Today’s VERT Alert addresses Microsoft’s October 2023 Security Updates, which includes a recently introduced release notes format. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1077 on Wednesday, October 11th.
In-The-Wild & Disclosed CVEs
CVE-2023-41763
While this vulnerability is labeled as a Skype for Business Elevation of Privilege Vulnerability, the details read more like an Information Disclosure. According to Microsoft, successful exploitation of this vulnerability “could disclose IP addresses or port numbers or both to the attacker.” Microsoft has reported this vulnerability as Exploitation Detected.
CVE-2023-44487
This vulnerability goes beyond Microsoft and has been reported by multiple vendors as part of coordinated disclosure. The vulnerability has been referred to as the HTTP/2 Rapid Reset Attack and excellent resources have been published by both Cloudflare and Google. Microsoft has reported this vulnerability as Exploitation Detected.
CVE-2023-36563
A vulnerability in WordPad could lead to situations where an attacker convinces a user to open a malicious file that could prompt the disclosure of NTLM hashes. Microsoft has reported this vulnerability as Exploitation Detected.
CVE Breakdown by Tag
While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis. Vulnerabilities are also colour coded to aid with identifying key issues.
- Traditional Software
- Mobile Software
- Cloud or Cloud Adjacent
- Vulnerabilities that are being exploited or that have been disclosed will be highlighted.
|
Tag |
CVE Count |
CVEs |
|
Windows IKE Extension |
1 |
CVE-2023-36726 |
|
Windows Error Reporting |
1 |
CVE-2023-36721 |
|
Windows Setup Files Cleanup |
1 |
CVE-2023-36704 |
|
Windows HTML Platform |
2 |
CVE-2023-36557, CVE-2023-36436 |
|
Microsoft Common Data Model SDK |
1 |
CVE-2023-36566 |
|
Windows RDP |
2 |
CVE-2023-29348, CVE-2023-36790 |
|
Microsoft QUIC |
2 |
CVE-2023-38171, CVE-2023-36435 |
|
Windows Common Log File System Driver |
1 |
CVE-2023-36713 |
|
Azure DevOps |
1 |
CVE-2023-36561 |
|
Windows Microsoft DirectMusic |
1 |
CVE-2023-36702 |
|
Active Directory Domain Services |
1 |
CVE-2023-36722 |
|
Microsoft Windows Media Foundation |
1 |
CVE-2023-36710 |
|
Windows TPM |
1 |
CVE-2023-36717 |
|
Windows Virtual Trusted Platform Module |
1 |
CVE-2023-36718 |
|
Windows Active Template Library |
1 |
CVE-2023-36585 |
|
SQL Server |
6 |
CVE-2023-36730, CVE-2023-36728, CVE-2023-36598, CVE-2023-36420, CVE-2023-36417, CVE-2023-36785 |
|
Windows Power Management Service |
1 |
CVE-2023-36724 |
|
Windows Mark of the Web (MOTW) |
1 |
CVE-2023-36584 |
|
Windows Deployment Services |
3 |
CVE-2023-36707, CVE-2023-36706, CVE-2023-36567 |
|
Microsoft Graphics Component |
2 |
CVE-2023-36594, CVE-2023-38159 |
|
Azure SDK |
2 |
CVE-2023-36415, CVE-2023-36414 |
|
Windows Kernel |
3 |
CVE-2023-36712, CVE-2023-36698, CVE-2023-36576 |
|
Microsoft Windows Search Component |
1 |
CVE-2023-36564 |
|
Windows Remote Procedure Call |
1 |
CVE-2023-36596 |
|
Windows Runtime C++ Template Library |
1 |
CVE-2023-36711 |
|
Microsoft Office |
3 |
CVE-2023-36569, CVE-2023-36568, CVE-2023-36565 |
|
Microsoft WordPad |
1 |
CVE-2023-36563 |
|
Client Server Run-time Subsystem (CSRSS) |
1 |
CVE-2023-41766 |
|
Windows Client/Server Runtime Subsystem |
1 |
CVE-2023-36902 |
|
Azure Real Time Operating System |
1 |
CVE-2023-36418 |
|
Windows AllJoyn API |
1 |
CVE-2023-36709 |
|
Windows Layer 2 Tunneling Protocol |
9 |
CVE-2023-41765, CVE-2023-41767, CVE-2023-41768, CVE-2023-41769, CVE-2023-41770, CVE-2023-41771, CVE-2023-41773, CVE-2023-41774, CVE-2023-38166 |
|
Microsoft WDAC OLE DB provider for SQL |
1 |
CVE-2023-36577 |
|
Microsoft Exchange Server |
1 |
CVE-2023-36778 |
|
Windows IIS |
1 |
CVE-2023-36434 |
|
Windows Win32K |
5 |
CVE-2023-41772, CVE-2023-36732, CVE-2023-36731, CVE-2023-36776, CVE-2023-36743 |
|
Azure |
2 |
CVE-2023-36737, CVE-2023-36419 |
|
Windows TCP/IP |
3 |
CVE-2023-36603, CVE-2023-36602, CVE-2023-36438 |
|
Windows Message Queuing |
20 |
CVE-2023-35349, CVE-2023-36697, CVE-2023-36606, CVE-2023-36593, CVE-2023-36592, CVE-2023-36591, CVE-2023-36590, CVE-2023-36589, CVE-2023-36583, CVE-2023-36582, CVE-2023-36581, CVE-2023-36579, CVE-2023-36578, CVE-2023-36575, CVE-2023-36574, CVE-2023-36573, CVE-2023-36572, CVE-2023-36571, CVE-2023-36570, CVE-2023-36431 |
|
Windows Resilient File System (ReFS) |
1 |
CVE-2023-36701 |
|
Skype for Business |
4 |
CVE-2023-41763, CVE-2023-36789, CVE-2023-36786, CVE-2023-36780 |
|
Windows Container Manager Service |
1 |
CVE-2023-36723 |
|
Windows NT OS Kernel |
1 |
CVE-2023-36725 |
|
HTTP/2 |
1 |
CVE-2023-44487 |
|
Microsoft Edge (Chromium-based) |
1 |
CVE-2023-5346 |
|
Windows Named Pipe File System |
2 |
CVE-2023-36729, CVE-2023-36605 |
|
Windows Mixed Reality Developer Tools |
1 |
CVE-2023-36720 |
|
Microsoft Dynamics |
3 |
CVE-2023-36433, CVE-2023-36429, CVE-2023-36416 |
|
Windows DHCP Server |
1 |
CVE-2023-36703 |
Other Information
At the time of publication, there were no new advisories included with the October Security Guidance.
Mastering Security Configuration Management
Master Security Configuration Management with Tripwire's guide on best practices. This resource explores SCM's role in modern cybersecurity, reducing the attack surface, and achieving compliance with regulations. Gain practical insights for using SCM effectively in various environments.
