layer 2 Tunneling Protocol due to improper validation of user-supplied input. | No | No | Patch Released |
10 | CVE-2023-35349 | 9.8 | A remote code execution vulnerability in the Microsoft Message Queuing service due to improper validation of user-supplied input. | No | No | Patch Released |
11 | CVE-2023-36697 | 6.8 | A remote code execution vulnerability in the Microsoft Message Queuing service due to improper validation of user-supplied input when connecting to a malicious server. | No | No | Patch Released |
12 | CVE-2023-36718 | 7.8 | A remote code execution vulnerability in the Microsoft Virtual Trusted Platform Module due to improper memory operations. | No | No | Patch Released |
If you wish to download the complete list of vulnerabilities by products patched in October 2023 Patch Tuesday, you can do it from here.
Azure vulnerabilities
CVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score |
---|---|---|---|---|
CVE-2023-36415 | Azure Identity SDK Remote Code Execution Vulnerability | No | No | 8.8 |
CVE-2023-36414 | Azure Identity SDK Remote Code Execution Vulnerability | No | No | 8.8 |
CVE-2023-36419 | Azure HDInsight Apache Oozie Workflow Scheduler Elevation of Privilege Vulnerability | No | No | 8.8 |
CVE-2023-36418 | Azure RTOS GUIX Studio Remote Code Execution Vulnerability | No | No | 7.8 |
CVE-2023-36737 | Azure Network Watcher VM Agent Elevation of Privilege Vulnerability | No | No | 7.8 |
Azure Developer Tools vulnerabilities
CVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score |
---|---|---|---|---|
CVE-2023-36561 | Azure DevOps Server Elevation of Privilege Vulnerability | No | No | 7.3 |
Browser vulnerabilities
CVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score |
---|---|---|---|---|
CVE-2023-5346 | Chromium: CVE-2023-5346 Type Confusion in V8 | No | No | N/A |
ESU vulnerabilities
CVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score |
---|---|---|---|---|
CVE-2023-36790 | Windows RDP Encoder Mirror Driver Elevation of Privilege Vulnerability | No | No | 7.8 |
Exchange Server vulnerabilities
CVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score |
---|---|---|---|---|
CVE-2023-36778 | Microsoft Exchange Server Remote Code Execution Vulnerability | No | No | 8 |
Microsoft Dynamics vulnerabilities
CVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score |
---|---|---|---|---|
CVE-2023-36433 | Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | No | No | 6.5 |
CVE-2023-36429 | Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | No | No | 6.5 |
CVE-2023-36566 | Microsoft Common Data Model SDK Denial of Service Vulnerability | No | No | 6.5 |
CVE-2023-36416 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | No | No | 6.1 |
Microsoft Office vulnerabilities
CVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score |
---|---|---|---|---|
CVE-2023-36569 | Microsoft Office Elevation of Privilege Vulnerability | No | No | 8.4 |
CVE-2023-36789 | Skype for Business Remote Code Execution Vulnerability | No | No | 7.2 |
CVE-2023-36786 | Skype for Business Remote Code Execution Vulnerability | No | No | 7.2 |
CVE-2023-36780 | Skype for Business Remote Code Execution Vulnerability | No | No | 7.2 |
CVE-2023-36565 | Microsoft Office Graphics Elevation of Privilege Vulnerability | No | No | 7 |
CVE-2023-36568 | Microsoft Office Click-To-Run Elevation of Privilege Vulnerability | No | No | 7 |
CVE-2023-41763 | Skype for Business Elevation of Privilege Vulnerability | Yes | Yes | 5.3 |
SQL Server vulnerabilities
CVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score |
---|---|---|---|---|
CVE-2023-36417 | Microsoft SQL ODBC Driver Remote Code Execution Vulnerability | No | No | 7.8 |
