October 2023 Microsoft Patch Tuesday Summary
For October, Microsoft released patches for 105 different vulnerabilities. This count includes one Chromium vulnerability that was patched earlier this month.
There are a total of three already exploited vulnerabilities:
CVE-2023-44487 HTTP/2 Rapid Reset Attack: This vulnerability was disclosed by Cloudflare in a blog post earlier today [1]. Cloudflare started to see these attacks late in August. This issue led to unprecedented DoS attacks. An attacker will set an HTTP/2 stream and immediately "cancel" it with a reset stream. This avoids limits on the number of streams accepted and can lead to CPU exhaustion on the server attempting to clean up the canceled streams. This is not a TCP RST but an application layer (HTTP/2) feature. On the other hand, it does look a bit like a SYN flood attack, maybe? HTTP/2 often appears to re-implement some of the features found in TCP, so it is no surprise to see similar vulnerabilities.
CVE-2023-36563 Wordpad Information Disclosure: Yet another problem with linked resources that may cause the client (Wordpad in this case) to initiate an SMB connection and in the process, automatically pass along weakly hashed credentials. See this blog post for details: https://support.microsoft.com/en-us/topic/kb5032314-how-to-manage-the-ole-object-conversion-vulnerability-in-wordpad-associated-with-cve-2023-36563-98d95ae9-2f9e-4f65-9231-46363c31cf07
CVE-2023-41763: Skype for Business elevation of privileges. This is a vulnerability in the Skype for Business server product. IP addresses and port numbers may be disclosed.
Noteworthy are the nine critical vulnerabilities in the Layer 2 Tunneling protocol and the vulnerabilities in the Microsoft Message Queue (one with a CVSS score of 9.8). These two components received numerous patches for the last couple of months.
Overall, I would rate this patch Tuesday as "average." There are no "outrageously important" vulnerabilities to patch.
Description | |||||||
---|---|---|---|---|---|---|---|
CVE | Disclosed | Exploited | Exploitability (old versions) | current version | Severity | CVSS Base (AVG) | CVSS Temporal (AVG) |
Active Directory Domain Services Information Disclosure Vulnerability | |||||||
CVE-2023-36722 | No | No | - | - | Important | 4.4 | 3.9 |
Active Template Library Denial of Service Vulnerability | |||||||
CVE-2023-36585 | No | No | - | - | Important | 7.5 | 6.5 |
Azure DevOps Server Elevation of Privilege Vulnerability | |||||||
CVE-2023-36561 | No | No | - | - | Important | 7.3 | 6.4 |
Azure HDInsight Apache Oozie Workflow Scheduler Elevation of Privilege Vulnerability | |||||||
CVE-2023-36419 | No | No | - | - | Important | 8.8 | 7.7 |
Azure Identity SDK Remote Code Execution Vulnerability | |||||||
CVE-2023-36415 | No | No | - | - | Important | 8.8 | 7.7 |
CVE-2023-36414 | No | No | - | - | Important | 8.8 | 7.8 |
Azure Network Watcher VM Agent Elevation of Privilege Vulnerability | |||||||
CVE-2023-36737 | No | No | - | - | Important | 7.8 | 7.2 |
Azure RTOS GUIX Studio Remote Code Execution Vulnerability | |||||||
CVE-2023-36418 | No | No | - | - | Important | 7.8 | 6.8 |
Chromium: CVE-2023-5346 Type Confusion in V8 | |||||||
CVE-2023-5346 | No | No | - | - | - | ||
DHCP Server Service Denial of Service Vulnerability | |||||||
CVE-2023-36703 | No | No | - | - | Important | 7.5 | 6.5 |
Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | |||||||
CVE-2023-41765 | No | No | - | - | Critical | 8.1 | 7.1 |
CVE-2023-41767 | No | No | - | - | Critical | 8.1 | 7.1 |
CVE-2023-41768 | No | No | - | - | Critical | 8.1 | 7.1 |
CVE-2023-41769 | No | No | - | - | Critical | 8.1 | 7.1 |
CVE-2023-41770 | No | No | - | - | Critical | 8.1 | 7.1 |
CVE-2023-41771 | No | No | - | - | Critical | 8.1 | 7.1 |
CVE-2023-41773 | No | No | - | - | Critical | 8.1 | 7.1 |
CVE-2023-41774 | No | No | - | - | Critical | 8.1 | 7.1 |
CVE-2023-38166 | No | No | - | - | Critical | 8.1 | 7.1 |
MITRE: CVE-2023-44487 HTTP/2 Rapid Reset Attack | |||||||
CVE-2023-44487 | No | Yes | - | - | Important | ||
Microsoft AllJoyn API Denial of Service Vulnerability | |||||||
CVE-2023-36709 | No | No | - | - | Important | 7.5 | 6.5 |
Microsoft Common Data Model SDK Denial of Service Vulnerability | |||||||
CVE-2023-36566 | No | No | - | - | Important | 6.5 | 5.7 |
Microsoft DirectMusic Remote Code Execution Vulnerability | |||||||
CVE-2023-36702 | No | No | - | - | Important | 7.8 | 6.8 |
Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | |||||||
CVE-2023-36433 | No | No | - | - | Important | 6.5 | 5.7 |
CVE-2023-36429 | No | No | - | - | Important | 6.5 | 5.7 |
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | |||||||
CVE-2023-36416 | No | No | - | - | Important | 6.1 | 5.3 |
Microsoft Exchange Server Remote Code Execution Vulnerability | |||||||
CVE-2023-36778 | No | No | - | - | Important | 8.0 | 7.0 |
Microsoft Message Queuing Denial of Service Vulnerability | |||||||
CVE-2023-36606 | No | No | - | - | Important | 7.5 | 6.5 |
CVE-2023-36581 | No | No | - | - | Important | 7.5 | 6.5 |
CVE-2023-36579 | No | No | - | - | Important | 7.5 | 6.5 |
CVE-2023-36431 | No | No | - | - | Important | 7.5 | 6.5 |
Microsoft Message Queuing Remote Code Execution Vulnerability | |||||||
CVE-2023-35349 | No | No | - | - | Critical | 9.8 | 8.5 |
CVE-2023-36697 | No | No | - | - | Critical | 6.8 | 5.9 |
CVE-2023-36593 | No | No | - | - | Important | 7.8 | 6.8 |
CVE-2023-36592 | No | No | - | - | Important | 7.3 | 6.4 |
CVE-2023-36591 | No | No | - | - | Important | 7.3 | 6.4 |
CVE-2023-36590 | No | No | - | - | Important | 7.3 | 6.4 |
CVE-2023-36589 | No | No | - | - | Important | 7.3 | 6.4 |
CVE-2023-36583 | No | No | - | - | Important | 7.3 | 6.4 |
CVE-2023-36582 | No | No | - | - | Important | 7.3 | 6.4 |
CVE-2023-36578 | No | No | - | - | Important | 7.3 | 6.4 |
CVE-2023-36575 | No | No | - | - | Important | 7.3 | 6.4 |
CVE-2023-36574 | No | No | - | - | Important | 7.3 | 6.4 |
CVE-2023-36573 | No | No | - | - | Important | 7.3 | 6.4 |
CVE-2023-36572 | No | No | - | - | Important | 7.3 | 6.4 |
CVE-2023-36571 | No | No | - | - | Important | 7.3 | 6.4 |
CVE-2023-36570 | No | No | - | - | Important | 7.3 | 6.4 |
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | |||||||
CVE-2023-36730 | No | No | - | - | Important | 7.8 | 6.8 |
CVE-2023-36420 | No | No | - | - | Important | 7.3 | 6.4 |
CVE-2023-36785 | No | No | - | - | Important | 7.8 | 6.8 |
Microsoft Office Click-To-Run Elevation of Privilege Vulnerability | |||||||
