Patch Tuesday Update - August 2023

By Vulnerability Research Team

Today’s Microsoft Security Update includes the Microsoft Patch Tuesday checks in the NIRV 4.26.0 and Fortra VM Agent 1.63.0 releases.

  • Microsoft included fixes for 74 vulnerabilities in this release, including 6 rated as Critical.
  • Microsoft also released 2 security advisories this month with improvements related to defense in depth for Microsoft Office and the Memory Integrity System Readiness Scan Tool.
  • A couple of the vulnerability fixes and defense in depth improvements included in this release are related to vulnerabilities being exploited in the wild.
    • ADV230003
      • This advisory is for a defense in depth improvement for Microsoft Office to block the attack chain required for successful exploitation of CVE-2023-36884.
      • This CVE is being actively exploited by the Storm-0978 threat group (aka RomCom). More information about the exploit activity around CVE-2023-36884 can be found on here.
    • CVE-2023-38180
      • This CVE is for a Denial of Service vulnerability in .NET and Visual Studio that Microsoft indicated has been exploited but did not provide any additional details on the exploitation or attacks that used it.
CVE/Advisory Title Tag Microsoft Severity Rating Base Score Microsoft Impact Exploited Publicly Disclosed
CVE-2023-29328 Microsoft Teams Remote Code Execution Vulnerability Microsoft Teams Critical 8.8 Remote Code Execution No No
CVE-2023-29330 Microsoft Teams Remote Code Execution Vulnerability Microsoft Teams Critical 8.8 Remote Code Execution No No
CVE-2023-35359 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Important 7.8 Elevation of Privilege No No
CVE-2023-35368 Microsoft Exchange Remote Code Execution Vulnerability Microsoft Exchange Server Important 8.8 Remote Code Execution No No
CVE-2023-36865 Microsoft Office Visio Remote Code Execution Vulnerability Microsoft Office Visio Important 7.8 Remote Code Execution No No
CVE-2023-36866 Microsoft Office Visio Remote Code Execution Vulnerability Microsoft Office Visio Important 7.8 Remote Code Execution No No
CVE-2023-36869 Azure DevOps Server Spoofing Vulnerability Azure DevOps Important 6.3 Spoofing No No
CVE-2023-36873 .NET Framework Spoofing Vulnerability .NET Framework Important 7.4 Spoofing No No
CVE-2023-36876 Reliability Analysis Metrics Calculation (RacTask) Elevation of Privilege Vulnerability Reliability Analysis Metrics Calculation Engine Important 7.1 Elevation of Privilege No No
CVE-2023-36882 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Important 8.8 Remote Code Execution No No
ADV230003 Microsoft Office Defense in Depth Update Microsoft Office Moderate N/A Defense in Depth Yes Yes
CVE-2023-36889 Windows Group Policy Security Feature Bypass Vulnerability Windows Group Policy Important 5.5 Security Feature Bypass No No
CVE-2023-36898 Tablet Windows User Interface Application Core Remote Code Execution Vulnerability Tablet Windows User Interface Important 7.8 Remote Code Execution No No
CVE-2023-36899 ASP.NET Elevation of Privilege Vulnerability ASP.NET Important 7.5 Elevation of Privilege No No
CVE-2023-36900 Windows Common Log File System Driver Elevation of Privilege Vulnerability Windows Common Log File System Driver Important 7.8 Elevation of Privilege No No
CVE-2023-36903 Windows System Assessment Tool Elevation of Privilege Vulnerability Windows System Assessment Tool Important 7.8 Elevation of Privilege No No
CVE-2023-36904 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Windows Cloud Files Mini Filter Driver Important 7.8 Elevation of Privilege No No
CVE-2023-36905 Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability Windows Wireless Wide Area Network Service Important 5.5 Information Disclosure No No
CVE-2023-36906 Windows Cryptographic Services Information Disclosure Vulnerability Windows Cryptographic Services Important 5.5 Information Disclosure No No