CVE-2023-36730 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | No | No | 7.8 |
CVE-2023-36785 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | No | No | 7.8 |
CVE-2023-36420 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | No | No | 7.3 |
CVE-2023-36728 | Microsoft SQL Server Denial of Service Vulnerability | No | No | 5.5 |
Windows vulnerabilities
CVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score |
---|---|---|---|---|
CVE-2023-36704 | Windows Setup Files Cleanup Remote Code Execution Vulnerability | No | No | 7.8 |
CVE-2023-36711 | Windows Runtime C++ Template Library Elevation of Privilege Vulnerability | No | No | 7.8 |
CVE-2023-36725 | Windows Kernel Elevation of Privilege Vulnerability | No | No | 7.8 |
CVE-2023-36723 | Windows Container Manager Service Elevation of Privilege Vulnerability | No | No | 7.8 |
CVE-2023-41772 | Win32k Elevation of Privilege Vulnerability | No | No | 7.8 |
CVE-2023-36557 | PrintHTML API Remote Code Execution Vulnerability | No | No | 7.8 |
CVE-2023-36729 | Named Pipe File System Elevation of Privilege Vulnerability | No | No | 7.8 |
CVE-2023-36718 | Microsoft Virtual Trusted Platform Module Remote Code Execution Vulnerability | No | No | 7.8 |
CVE-2023-36701 | Microsoft Resilient File System (ReFS) Elevation of Privilege Vulnerability | No | No | 7.8 |
CVE-2023-36603 | Windows TCP/IP Denial of Service Vulnerability | No | No | 7.5 |
CVE-2023-36720 | Windows Mixed Reality Developer Tools Denial of Service Vulnerability | No | No | 7.5 |
CVE-2023-36709 | Microsoft AllJoyn API Denial of Service Vulnerability | No | No | 7.5 |
CVE-2023-36605 | Windows Named Pipe Filesystem Elevation of Privilege Vulnerability | No | No | 7.4 |
CVE-2023-36902 | Windows Runtime Remote Code Execution Vulnerability | No | No | 7 |
CVE-2023-38159 | Windows Graphics Component Elevation of Privilege Vulnerability | No | No | 7 |
CVE-2023-36721 | Windows Error Reporting Service Elevation of Privilege Vulnerability | No | No | 7 |
CVE-2023-36717 | Windows Virtual Trusted Platform Module Denial of Service Vulnerability | No | No | 6.5 |
CVE-2023-36707 | Windows Deployment Services Denial of Service Vulnerability | No | No | 6.5 |
CVE-2023-36596 | Remote Procedure Call Information Disclosure Vulnerability | No | No | 6.5 |
CVE-2023-36576 | Windows Kernel Information Disclosure Vulnerability | No | No | 5.5 |
CVE-2023-36698 | Windows Kernel Security Feature Bypass Vulnerability | No | No | 3.6 |
Windows Developer Tools vulnerabilities
CVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score |
---|---|---|---|---|
CVE-2023-38171 | Microsoft QUIC Denial of Service Vulnerability | No | No | 7.5 |
CVE-2023-36435 | Microsoft QUIC Denial of Service Vulnerability | No | No | 7.5 |
CVE-2023-44487 | MITRE: CVE-2023-44487 HTTP/2 Rapid Reset Attack | Yes | No | N/A |
Windows ESU vulnerabilities
CVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score |
---|---|---|---|---|
CVE-2023-36434 | Windows IIS Server Elevation of Privilege Vulnerability | No | No | 9.8 |
CVE-2023-35349 | Microsoft Message Queuing Remote Code Execution Vulnerability | No | No | 9.8 |
CVE-2023-36577 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | No | No | 8.8 |
CVE-2023-41765 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | No | No | 8.1 |
CVE-2023-41767 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | No | No | 8.1 |
CVE-2023-41768 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | No | No | 8.1 |
CVE-2023-41769 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | No | No | 8.1 |
CVE-2023-41770 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | No | No | 8.1 |
CVE-2023-41771 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | No | No | 8.1 |
