By Lawrence Abrams on Tuesday, 10 October 2023
Category: News

Microsoft October 2023 Patch Tuesday fixes 3 zero-days, 104 flaws

Today is Microsoft's October 2023 Patch Tuesday, with security updates for 104 flaws, including three actively exploited zero-day vulnerabilities. 

While forty-five remote code execution (RCE) bugs were fixed, Microsoft only rated twelve vulnerabilities as 'Critical,' all of which are RCE flaws.

The number of bugs in each vulnerability category is listed below:

The total count of 104 flaws does not include one Chromium vulnerability tracked as CVE-2023-5346, which was fixed by Google on October 3rd and ported to Microsoft Edge.

To learn more about the non-security updates released today, you can review our dedicated articles on the new Windows 11 KB5031354 cumulative update and Windows 10 KB5031356 cumulative update. 

Three actively exploited zero-day vulnerabilities

This month's Patch Tuesday fixes three zero-day vulnerabilities, with all of them exploited in attacks and two of them publicly disclosed.

Microsoft classifies a vulnerability as a zero-day if it is publicly disclosed or actively exploited with no official fix available.

The three actively exploited zero-day vulnerabilities in today's updates are:

            CVE-2023-41763 - Skype for Business Elevation of Privilege Vulnerability

Microsoft has fixed an actively exploited Skype for Business vulnerability that is classified as an Elevation of Privileges bug.

"An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker.," explains Microsoft. 

"While the attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability)."

The flaw was discovered by Dr. Florian Hauser (@frycos), who said that it is the same flaw he disclosed in September 2022 but which Microsoft had refused to fix at the time.

"You could use this vulnerability to reach systems in the internals networks. It basically allows you to breach the internet perimeter because Skype usually is exposed on the public internet," told Hauser.

CVE-2023-36563 - Microsoft WordPad Information Disclosure Vulnerability

Microsoft has fixed an actively exploited vulnerability that can be used to steal NTLM hashes when opening a document in WordPad.

"To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system," explains Microsoft.

"Additionally, an attacker could convince a local user to open a malicious file. The attacker would have to convince the user to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file."

These NTLM hashes can be cracked or used in NTLM Relay attacks to gain access to the account.

This flaw was discovered internally by the Microsoft Threat Intelligence group and appears to be an offshoot of CVE-2023-36761, fixed last month.

CVE-2023-44487 - HTTP/2 Rapid Reset Attack

Microsoft has released mitigations for a new zero-day DDoS attack technique called 'HTTP/2 Rapid Reset' that has been actively exploited since August, breaking all previous records.

This attack abuses the HTTP/2's stream cancellation feature to continuously send and cancel requests, overwhelming the target server/application and imposing a DoS state.

As the feature is built into the HTTP/2 standard, there is no "fix" for the technique that can be implemented other than rate limiting or blocking the protocol.

Microsoft's mitigation steps in the advisory are to disable the HTTP/2 protocol on your web server. However, they also provided a dedicated article on HTTP/2 Rapid Reset, with further information.

This flaw was disclosed today in a coordinated disclosure by Cloudflare, Amazon, and Google.

Microsoft says that the CVE-2023-41763 and CVE-2023-36563 were publicly disclosed.

Recent updates from other companies

Other vendors who released updates or advisories in October 2023 include:

The October 2023 Patch Tuesday Security Updates

Below is the complete list of resolved vulnerabilities in the October 2023 Patch Tuesday updates.