CVE-2023-36907 Windows Cryptographic Services Information Disclosure Vulnerability Windows Cryptographic Services Important 5.5 Information Disclosure No No
CVE-2023-36908 Windows Hyper-V Information Disclosure Vulnerability Role: Windows Hyper-V Important 5.7 Information Disclosure No No
CVE-2023-36909 Microsoft Message Queuing Denial of Service Vulnerability Windows Message Queuing Important 6.5 Denial of Service No No
CVE-2023-36910 Microsoft Message Queuing Remote Code Execution Vulnerability Windows Message Queuing Critical 9.8 Remote Code Execution No No
CVE-2023-36911 Microsoft Message Queuing Remote Code Execution Vulnerability Windows Message Queuing Critical 9.8 Remote Code Execution No No
CVE-2023-36912 Microsoft Message Queuing Denial of Service Vulnerability Windows Message Queuing Important 7.5 Denial of Service No No
CVE-2023-36913 Microsoft Message Queuing Information Disclosure Vulnerability Windows Message Queuing Important 6.5 Information Disclosure No No
CVE-2023-36914 Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability Windows Smart Card Important 5.5 Security Feature Bypass No No
CVE-2023-35376 Microsoft Message Queuing Denial of Service Vulnerability Windows Message Queuing Important 6.5 Denial of Service No No
CVE-2023-38254 Microsoft Message Queuing Denial of Service Vulnerability Windows Message Queuing Important 6.5 Denial of Service No No
CVE-2023-35377 Microsoft Message Queuing Denial of Service Vulnerability Windows Message Queuing Important 6.5 Denial of Service No No
CVE-2023-35378 Windows Projected File System Elevation of Privilege Vulnerability Windows Projected File System Important 7 Elevation of Privilege No No
CVE-2023-35379 Reliability Analysis Metrics Calculation Engine (RACEng) Elevation of Privilege Vulnerability Windows Reliability Analysis Metrics Calculation Engine Important 7.8 Elevation of Privilege No No
CVE-2023-35380 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Important 7.8 Elevation of Privilege No No
CVE-2023-35381 Windows Fax Service Remote Code Execution Vulnerability Windows Fax and Scan Service Important 8.8 Remote Code Execution No No
CVE-2023-35382 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Important 7.8 Elevation of Privilege No No
CVE-2023-35383 Microsoft Message Queuing Information Disclosure Vulnerability Windows Message Queuing Important 7.5 Information Disclosure No No
CVE-2023-35384 Windows HTML Platforms Security Feature Bypass Vulnerability Windows HTML Platform Important 5.4 Security Feature Bypass No No
CVE-2023-35385 Microsoft Message Queuing Remote Code Execution Vulnerability Windows Message Queuing Critical 9.8 Remote Code Execution No No
CVE-2023-35386 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Important 7.8 Elevation of Privilege No No
CVE-2023-35387 Windows Bluetooth A2DP driver Elevation of Privilege Vulnerability Windows Bluetooth A2DP driver Important 8.8 Elevation of Privilege No No
CVE-2023-35389 Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability Microsoft Dynamics Important 6.5 Remote Code Execution No No
CVE-2023-35393 Azure Apache Hive Spoofing Vulnerability Azure HDInsights Important 4.5 Spoofing No No
CVE-2023-35394 Azure HDInsight Jupyter Notebook Spoofing Vulnerability Azure HDInsights Important 4.6 Spoofing No No
CVE-2023-38188 Azure Apache Hadoop Spoofing Vulnerability Azure HDInsights Important 4.5 Spoofing No No
CVE-2023-38186 Windows Mobile Device Management Elevation of Privilege Vulnerability Windows Mobile Device Management Important 7.8 Elevation of Privilege No No
CVE-2023-38185 Microsoft Exchange Server Remote Code Execution Vulnerability Microsoft Exchange Server Important 8.8 Remote Code Execution No No
CVE-2023-38184 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability Windows LDAP - Lightweight Directory Access Protocol Important 7.5 Remote Code Execution No No