CVE-2023-41773 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | No | No | 8.1 |
CVE-2023-41774 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | No | No | 8.1 |
CVE-2023-38166 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | No | No | 8.1 |
CVE-2023-36710 | Windows Media Foundation Core Remote Code Execution Vulnerability | No | No | 7.8 |
CVE-2023-36436 | Windows MSHTML Platform Remote Code Execution Vulnerability | No | No | 7.8 |
CVE-2023-36712 | Windows Kernel Elevation of Privilege Vulnerability | No | No | 7.8 |
CVE-2023-36726 | Windows Internet Key Exchange (IKE) Extension Elevation of Privilege Vulnerability | No | No | 7.8 |
CVE-2023-36594 | Windows Graphics Component Elevation of Privilege Vulnerability | No | No | 7.8 |
CVE-2023-41766 | Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability | No | No | 7.8 |
CVE-2023-36732 | Win32k Elevation of Privilege Vulnerability | No | No | 7.8 |
CVE-2023-36731 | Win32k Elevation of Privilege Vulnerability | No | No | 7.8 |
CVE-2023-36743 | Win32k Elevation of Privilege Vulnerability | No | No | 7.8 |
CVE-2023-36598 | Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability | No | No | 7.8 |
CVE-2023-36593 | Microsoft Message Queuing Remote Code Execution Vulnerability | No | No | 7.8 |
CVE-2023-36702 | Microsoft DirectMusic Remote Code Execution Vulnerability | No | No | 7.8 |
CVE-2023-36438 | Windows TCP/IP Information Disclosure Vulnerability | No | No | 7.5 |
CVE-2023-36602 | Windows TCP/IP Denial of Service Vulnerability | No | No | 7.5 |
CVE-2023-36567 | Windows Deployment Services Information Disclosure Vulnerability | No | No | 7.5 |
CVE-2023-36606 | Microsoft Message Queuing Denial of Service Vulnerability | No | No | 7.5 |
CVE-2023-36581 | Microsoft Message Queuing Denial of Service Vulnerability | No | No | 7.5 |
CVE-2023-36579 | Microsoft Message Queuing Denial of Service Vulnerability | No | No | 7.5 |
CVE-2023-36431 | Microsoft Message Queuing Denial of Service Vulnerability | No | No | 7.5 |
CVE-2023-36703 | DHCP Server Service Denial of Service Vulnerability | No | No | 7.5 |
CVE-2023-36585 | Active Template Library Denial of Service Vulnerability | No | No | 7.5 |
CVE-2023-36592 | Microsoft Message Queuing Remote Code Execution Vulnerability | No | No | 7.3 |
CVE-2023-36591 | Microsoft Message Queuing Remote Code Execution Vulnerability | No | No | 7.3 |
CVE-2023-36590 | Microsoft Message Queuing Remote Code Execution Vulnerability | No | No | 7.3 |
CVE-2023-36589 | Microsoft Message Queuing Remote Code Execution Vulnerability | No | No | 7.3 |
CVE-2023-36583 | Microsoft Message Queuing Remote Code Execution Vulnerability | No | No | 7.3 |
CVE-2023-36582 | Microsoft Message Queuing Remote Code Execution Vulnerability | No | No | 7.3 |
CVE-2023-36578 | Microsoft Message Queuing Remote Code Execution Vulnerability | No | No | 7.3 |
CVE-2023-36575 | Microsoft Message Queuing Remote Code Execution Vulnerability | No | No | 7.3 |
CVE-2023-36574 | Microsoft Message Queuing Remote Code Execution Vulnerability | No | No | 7.3 |
CVE-2023-36573 | Microsoft Message Queuing Remote Code Execution Vulnerability | No | No | 7.3 |
CVE-2023-36572 | Microsoft Message Queuing Remote Code Execution Vulnerability | No | No | 7.3 |
CVE-2023-36571 | Microsoft Message Queuing Remote Code Execution Vulnerability | No | No | 7.3 |
CVE-2023-36570 | Microsoft Message Queuing Remote Code Execution Vulnerability | No | No | 7.3 |
CVE-2023-36776 | Win32k Elevation of Privilege Vulnerability | No | No | 7 |
CVE-2023-36697 | Microsoft Message Queuing Remote Code Execution Vulnerability | No | No | 6.8 |
CVE-2023-36564 | Windows Search Security Feature Bypass Vulnerability | No | No | 6.5 |