TagCVE IDCVE TitleSeverity
Active Directory Domain ServicesCVE-2023-36722Active Directory Domain Services Information Disclosure VulnerabilityImportant
AzureCVE-2023-36737Azure Network Watcher VM Agent Elevation of Privilege VulnerabilityImportant
AzureCVE-2023-36419Azure HDInsight Apache Oozie Workflow Scheduler Elevation of Privilege VulnerabilityImportant
Azure DevOpsCVE-2023-36561Azure DevOps Server Elevation of Privilege VulnerabilityImportant
Azure Real Time Operating SystemCVE-2023-36418Azure RTOS GUIX Studio Remote Code Execution VulnerabilityImportant
Azure SDKCVE-2023-36414Azure Identity SDK Remote Code Execution VulnerabilityImportant
Azure SDKCVE-2023-36415Azure Identity SDK Remote Code Execution VulnerabilityImportant
Client Server Run-time Subsystem (CSRSS)CVE-2023-41766Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege VulnerabilityImportant
HTTP/2CVE-2023-44487MITRE: CVE-2023-44487 HTTP/2 Rapid Reset AttackImportant
Microsoft Common Data Model SDKCVE-2023-36566Microsoft Common Data Model SDK Denial of Service VulnerabilityImportant
Microsoft DynamicsCVE-2023-36429Microsoft Dynamics 365 (On-Premises) Information Disclosure VulnerabilityImportant
Microsoft DynamicsCVE-2023-36416Microsoft Dynamics 365 (on-premises) Cross-site Scripting VulnerabilityImportant
Microsoft DynamicsCVE-2023-36433Microsoft Dynamics 365 (On-Premises) Information Disclosure VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2023-5346Chromium: CVE-2023-5346 Type Confusion in V8Unknown
Microsoft Exchange ServerCVE-2023-36778Microsoft Exchange Server Remote Code Execution VulnerabilityImportant
Microsoft Graphics ComponentCVE-2023-36594Windows Graphics Component Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2023-38159Windows Graphics Component Elevation of Privilege VulnerabilityImportant
Microsoft OfficeCVE-2023-36565Microsoft Office Graphics Elevation of Privilege VulnerabilityImportant
Microsoft OfficeCVE-2023-36569Microsoft Office Elevation of Privilege VulnerabilityImportant
Microsoft OfficeCVE-2023-36568Microsoft Office Click-To-Run Elevation of Privilege VulnerabilityImportant
Microsoft QUICCVE-2023-38171Microsoft QUIC Denial of Service VulnerabilityImportant
Microsoft QUICCVE-2023-36435Microsoft QUIC Denial of Service VulnerabilityImportant
Microsoft WDAC OLE DB provider for SQLCVE-2023-36577Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution VulnerabilityImportant
Microsoft Windows Media FoundationCVE-2023-36710Windows Media Foundation Core Remote Code Execution VulnerabilityImportant
Microsoft Windows Search ComponentCVE-2023-36564Windows Search Security Feature Bypass VulnerabilityImportant
Microsoft WordPadCVE-2023-36563Microsoft WordPad Information Disclosure VulnerabilityImportant
Skype for BusinessCVE-2023-36786Skype for Business Remote Code Execution VulnerabilityImportant
Skype for BusinessCVE-2023-36780Skype for Business Remote Code Execution VulnerabilityImportant
Skype for BusinessCVE-2023-36789Skype for Business Remote Code Execution VulnerabilityImportant
Skype for BusinessCVE-2023-41763Skype for Business Elevation of Privilege VulnerabilityImportant
SQL ServerCVE-2023-36728Microsoft SQL Server Denial of Service VulnerabilityImportant
SQL ServerCVE-2023-36417Microsoft SQL ODBC Driver Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2023-36785Microsoft ODBC Driver for SQL Server Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2023-36598Microsoft WDAC ODBC Driver Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2023-36730Microsoft ODBC Driver for SQL Server Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2023-36420Microsoft ODBC Driver for SQL Server Remote Code Execution VulnerabilityImportant