CVE-2023-36568 | No | No | - | - | Important | 7.0 | 6.1 |
Microsoft Office Elevation of Privilege Vulnerability | |||||||
CVE-2023-36569 | No | No | - | - | Important | 8.4 | 7.3 |
Microsoft Office Graphics Elevation of Privilege Vulnerability | |||||||
CVE-2023-36565 | No | No | - | - | Important | 7.0 | 6.1 |
Microsoft QUIC Denial of Service Vulnerability | |||||||
CVE-2023-38171 | No | No | - | - | Important | 7.5 | 6.5 |
CVE-2023-36435 | No | No | - | - | Important | 7.5 | 6.5 |
Microsoft Resilient File System (ReFS) Elevation of Privilege Vulnerability | |||||||
CVE-2023-36701 | No | No | - | - | Important | 7.8 | 6.8 |
Microsoft SQL ODBC Driver Remote Code Execution Vulnerability | |||||||
CVE-2023-36417 | No | No | - | - | Important | 7.8 | 6.8 |
Microsoft SQL Server Denial of Service Vulnerability | |||||||
CVE-2023-36728 | No | No | - | - | Important | 5.5 | 4.8 |
Microsoft Virtual Trusted Platform Module Remote Code Execution Vulnerability | |||||||
CVE-2023-36718 | No | No | - | - | Critical | 7.8 | 6.8 |
Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability | |||||||
CVE-2023-36598 | No | No | - | - | Important | 7.8 | 6.8 |
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | |||||||
CVE-2023-36577 | No | No | - | - | Important | 8.8 | 7.7 |
Microsoft WordPad Information Disclosure Vulnerability | |||||||
CVE-2023-36563 | Yes | Yes | - | - | Important | 6.5 | 5.9 |
Named Pipe File System Elevation of Privilege Vulnerability | |||||||
CVE-2023-36729 | No | No | - | - | Important | 7.8 | 6.8 |
PrintHTML API Remote Code Execution Vulnerability | |||||||
CVE-2023-36557 | No | No | - | - | Important | 7.8 | 6.8 |
Remote Procedure Call Information Disclosure Vulnerability | |||||||
CVE-2023-36596 | No | No | - | - | Important | 6.5 | 5.7 |
Skype for Business Elevation of Privilege Vulnerability | |||||||
CVE-2023-41763 | Yes | Yes | - | - | Important | 5.3 | 4.8 |
Skype for Business Remote Code Execution Vulnerability | |||||||
CVE-2023-36789 | No | No | - | - | Important | 7.2 | 6.3 |
CVE-2023-36786 | No | No | - | - | Important | 7.2 | 6.3 |
CVE-2023-36780 | No | No | - | - | Important | 7.2 | 6.3 |
Win32k Elevation of Privilege Vulnerability | |||||||
CVE-2023-41772 | No | No | - | - | Important | 7.8 | 6.8 |
CVE-2023-36732 | No | No | - | - | Important | 7.8 | 6.8 |
CVE-2023-36731 | No | No | - | - | Important | 7.8 | 6.8 |
CVE-2023-36776 | No | No | - | - | Important | 7.0 | 6.1 |
CVE-2023-36743 | No | No | - | - | Important | 7.8 | 6.8 |
Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability | |||||||
CVE-2023-41766 | No | No | - | - | Important | 7.8 | 6.8 |
Windows Common Log File System Driver Information Disclosure Vulnerability | |||||||
CVE-2023-36713 | No | No | - | - | Important | 5.5 | 4.8 |
Windows Container Manager Service Elevation of Privilege Vulnerability | |||||||
CVE-2023-36723 | No | No | - | - | Important | 7.8 | 6.8 |
Windows Deployment Services Denial of Service Vulnerability | |||||||
CVE-2023-36707 | No | No | - | - | Important | 6.5 | 5.7 |
Windows Deployment Services Information Disclosure Vulnerability | |||||||
CVE-2023-36706 | No | No | - | - | Important | 6.5 | 5.7 |
CVE-2023-36567 | No | No | - | - | Important | 7.5 | 6.5 |