CVE-2023-29348 | Windows Remote Desktop Gateway (RD Gateway) Information Disclosure Vulnerability | No | No | 6.5 |
CVE-2023-36706 | Windows Deployment Services Information Disclosure Vulnerability | No | No | 6.5 |
CVE-2023-36563 | Microsoft WordPad Information Disclosure Vulnerability | Yes | Yes | 6.5 |
CVE-2023-36724 | Windows Power Management Service Information Disclosure Vulnerability | No | No | 5.5 |
CVE-2023-36713 | Windows Common Log File System Driver Information Disclosure Vulnerability | No | No | 5.5 |
CVE-2023-36584 | Windows Mark of the Web Security Feature Bypass Vulnerability | No | No | 5.4 |
CVE-2023-36722 | Active Directory Domain Services Information Disclosure Vulnerability | No | No | 4.4 |
Microsoft’s October 2023 Patch Tuesday fixes 105 flaws, including 3 zero-days and 12 critical remote code execution bugs, across Windows, Office, Exchange, and other products.
With 46 RCE and 26 elevation of privilege vulnerabilities patched, this is a substantial update that demands priority attention. Actively exploited zero-days in WordPad, Skype for Business, and HTTP/2 also need urgent action.
The 12 critical RCEs span Layer 2 Tunneling Protocol, Message Queuing, Virtual Trusted Platform Module, and other core Windows components. Additionally, information disclosure and denial of service issues received fixes.
Overall, Microsoft continues delivering large, complex patches on the second Tuesday of each month. Diligent testing and prompt deployment of these updates is essential for reducing organizational risk. Monitoring systems for patch compliance and unexpected behaviors after deployment is also advised.
We aim to keep readers informed each month in our Patch Tuesday reports. Please follow our website thesecmaster.com or subscribe to our social media pages on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium & Instagram to receive similar updates.
You may also like these articles:
Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.
“Knowledge Arsenal: Empowering Your Security Journey through Continuous Learning”
"Cybersecurity All-in-One For Dummies" offers a comprehensive guide to securing personal and business digital assets from cyber threats, with actionable insights from industry experts.
BurpGPT is a cutting-edge Burp Suite extension that harnesses the power of OpenAI's language models to revolutionize web application security testing. With customizable prompts and advanced AI capabilities, BurpGPT enables security professionals to uncover bespoke vulnerabilities, streamline assessments, and stay ahead of evolving threats.
PentestGPT, developed by Gelei Deng and team, revolutionizes penetration testing by harnessing AI power. Leveraging OpenAI's GPT-4, it automates and streamlines the process, making it efficient and accessible. With advanced features and interactive guidance, PentestGPT empowers testers to identify vulnerabilities effectively, representing a significant leap in cybersecurity.
Tenable BurpGPT is a powerful Burp Suite extension that leverages OpenAI's advanced language models to analyze HTTP traffic and identify potential security risks. By automating vulnerability detection and providing AI-generated insights, BurpGPT dramatically reduces manual testing efforts for security researchers, developers, and pentesters.
Microsoft Security Copilot is a revolutionary AI-powered security solution that empowers cybersecurity professionals to identify and address potential breaches effectively. By harnessing advanced technologies like OpenAI's GPT-4 and Microsoft's extensive threat intelligence, Security Copilot streamlines threat detection and response, enabling defenders to operate at machine speed and scale.