Windows Active Template LibraryCVE-2023-36585Active Template Library Denial of Service VulnerabilityImportant
Windows AllJoyn APICVE-2023-36709Microsoft AllJoyn API Denial of Service VulnerabilityImportant
Windows Client/Server Runtime SubsystemCVE-2023-36902Windows Runtime Remote Code Execution VulnerabilityImportant
Windows Common Log File System DriverCVE-2023-36713Windows Common Log File System Driver Information Disclosure VulnerabilityImportant
Windows Container Manager ServiceCVE-2023-36723Windows Container Manager Service Elevation of Privilege VulnerabilityImportant
Windows Deployment ServicesCVE-2023-36707Windows Deployment Services Denial of Service VulnerabilityImportant
Windows Deployment ServicesCVE-2023-36567Windows Deployment Services Information Disclosure VulnerabilityImportant
Windows Deployment ServicesCVE-2023-36706Windows Deployment Services Information Disclosure VulnerabilityImportant
Windows DHCP ServerCVE-2023-36703DHCP Server Service Denial of Service VulnerabilityImportant
Windows Error ReportingCVE-2023-36721Windows Error Reporting Service Elevation of Privilege VulnerabilityImportant
Windows HTML PlatformCVE-2023-36436Windows MSHTML Platform Remote Code Execution VulnerabilityImportant
Windows HTML PlatformCVE-2023-36557PrintHTML API Remote Code Execution VulnerabilityImportant
Windows IISCVE-2023-36434Windows IIS Server Elevation of Privilege VulnerabilityImportant
Windows IKE ExtensionCVE-2023-36726Windows Internet Key Exchange (IKE) Extension Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2023-36576Windows Kernel Information Disclosure VulnerabilityImportant
Windows KernelCVE-2023-36712Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2023-36698Windows Kernel Security Feature Bypass VulnerabilityImportant
Windows Layer 2 Tunneling ProtocolCVE-2023-41770Layer 2 Tunneling Protocol Remote Code Execution VulnerabilityCritical
Windows Layer 2 Tunneling ProtocolCVE-2023-41765Layer 2 Tunneling Protocol Remote Code Execution VulnerabilityCritical
Windows Layer 2 Tunneling ProtocolCVE-2023-41767Layer 2 Tunneling Protocol Remote Code Execution VulnerabilityCritical
Windows Layer 2 Tunneling ProtocolCVE-2023-38166Layer 2 Tunneling Protocol Remote Code Execution VulnerabilityCritical
Windows Layer 2 Tunneling ProtocolCVE-2023-41774Layer 2 Tunneling Protocol Remote Code Execution VulnerabilityCritical
Windows Layer 2 Tunneling ProtocolCVE-2023-41773Layer 2 Tunneling Protocol Remote Code Execution VulnerabilityCritical
Windows Layer 2 Tunneling ProtocolCVE-2023-41771Layer 2 Tunneling Protocol Remote Code Execution VulnerabilityCritical
Windows Layer 2 Tunneling ProtocolCVE-2023-41769Layer 2 Tunneling Protocol Remote Code Execution VulnerabilityCritical
Windows Layer 2 Tunneling ProtocolCVE-2023-41768Layer 2 Tunneling Protocol Remote Code Execution VulnerabilityCritical
Windows Mark of the Web (MOTW)CVE-2023-36584Windows Mark of the Web Security Feature Bypass VulnerabilityImportant
Windows Message QueuingCVE-2023-36571Microsoft Message Queuing Remote Code Execution VulnerabilityImportant
Windows Message QueuingCVE-2023-36570Microsoft Message Queuing Remote Code Execution VulnerabilityImportant
Windows Message QueuingCVE-2023-36431Microsoft Message Queuing Denial of Service VulnerabilityImportant
Windows Message QueuingCVE-2023-35349Microsoft Message Queuing Remote Code Execution VulnerabilityCritical
Windows Message QueuingCVE-2023-36591Microsoft Message Queuing Remote Code Execution VulnerabilityImportant
Windows Message QueuingCVE-2023-36590Microsoft Message Queuing Remote Code Execution VulnerabilityImportant
Windows Message QueuingCVE-2023-36589Microsoft Message Queuing Remote Code Execution VulnerabilityImportant
