Microsoft September 2023 Patch Tuesday Fixes 2 Zero-Days, 59 Flaws

The latest Microsoft vulnerabilities consist of four remote code execution problems and a privilege elevation issue in Azure Kubernetes.

's September 2023 has been rolled out, addressing a total of 59 vulnerabilities, two of which are zero-day flaws currently under active exploitation. Just like all months, Patch Tuesday is about shoring up Microsoft's services from security issues and bugs.

The two zero-day vulnerabilities that have been actively exploited are:

  1. CVE-2023-36802 – Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability. This flaw allows attackers to exploit the vulnerability to gain system privileges.
  2. CVE-2023-36761Microsoft Word Information Disclosure Vulnerability. This vulnerability can be exploited by attackers to disclose NTLM hashes.

Of the total vulnerabilities addressed, five were rated as ‘Critical', 55 as ‘Important', and one as ‘Moderate'. The critical vulnerabilities include four remote code execution flaws and an Azure Service elevation of privilege vulnerability.

Additional Insights from the Patch

Apart from the main vulnerabilities, the company also addressed two external bugs and four Chromium bugs. The total count of 59 flaws does not include five Microsoft Edge (Chromium) vulnerabilities and two non-Microsoft flaws in Electron and Autodesk.

Microsoft's Patch Tuesday for September 2023 also saw for various products, including Microsoft Windows and its components, Exchange Server, Office and its components, .NET and Visual Studio, Azure, Microsoft Dynamics, and Windows Defender.

Standalone Defender Vulnerability Management Tool

Last month, Microsoft announced a standalone vulnerability management tool for Microsoft Defender. This means the vulnerability manager can now be accessed outside of Microsoft/. Previously, the service was only accessible as part of Microsoft Defender for Endpoint, a comprehensive endpoint security solution that includes threat detection, investigation, response and remediation capabilities.

 Vulnerability Management is a service that helps organizations discover, prioritize, and remediate security vulnerabilities across their IT assets. According to Microsoft, the standalone service provides the same benefits as the integrated one.