Breaking Down the Latest August 2023 Patch Tuesday Report

The August 2023 Patch Tuesday report has been released, providing critical information for organizations and individuals to address security vulnerabilities and software updates. This monthly event plays a crucial role in maintaining the security and stability of the Windows operating system and various other software products people rely on. In this article, we’ll break down the key highlights of the August 2023 Patch Tuesday report, focusing on the most pressing concerns for users and administrators.

Notably, Microsoft has released fixes for 88 vulnerabilities in August 2023 Patch Tuesday report, out of which 6 were rated Critical. Microsoft also warned about the active exploitation of 1 vulnerability. Again, as with other Patch Tuesday reports, Remote Code Execution (RCE) vulnerability has topped the list with 23 occurrences in the list of vulnerabilities. Let’s break down what is there in the report that Microsoft released on 8th August.

Key Highlights- Patch Tuesday August 2023

Two of the flaws are zero-day vulnerabilities, one of which is being actively exploited in the wild. In addition to the RCE flaws, this release covers privilege escalation bugs, information disclosure issues, spoofing weaknesses, and denial of service vulnerabilities across a wide range of Microsoft products.

Key affected products include Windows, Internet Explorer, Office, Exchange Server, SQL Server, Visual Studio, and Microsoft Dynamics. Administrators and end users are advised to apply these security updates as soon as possible to ensure systems are not vulnerable to any of the fixed flaws.

Key Highlights are:

Vulnerabilities by Category

The complete list of 88 vulnerabilities is classified into six categories. Remote Code Execution Vulnerability has been identified as the most common vulnerability, occurring 23 times, while Security Feature Bypass is the least frequent vulnerability, occurring only 3 times. Please refer to the below chart for complete details on all categories of vulnerabilities: 

List of Products Patched in August 2023 Patch Tuesday Report

Microsoft’s August 2023 Patch Tuesday includes updates for a broad range of its products, applications, and services. Here are the applications and product components that have received patches:

List of Actively Exploited Vulnerabilities Patched in August 2023 Patch Tuesday

Microsoft patched an actively exploited zero-day denial of service (DoS) vulnerability, CVE-2023-38180, affecting ASP.NET Core. This vulnerability can lead to denial of service in Kestrel web server if exploited. Microsoft notes that reverse proxies and web application firewalls can help mitigate such attacks.

Here is a list of the actively exploited vulnerabilities patched in the August 2023 Patch Tuesday:

List of Critical Vulnerabilities Patched in August 2023 Patch Tuesday

The August Patch Tuesday addressed 6 critical-rated vulnerabilities that deserve close attention:

CVE-2023-29328 and CVE-2023-29330 – Microsoft Teams Remote Code Execution Vulnerability

These two critical RCE flaws in Microsoft Teams allow an attacker to execute arbitrary code through specially crafted Teams meeting invites. The vulnerabilities are exploitable, with no user interaction required beyond joining the malicious meeting. Microsoft has rated them as “exploitation less likely” due to the difficulty in exploiting them.

CVE-2023-36895 – Microsoft Outlook Remote Code Execution Vulnerability

This critical vulnerability in Microsoft Outlook can let a remote attacker execute arbitrary code on the target system by convincing the user to open a specially crafted file. Microsoft rates the exploitability as low.

CVE-2023-36910, CVE-2023-36911, CVE-2023-35385 – Windows Message Queuing Service Remote Code Execution

These three critical vulnerabilities in the Windows Message Queuing Service, if successfully exploited, can enable remote code execution on vulnerable systems. While concerning, the service needs to be explicitly enabled and accessible through TCP port 1801 for exploitation.

Complete List of Vulnerabilities Patched in August 2023 Patch Tuesday Are

If you wish to download the complete list of vulnerabilities patched in August 2023 Patch Tuesday, you can do it from here. 

Azure vulnerabilities

Azure Developer Tools vulnerabilities

Browser vulnerabilities

Developer Tools vulnerabilities

Developer Tools Microsoft Office vulnerabilities

ESU vulnerabilities

Exchange Server vulnerabilities

Microsoft Dynamics vulnerabilities

Microsoft Office vulnerabilities

SQL Server vulnerabilities

System Center vulnerabilities

Windows vulnerabilities

Windows ESU vulnerabilities

Ref: https://www.rapid7.com/blog/post/2023/08/08/patch-tuesday-august-2023/

Bottom Line

The August 2023 Patch Tuesday release contains important security updates for a wide range of Microsoft products. With 88 vulnerabilities addressed, including 23 critical remote code executions, system administrators should prioritize testing and deployment of these fixes.

The 6 critical-rated vulnerabilities, covering Outlook, Teams, and the Windows Message Queuing Service, deserve immediate attention given their potential impact. The actively exploited ASP.NET zero-day vulnerability also needs urgent patching.

Overall, this Patch Tuesday continues the trend of large, complex updates that must be carefully reviewed and applied to avoid security risks. Ongoing diligence with patch management remains crucial, as Microsoft delivers fixes for critical flaws each month.

By applying these updates promptly and monitoring for any potential impacts, organizations can enhance their security posture against evolving threats. We aim to keep readers informed through monthly Patch Tuesday reports. Please share this post and follow our website thesecmaster.com or subscribe to our social media pages on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium & Instagram to receive similar updates.

Read More: