Today is Microsoft's October 2023 Patch Tuesday, with security updates for 104 flaws, including three actively exploited zero-day vulnerabilities.
While forty-five remote code execution (RCE) bugs were fixed, Microsoft only rated twelve vulnerabilities as 'Critical,' all of which are RCE flaws.
The number of bugs in each vulnerability category is listed below:
- 26 Elevation of Privilege Vulnerabilities
- 3 Security Feature Bypass Vulnerabilities
- 45 Remote Code Execution Vulnerabilities
- 12 Information Disclosure Vulnerabilities
- 17 Denial of Service Vulnerabilities
- 1 Spoofing Vulnerabilities
The total count of 104 flaws does not include one Chromium vulnerability tracked as CVE-2023-5346, which was fixed by Google on October 3rd and ported to Microsoft Edge.
To learn more about the non-security updates released today, you can review our dedicated articles on the new Windows 11 KB5031354 cumulative update and Windows 10 KB5031356 cumulative update.
Three actively exploited zero-day vulnerabilities
This month's Patch Tuesday fixes three zero-day vulnerabilities, with all of them exploited in attacks and two of them publicly disclosed.
Microsoft classifies a vulnerability as a zero-day if it is publicly disclosed or actively exploited with no official fix available.
The three actively exploited zero-day vulnerabilities in today's updates are:
CVE-2023-41763 - Skype for Business Elevation of Privilege Vulnerability
Microsoft has fixed an actively exploited Skype for Business vulnerability that is classified as an Elevation of Privileges bug.
"An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker.," explains Microsoft.
"While the attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability)."
The flaw was discovered by Dr. Florian Hauser (@frycos), who said that it is the same flaw he disclosed in September 2022 but which Microsoft had refused to fix at the time.
"You could use this vulnerability to reach systems in the internals networks. It basically allows you to breach the internet perimeter because Skype usually is exposed on the public internet," told Hauser.
CVE-2023-36563 - Microsoft WordPad Information Disclosure Vulnerability
Microsoft has fixed an actively exploited vulnerability that can be used to steal NTLM hashes when opening a document in WordPad.
"To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system," explains Microsoft.
"Additionally, an attacker could convince a local user to open a malicious file. The attacker would have to convince the user to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file."
These NTLM hashes can be cracked or used in NTLM Relay attacks to gain access to the account.
This flaw was discovered internally by the Microsoft Threat Intelligence group and appears to be an offshoot of CVE-2023-36761, fixed last month.
CVE-2023-44487 - HTTP/2 Rapid Reset Attack
Microsoft has released mitigations for a new zero-day DDoS attack technique called 'HTTP/2 Rapid Reset' that has been actively exploited since August, breaking all previous records.
This attack abuses the HTTP/2's stream cancellation feature to continuously send and cancel requests, overwhelming the target server/application and imposing a DoS state.
As the feature is built into the HTTP/2 standard, there is no "fix" for the technique that can be implemented other than rate limiting or blocking the protocol.
Microsoft's mitigation steps in the advisory are to disable the HTTP/2 protocol on your web server. However, they also provided a dedicated article on HTTP/2 Rapid Reset, with further information.
This flaw was disclosed today in a coordinated disclosure by Cloudflare, Amazon, and Google.
Microsoft says that the CVE-2023-41763 and CVE-2023-36563 were publicly disclosed.
Recent updates from other companies
Other vendors who released updates or advisories in October 2023 include:
- Apple fixed two zero-days with the release of iOS 17.0.3.
- Arm disclosed new Mali GPU flaws exploited in attacks.
- Cisco released security updates for various products, including hard-coded root credentials in Emergency Responder.
- Citrix released fixes for a Citrix NetScaler ADC and Gateway flaw that exposes 'sensitive' information.
- Technical details released for D-Link DAP-X1860 WiFi 6 range extender zero-day.
- Exim patched three of six disclosed zero-days.
- Google released the Android October 2023 security updates to fix actively exploited vulnerabilities.
- GNOME is impacted by an RCE flaw that can be triggered by downloading a cue file.
- New 'HTTP/2 Rapid Reset' zero-day attack breaks DDoS records.
- Linux distros are impacted by a new 'Looney Tunables' bug that gives root on impacted systems.
- Marvin attack revives 25-year-old decryption flaw in RSA.
- Microsoft released an emergency update for Edge and Teams to fix two zero-days.
- SAP has released its October 2023 Patch Day updates.
- New ShellTorch flaws impact the open-source TorchServe AI model-serving tool.
The October 2023 Patch Tuesday Security Updates
Below is the complete list of resolved vulnerabilities in the October 2023 Patch Tuesday updates.
Tag | CVE ID | CVE Title | Severity |
---|---|---|---|
Active Directory Domain Services | CVE-2023-36722 | Active Directory Domain Services Information Disclosure Vulnerability | Important |
Azure | CVE-2023-36737 | Azure Network Watcher VM Agent Elevation of Privilege Vulnerability | Important |
Azure | CVE-2023-36419 | Azure HDInsight Apache Oozie Workflow Scheduler Elevation of Privilege Vulnerability | Important |
Azure DevOps | CVE-2023-36561 | Azure DevOps Server Elevation of Privilege Vulnerability | Important |
Azure Real Time Operating System | CVE-2023-36418 | Azure RTOS GUIX Studio Remote Code Execution Vulnerability | Important |
Azure SDK | CVE-2023-36414 | Azure Identity SDK Remote Code Execution Vulnerability | Important |
Azure SDK | CVE-2023-36415 | Azure Identity SDK Remote Code Execution Vulnerability | Important |
Client Server Run-time Subsystem (CSRSS) | CVE-2023-41766 | Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability | Important |
HTTP/2 | CVE-2023-44487 | MITRE: CVE-2023-44487 HTTP/2 Rapid Reset Attack | Important |
Microsoft Common Data Model SDK | CVE-2023-36566 | Microsoft Common Data Model SDK Denial of Service Vulnerability | Important |
Microsoft Dynamics | CVE-2023-36429 | Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | Important |
Microsoft Dynamics | CVE-2023-36416 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important |
Microsoft Dynamics | CVE-2023-36433 | Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | Important |
Microsoft Edge (Chromium-based) | CVE-2023-5346 | Chromium: CVE-2023-5346 Type Confusion in V8 | Unknown |
Microsoft Exchange Server | CVE-2023-36778 | Microsoft Exchange Server Remote Code Execution Vulnerability | Important |
Microsoft Graphics Component | CVE-2023-36594 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
Microsoft Graphics Component | CVE-2023-38159 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
Microsoft Office | CVE-2023-36565 | Microsoft Office Graphics Elevation of Privilege Vulnerability | Important |
Microsoft Office | CVE-2023-36569 | Microsoft Office Elevation of Privilege Vulnerability | Important |
Microsoft Office | CVE-2023-36568 | Microsoft Office Click-To-Run Elevation of Privilege Vulnerability | Important |
Microsoft QUIC | CVE-2023-38171 | Microsoft QUIC Denial of Service Vulnerability | Important |
Microsoft QUIC | CVE-2023-36435 | Microsoft QUIC Denial of Service Vulnerability | Important |
Microsoft WDAC OLE DB provider for SQL | CVE-2023-36577 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Important |
Microsoft Windows Media Foundation | CVE-2023-36710 | Windows Media Foundation Core Remote Code Execution Vulnerability | Important |
Microsoft Windows Search Component | CVE-2023-36564 | Windows Search Security Feature Bypass Vulnerability | Important |
Microsoft WordPad | CVE-2023-36563 | Microsoft WordPad Information Disclosure Vulnerability | Important |
Skype for Business | CVE-2023-36786 | Skype for Business Remote Code Execution Vulnerability | Important |
Skype for Business | CVE-2023-36780 | Skype for Business Remote Code Execution Vulnerability | Important |
Skype for Business | CVE-2023-36789 | Skype for Business Remote Code Execution Vulnerability | Important |
Skype for Business | CVE-2023-41763 | Skype for Business Elevation of Privilege Vulnerability | Important |
SQL Server | CVE-2023-36728 | Microsoft SQL Server Denial of Service Vulnerability | Important |
SQL Server | CVE-2023-36417 | Microsoft SQL ODBC Driver Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2023-36785 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2023-36598 | Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2023-36730 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Important |
SQL Server | CVE-2023-36420 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | Important |
Windows Active Template Library | CVE-2023-36585 | Active Template Library Denial of Service Vulnerability | Important |
Windows AllJoyn API | CVE-2023-36709 | Microsoft AllJoyn API Denial of Service Vulnerability | Important |
Windows Client/Server Runtime Subsystem | CVE-2023-36902 | Windows Runtime Remote Code Execution Vulnerability | Important |
Windows Common Log File System Driver | CVE-2023-36713 | Windows Common Log File System Driver Information Disclosure Vulnerability | Important |
Windows Container Manager Service | CVE-2023-36723 | Windows Container Manager Service Elevation of Privilege Vulnerability | Important |
Windows Deployment Services | CVE-2023-36707 | Windows Deployment Services Denial of Service Vulnerability | Important |
Windows Deployment Services | CVE-2023-36567 | Windows Deployment Services Information Disclosure Vulnerability | Important |
Windows Deployment Services | CVE-2023-36706 | Windows Deployment Services Information Disclosure Vulnerability | Important |
Windows DHCP Server | CVE-2023-36703 | DHCP Server Service Denial of Service Vulnerability | Important |
Windows Error Reporting | CVE-2023-36721 | Windows Error Reporting Service Elevation of Privilege Vulnerability | Important |
Windows HTML Platform | CVE-2023-36436 | Windows MSHTML Platform Remote Code Execution Vulnerability | Important |
Windows HTML Platform | CVE-2023-36557 | PrintHTML API Remote Code Execution Vulnerability | Important |
Windows IIS | CVE-2023-36434 | Windows IIS Server Elevation of Privilege Vulnerability | Important |
Windows IKE Extension | CVE-2023-36726 | Windows Internet Key Exchange (IKE) Extension Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2023-36576 | Windows Kernel Information Disclosure Vulnerability | Important |
Windows Kernel | CVE-2023-36712 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2023-36698 | Windows Kernel Security Feature Bypass Vulnerability | Important |
Windows Layer 2 Tunneling Protocol | CVE-2023-41770 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | Critical |
Windows Layer 2 Tunneling Protocol | CVE-2023-41765 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | Critical |
Windows Layer 2 Tunneling Protocol | CVE-2023-41767 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | Critical |
Windows Layer 2 Tunneling Protocol | CVE-2023-38166 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | Critical |
Windows Layer 2 Tunneling Protocol | CVE-2023-41774 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | Critical |
Windows Layer 2 Tunneling Protocol | CVE-2023-41773 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | Critical |
Windows Layer 2 Tunneling Protocol | CVE-2023-41771 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | Critical |
Windows Layer 2 Tunneling Protocol | CVE-2023-41769 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | Critical |
Windows Layer 2 Tunneling Protocol | CVE-2023-41768 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | Critical |
Windows Mark of the Web (MOTW) | CVE-2023-36584 | Windows Mark of the Web Security Feature Bypass Vulnerability | Important |
Windows Message Queuing | CVE-2023-36571 | Microsoft Message Queuing Remote Code Execution Vulnerability | Important |
Windows Message Queuing | CVE-2023-36570 | Microsoft Message Queuing Remote Code Execution Vulnerability | Important |
Windows Message Queuing | CVE-2023-36431 | Microsoft Message Queuing Denial of Service Vulnerability | Important |
Windows Message Queuing | CVE-2023-35349 | Microsoft Message Queuing Remote Code Execution Vulnerability | Critical |
Windows Message Queuing | CVE-2023-36591 | Microsoft Message Queuing Remote Code Execution Vulnerability | Important |
Windows Message Queuing | CVE-2023-36590 | Microsoft Message Queuing Remote Code Execution Vulnerability | Important |
