Microsoft September 2023 Patch Tuesday Fixes 2 Zero-Days, 59 Flaws

Cyber Security Threat Summary:
As part of the September Patch Tuesday, Microsoft addressed 59 flaws, including two zero-days that were exploited in attacks in the wild. In total, Microsoft released fixes for 3 Security Feature Bypass Vulnerabilities, 24 Remote Code Execution Vulnerabilities, 9 Information Disclosure Vulnerabilities, 3 Denial of Service Vulnerabilities, 5 Spoofing Vulnerabilities, and 5 Edge - Chromium Vulnerabilities. Out of the 59 flaws addressed, five have been rated critical in severity:

  • CVE-2023-36796, CVE-2023-36792, CVE-2023-36793: Visual Studio Remote Code Execution Vulnerability
  • CVE-2023-29332: Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability
  • CVE-2023-38148: Internet Connection Sharing (ICS) Remote Code Execution Vulnerability
In addition to Microsoft, several other vendors have released updates in September 2023:
  • Apple fixed a new zero-day exploit chain called BLASTPASS that was used in attacks to install the Pegasus spyware.
  • Atlas VPN to fix a zero-day in the Linux client that can expose the user's actual IP address.
  • Asus fixed three critical remote code execution bugs in the SUS RT-AX55, RT-AX56U_V2, and RT-AC86U routers.
  • Cisco released security updates for various products and warned of a zero-day in Cisco ASA devices.
  • Google released the Android September 2023 and Chrome updates to fix actively exploited vulnerabilities.
  • MSI released BIOS updates to fix 'UNSUPPORTED_PROCESSOR' errors in Windows.
  • Notepad++ 8.5.7 was released to fix four security vulnerabilities.
  • SAP has released its September 2023 Patch Day updates.
  • VMware fixed a VMware Tools vulnerability.
Security Officer Comments:
The actively exploited zero-days addressed by Microsoft are being tracked as CVE-2023-36802 and CVE-2023-36761 and were uncovered by the Microsoft Threat Intelligence group with the help of researchers at IBM X-Force. CVE-2023-36802 relates to an elevation of privilege vulnerability in the Microsoft Streaming Service Proxy. A successful exploit of this flaw could enable actors to gain SYSTEM-level privileges on the targeted system. The second flaw tracked as CVE-2023-36802, concerns an Information disclosure vulnerability impacting Microsoft Word. According to Microsoft, threat actors can exploit this flaw to steal NTLM hashes when the victim opens a document, including in the preview pane. Although Microsoft stated both vulnerabilities were exploited in the wild, details of such attacks have yet to be released.

Suggested Correction(s):
Organizations should review the list of vulnerabilities resolved and apply the relevant patches as needed. To access the full list of vulnerabilities addressed, please use the link down below: