Home Windows Microsoft Septemer Security Updates for Multiple High-Risk Product Vulnerabilities | Windows

Microsoft Septemer Security Updates for Multiple High-Risk Product Vulnerabilities | Windows

Windows

TwitterLogo-002.jpg

Overview

On September 13, NSFOCUS CERT found that Microsoft had released a security update patch for September, fixing 61 security issues, involving Microsoft SharePoint Server, Visual Studio, Internet Connection Sharing (ICS), Microsoft Azure Kubernetes Service, Microsoft Exchange and other widely used products, including high-risk vulnerability types such as privilege enhancement, remote code execution, etc.

Among the vulnerabilities fixed in Microsoft’s monthly updates this month, there are 5 critical vulnerabilities and 55 important vulnerabilities. This includes two vulnerabilities that exist for exploitation in the wild:

Microsoft Streaming Service Proxy Privilege Escalation Vulnerability (CVS 2023-36802)

Microsoft Word Information Disclosure Vulnerability (CVS 2023-36761)

Please update the patch as soon as possible for protection. Please refer to the appendix for a complete list of vulnerabilities.

Reference link: https://msrc.microsoft.com/update-guide/releaseNote/2023-Sep

Key Vulnerabilities

Microsoft Streaming Service Proxy Privilege Escalation Vulnerability (CVS 2023-36802):

Microsoft Streaming Service Proxy has a privilege escalation vulnerability, which allows local attackers with low privileges to successfully exploit the SYSTEM privileges without user interaction. The vulnerability is exploited in the wild, with a CVSS score of 7.8.

Official announcement link:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36802

Microsoft Word Information Disclosure Vulnerability (CVS 2023-36761):

There is an information leakage vulnerability in Microsoft Word, which can be successfully exploited by local attackers without authentication to cause NTLM hash leakage, and the preview pane is also an attack medium. This vulnerability is exploited in the wild, with a CVSS score of 6.2.

Official announcement link:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36761

Visual Studio Arbitrary Code Execution Vulnerability

read more securityboulevard.com

FTC: We use income earning affiliate links. More on Sposored links.
Terms of use and third-party services. More here.

“Opportunity is missed by most people because it is dressed in overalls and looks like work.” —Thomas Edison
“Tell me, and I forget. Teach me, and I remember. Involve me, and I learn.” —Benjamin Franklin

Related Posts

bQZ3E3h28dTZyvv5KCUENf-1200-80.jpg
Windows

GPU deal: Save big on AMD’s RX 6800 and get Starfield for free | Windows

Windows-11-OCR-AI-upgrade.jpg
Windows

Windows 11 AI brings Google Lens-like OCR to Camera and Snipping Tool | Windows

ir39FeyzyZj6JV7R8HCmPh-1200-80.jpg
Windows

Fallout 3 and Elder Scrolls: Oblivion remasters in the works | Windows

sbjfgAstKFxv6uXjx2YpgU-1200-80.jpg
Windows

Xbox head Phil Spencer addresses huge company leak | Windows

Microsoft-FTC-Leaks-Culture-GettyImages-1306394029.jpg
Windows

The Biggest Revelations From the Microsoft Xbox Leaks | Windows

bKc6NwtKzKm9jsCAzSTo2N-1200-80.jpg
Windows

The latest Minecraft: Bedrock Edition update gives you a recipe book and lets you crawl | Windows