Windows Error Reporting Service Elevation of Privilege Vulnerability | |||||||
CVE-2023-36721 | No | No | - | - | Important | 7.0 | 6.1 |
Windows Graphics Component Elevation of Privilege Vulnerability | |||||||
CVE-2023-36594 | No | No | - | - | Important | 7.8 | 6.8 |
CVE-2023-38159 | No | No | - | - | Important | 7.0 | 6.1 |
Windows IIS Server Elevation of Privilege Vulnerability | |||||||
CVE-2023-36434 | No | No | - | - | Important | 9.8 | 8.5 |
Windows Internet Key Exchange (IKE) Extension Elevation of Privilege Vulnerability | |||||||
CVE-2023-36726 | No | No | - | - | Important | 7.8 | 6.8 |
Windows Kernel Elevation of Privilege Vulnerability | |||||||
CVE-2023-36725 | No | No | - | - | Important | 7.8 | 6.8 |
CVE-2023-36712 | No | No | - | - | Important | 7.8 | 6.8 |
Windows Kernel Information Disclosure Vulnerability | |||||||
CVE-2023-36576 | No | No | - | - | Important | 5.5 | 4.8 |
Windows Kernel Security Feature Bypass Vulnerability | |||||||
CVE-2023-36698 | No | No | - | - | Important | 3.6 | 3.2 |
Windows MSHTML Platform Remote Code Execution Vulnerability | |||||||
CVE-2023-36436 | No | No | - | - | Important | 7.8 | 6.8 |
Windows Mark of the Web Security Feature Bypass Vulnerability | |||||||
CVE-2023-36584 | No | No | - | - | Important | 5.4 | 5.0 |
Windows Media Foundation Core Remote Code Execution Vulnerability | |||||||
CVE-2023-36710 | No | No | - | - | Important | 7.8 | 6.8 |
Windows Mixed Reality Developer Tools Denial of Service Vulnerability | |||||||
CVE-2023-36720 | No | No | - | - | Important | 7.5 | 6.5 |
Windows Named Pipe Filesystem Elevation of Privilege Vulnerability | |||||||
CVE-2023-36605 | No | No | - | - | Important | 7.4 | 6.4 |
Windows Power Management Service Information Disclosure Vulnerability | |||||||
CVE-2023-36724 | No | No | - | - | Important | 5.5 | 4.8 |
Windows RDP Encoder Mirror Driver Elevation of Privilege Vulnerability | |||||||
CVE-2023-36790 | No | No | - | - | Important | 7.8 | 6.8 |
Windows Remote Desktop Gateway (RD Gateway) Information Disclosure Vulnerability | |||||||
CVE-2023-29348 | No | No | - | - | Important | 6.5 | 5.7 |
Windows Runtime C++ Template Library Elevation of Privilege Vulnerability | |||||||
CVE-2023-36711 | No | No | - | - | Important | 7.8 | 6.8 |
Windows Runtime Remote Code Execution Vulnerability | |||||||
CVE-2023-36902 | No | No | - | - | Important | 7.0 | 6.1 |
Windows Search Security Feature Bypass Vulnerability | |||||||
CVE-2023-36564 | No | No | - | - | Important | 6.5 | 5.7 |
Windows Setup Files Cleanup Remote Code Execution Vulnerability | |||||||
CVE-2023-36704 | No | No | - | - | Important | 7.8 | 6.8 |
Windows TCP/IP Denial of Service Vulnerability | |||||||
CVE-2023-36603 | No | No | - | - | Important | 7.5 | 6.5 |
CVE-2023-36602 | No | No | - | - | Important | 7.5 | 6.5 |
Windows TCP/IP Information Disclosure Vulnerability | |||||||
CVE-2023-36438 | No | No | - | - | Important | 7.5 | 6.5 |
Windows Virtual Trusted Platform Module Denial of Service Vulnerability | |||||||
CVE-2023-36717 | No | No | - | - | Important | 6.5 | 5.7 |
[1] https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/
---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|
Network Monitoring and Threat Detection In-Depth | Singapore | Nov 18th - Nov 23rd 2024 |
Comments