CVE-2023-38175 Microsoft Windows Defender Elevation of Privilege Vulnerability Windows Defender Important 7.8 Elevation of Privilege No No
CVE-2023-38172 Microsoft Message Queuing Denial of Service Vulnerability Windows Message Queuing Important 7.5 Denial of Service No No
CVE-2023-38170 HEVC Video Extensions Remote Code Execution Vulnerability Microsoft Windows Codecs Library Important 7.8 Remote Code Execution No No
CVE-2023-38169 Microsoft OLE DB Remote Code Execution Vulnerability SQL Server Important 8.8 Remote Code Execution No No
CVE-2023-38167 Microsoft Dynamics Business Central Elevation Of Privilege Vulnerability Dynamics Business Central Control Important 7.2 Elevation of Privilege No No
CVE-2023-21709 Microsoft Exchange Server Elevation of Privilege Vulnerability Microsoft Exchange Server Important 9.8 Elevation of Privilege No No
CVE-2023-35371 Microsoft Office Remote Code Execution Vulnerability Microsoft Office Excel Important 7.8 Remote Code Execution No No
CVE-2023-35372 Microsoft Office Visio Remote Code Execution Vulnerability Microsoft Office Visio Important 7.8 Remote Code Execution No No
CVE-2023-36877 Azure Apache Oozie Spoofing Vulnerability Azure HDInsights Important 4.5 Spoofing No No
CVE-2023-36881 Azure Apache Ambari Spoofing Vulnerability Azure HDInsights Important 4.5 Spoofing No No
CVE-2023-36890 Microsoft SharePoint Server Information Disclosure Vulnerability Microsoft Office SharePoint Important 6.5 Information Disclosure No No
CVE-2023-36891 Microsoft SharePoint Server Spoofing Vulnerability Microsoft Office SharePoint Important 8 Spoofing No No
CVE-2023-36892 Microsoft SharePoint Server Spoofing Vulnerability Microsoft Office SharePoint Important 8 Spoofing No No
CVE-2023-36893 Microsoft Outlook Spoofing Vulnerability Microsoft Office Outlook Important 6.5 Spoofing No No
CVE-2023-36894 Microsoft SharePoint Server Information Disclosure Vulnerability Microsoft Office SharePoint Important 6.5 Information Disclosure No No
CVE-2023-36895 Microsoft Outlook Remote Code Execution Vulnerability Microsoft Office Outlook Critical 7.8 Remote Code Execution No No
CVE-2023-36896 Microsoft Excel Remote Code Execution Vulnerability Microsoft Office Excel Important 7.8 Remote Code Execution No No
CVE-2023-36897 Visual Studio Tools for Office Runtime Spoofing Vulnerability Microsoft Office Important 8.1 Spoofing No No
CVE-2023-35388 Microsoft Exchange Server Remote Code Execution Vulnerability Microsoft Exchange Server Important 8 Remote Code Execution No No
CVE-2023-20569 AMD: CVE-2023-20569 Return Address Predictor Microsoft Windows Important N/A Information Disclosure No No
CVE-2023-35390 .NET and Visual Studio Remote Code Execution Vulnerability .NET Core Important 7.8 Remote Code Execution No No
CVE-2023-35391 ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability ASP.NET and Visual Studio Important 7.1 Information Disclosure No No
CVE-2023-38182 Microsoft Exchange Server Remote Code Execution Vulnerability Microsoft Exchange Server Important 8 Remote Code Execution No No
CVE-2023-38181 Microsoft Exchange Server Spoofing Vulnerability Microsoft Exchange Server Important 8.8 Spoofing No No
CVE-2023-38180 .NET and Visual Studio Denial of Service Vulnerability ASP .NET Important 7.5 Denial of Service Yes No
CVE-2023-38178 .NET Core and Visual Studio Denial of Service Vulnerability .NET Core Important 7.5 Denial of Service No No
CVE-2023-38176 Azure Arc-Enabled Servers Elevation of Privilege Vulnerability Azure Arc Important 7 Elevation of Privilege No No
CVE-2023-38154 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Important 7.8 Elevation of Privilege No No
ADV230004 Memory Integrity System Readiness Scan Tool Defense in Depth Update Memory Integrity System Readiness Scan Tool Moderate N/A Defense in Depth No Yes

Prioritize the right vulnerabilities and accelerate your time-to-remediation

Watch this 3-minute video to see what Fortra VM can do for you.

WATCH THE VIDEO

Share This