Windows Message QueuingCVE-2023-36583Microsoft Message Queuing Remote Code Execution VulnerabilityImportant
Windows Message QueuingCVE-2023-36592Microsoft Message Queuing Remote Code Execution VulnerabilityImportant
Windows Message QueuingCVE-2023-36697Microsoft Message Queuing Remote Code Execution VulnerabilityCritical
Windows Message QueuingCVE-2023-36606Microsoft Message Queuing Denial of Service VulnerabilityImportant
Windows Message QueuingCVE-2023-36593Microsoft Message Queuing Remote Code Execution VulnerabilityImportant
Windows Message QueuingCVE-2023-36582Microsoft Message Queuing Remote Code Execution VulnerabilityImportant
Windows Message QueuingCVE-2023-36574Microsoft Message Queuing Remote Code Execution VulnerabilityImportant
Windows Message QueuingCVE-2023-36575Microsoft Message Queuing Remote Code Execution VulnerabilityImportant
Windows Message QueuingCVE-2023-36573Microsoft Message Queuing Remote Code Execution VulnerabilityImportant
Windows Message QueuingCVE-2023-36572Microsoft Message Queuing Remote Code Execution VulnerabilityImportant
Windows Message QueuingCVE-2023-36581Microsoft Message Queuing Denial of Service VulnerabilityImportant
Windows Message QueuingCVE-2023-36579Microsoft Message Queuing Denial of Service VulnerabilityImportant
Windows Message QueuingCVE-2023-36578Microsoft Message Queuing Remote Code Execution VulnerabilityImportant
Windows Microsoft DirectMusicCVE-2023-36702Microsoft DirectMusic Remote Code Execution VulnerabilityImportant
Windows Mixed Reality Developer ToolsCVE-2023-36720Windows Mixed Reality Developer Tools Denial of Service VulnerabilityImportant
Windows Named Pipe File SystemCVE-2023-36729Named Pipe File System Elevation of Privilege VulnerabilityImportant
Windows Named Pipe File SystemCVE-2023-36605Windows Named Pipe Filesystem Elevation of Privilege VulnerabilityImportant
Windows NT OS KernelCVE-2023-36725Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows Power Management ServiceCVE-2023-36724Windows Power Management Service Information Disclosure VulnerabilityImportant
Windows RDPCVE-2023-36790Windows RDP Encoder Mirror Driver Elevation of Privilege VulnerabilityImportant
Windows RDPCVE-2023-29348Windows Remote Desktop Gateway (RD Gateway) Information Disclosure VulnerabilityImportant
Windows Remote Procedure CallCVE-2023-36596Remote Procedure Call Information Disclosure VulnerabilityImportant
Windows Resilient File System (ReFS)CVE-2023-36701Microsoft Resilient File System (ReFS) Elevation of Privilege VulnerabilityImportant
Windows Runtime C++ Template LibraryCVE-2023-36711Windows Runtime C++ Template Library Elevation of Privilege VulnerabilityImportant
Windows Setup Files CleanupCVE-2023-36704Windows Setup Files Cleanup Remote Code Execution VulnerabilityImportant
Windows TCP/IPCVE-2023-36438Windows TCP/IP Information Disclosure VulnerabilityImportant
Windows TCP/IPCVE-2023-36603Windows TCP/IP Denial of Service VulnerabilityImportant
Windows TCP/IPCVE-2023-36602Windows TCP/IP Denial of Service VulnerabilityImportant
Windows TPMCVE-2023-36717Windows Virtual Trusted Platform Module Denial of Service VulnerabilityImportant
Windows Virtual Trusted Platform ModuleCVE-2023-36718Microsoft Virtual Trusted Platform Module Remote Code Execution VulnerabilityCritical
Windows Win32KCVE-2023-36731Win32k Elevation of Privilege VulnerabilityImportant
Windows Win32KCVE-2023-36732Win32k Elevation of Privilege VulnerabilityImportant
Windows Win32KCVE-2023-36776Win32k Elevation of Privilege VulnerabilityImportant
Windows Win32KCVE-2023-36743Win32k Elevation of Privilege VulnerabilityImportant
Windows Win32KCVE-2023-41772Win32k Elevation of Privilege VulnerabilityImportant
Leave Comments