Windows Message Queuing | CVE-2023-36589 | Microsoft Message Queuing Remote Code Execution Vulnerability | Important |
Windows Message Queuing | CVE-2023-36583 | Microsoft Message Queuing Remote Code Execution Vulnerability | Important |
Windows Message Queuing | CVE-2023-36592 | Microsoft Message Queuing Remote Code Execution Vulnerability | Important |
Windows Message Queuing | CVE-2023-36697 | Microsoft Message Queuing Remote Code Execution Vulnerability | Critical |
Windows Message Queuing | CVE-2023-36606 | Microsoft Message Queuing Denial of Service Vulnerability | Important |
Windows Message Queuing | CVE-2023-36593 | Microsoft Message Queuing Remote Code Execution Vulnerability | Important |
Windows Message Queuing | CVE-2023-36582 | Microsoft Message Queuing Remote Code Execution Vulnerability | Important |
Windows Message Queuing | CVE-2023-36574 | Microsoft Message Queuing Remote Code Execution Vulnerability | Important |
Windows Message Queuing | CVE-2023-36575 | Microsoft Message Queuing Remote Code Execution Vulnerability | Important |
Windows Message Queuing | CVE-2023-36573 | Microsoft Message Queuing Remote Code Execution Vulnerability | Important |
Windows Message Queuing | CVE-2023-36572 | Microsoft Message Queuing Remote Code Execution Vulnerability | Important |
Windows Message Queuing | CVE-2023-36581 | Microsoft Message Queuing Denial of Service Vulnerability | Important |
Windows Message Queuing | CVE-2023-36579 | Microsoft Message Queuing Denial of Service Vulnerability | Important |
Windows Message Queuing | CVE-2023-36578 | Microsoft Message Queuing Remote Code Execution Vulnerability | Important |
Windows Microsoft DirectMusic | CVE-2023-36702 | Microsoft DirectMusic Remote Code Execution Vulnerability | Important |
Windows Mixed Reality Developer Tools | CVE-2023-36720 | Windows Mixed Reality Developer Tools Denial of Service Vulnerability | Important |
Windows Named Pipe File System | CVE-2023-36729 | Named Pipe File System Elevation of Privilege Vulnerability | Important |
Windows Named Pipe File System | CVE-2023-36605 | Windows Named Pipe Filesystem Elevation of Privilege Vulnerability | Important |
Windows NT OS Kernel | CVE-2023-36725 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Windows Power Management Service | CVE-2023-36724 | Windows Power Management Service Information Disclosure Vulnerability | Important |
Windows RDP | CVE-2023-36790 | Windows RDP Encoder Mirror Driver Elevation of Privilege Vulnerability | Important |
Windows RDP | CVE-2023-29348 | Windows Remote Desktop Gateway (RD Gateway) Information Disclosure Vulnerability | Important |
Windows Remote Procedure Call | CVE-2023-36596 | Remote Procedure Call Information Disclosure Vulnerability | Important |
Windows Resilient File System (ReFS) | CVE-2023-36701 | Microsoft Resilient File System (ReFS) Elevation of Privilege Vulnerability | Important |
Windows Runtime C++ Template Library | CVE-2023-36711 | Windows Runtime C++ Template Library Elevation of Privilege Vulnerability | Important |
Windows Setup Files Cleanup | CVE-2023-36704 | Windows Setup Files Cleanup Remote Code Execution Vulnerability | Important |
Windows TCP/IP | CVE-2023-36438 | Windows TCP/IP Information Disclosure Vulnerability | Important |
Windows TCP/IP | CVE-2023-36603 | Windows TCP/IP Denial of Service Vulnerability | Important |
Windows TCP/IP | CVE-2023-36602 | Windows TCP/IP Denial of Service Vulnerability | Important |
Windows TPM | CVE-2023-36717 | Windows Virtual Trusted Platform Module Denial of Service Vulnerability | Important |
Windows Virtual Trusted Platform Module | CVE-2023-36718 | Microsoft Virtual Trusted Platform Module Remote Code Execution Vulnerability | Critical |
Windows Win32K | CVE-2023-36731 | Win32k Elevation of Privilege Vulnerability | Important |
Windows Win32K | CVE-2023-36732 | Win32k Elevation of Privilege Vulnerability | Important |
Windows Win32K | CVE-2023-36776 | Win32k Elevation of Privilege Vulnerability | Important |
Windows Win32K | CVE-2023-36743 | Win32k Elevation of Privilege Vulnerability | Important |
Windows Win32K | CVE-2023-41772 | Win32k Elevation of Privilege Vulnerability | Important |