Today marks Microsoft’s September 2023 Patch Tuesday, a significant day for security updates as the tech giant addresses a total of 59 flaws. This round of patches includes fixes for two zero-day vulnerabilities that have been actively exploited. In addition to these critical fixes, Microsoft has also resolved various other bugs across different vulnerability categories.
Overview of Vulnerabilities
Out of the 59 flaws, Microsoft has classified five as ‘Critical.’ These include four remote code execution (RCE) flaws and an elevation of privilege vulnerability in Azure Kubernetes Service. The remaining vulnerabilities fall into categories such as security feature bypass, information disclosure, denial of service, spoofing, and five vulnerabilities specific to Edge-Chromium.
It is important to note that the count of 59 flaws does not account for five Microsoft Edge (Chromium) vulnerabilities, as well as two non-Microsoft flaws in Electron and Autodesk.
Zero-Day Vulnerabilities
Zero-day vulnerabilities refer to vulnerabilities that are publicly disclosed or actively exploited before an official fix is available. This month’s Patch Tuesday addresses two zero-day vulnerabilities, both of which have been exploited in attacks.
CVE-2023-36802 – Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability
The first zero-day vulnerability fixed by Microsoft is the CVE-2023-36802, an elevation of privilege vulnerability in the Microsoft Streaming Service Proxy. Attackers have been actively exploiting this flaw to gain SYSTEM privileges. The vulnerability was discovered by Quan Jin (@jq0904).
Microsoft has promptly addressed this vulnerability, ensuring that attackers can no longer exploit it to gain unauthorized access and control over affected systems.
Non-Security Updates
In addition to the security updates released today, Microsoft has also rolled out non-security updates. Noteworthy releases include the Windows 11 KB5030219 cumulative update and the Windows 10 KB5030211 updates. These updates focus on improving system stability, performance, and addressing various non-security issues.
Microsoft’s September 2023 Patch Tuesday brings critical fixes for two zero-day vulnerabilities that have been actively exploited. By promptly addressing these vulnerabilities, Microsoft ensures that users are protected against potential attacks and unauthorized access to their systems.
It is highly recommended that all users promptly install these security updates to keep their systems secure and safeguard their sensitive data. Additionally, Microsoft’s non-security updates provide valuable improvements to system stability and performance.