Report Name: Microsoft Patch Tuesday, October 2023
Generated: 2023-11-04 22:13:53

Product Name	Prevalence	U	C	H	M	L	A	Comment
HTTP/2 protocol	0.9	1					1	HTTP/2 is a major revision of the HTTP network protocol used by the World Wide Web
Microsoft Message Queuing	0.9			20			20	Microsoft Message Queuing or MSMQ is a message queue implementation developed by Microsoft and deployed in its Windows Server operating systems since Windows NT 4 and Windows 95
Named Pipe File System	0.9				1		1	Windows component
Windows Container Manager Service	0.9			1			1	Windows component
Windows Kernel	0.9				4		4	Windows Kernel
Windows Media Foundation Core	0.9			1			1	Windows component
Windows TCP/IP	0.9			2	1		3	Windows component
Windows Win32k	0.9				5		5	Windows kernel-mode driver
Active Template Library	0.8				1		1	Active Template Library
Chromium	0.8	1		6	8		15	Chromium is a free and open-source web browser project, mainly developed and maintained by Google
Microsoft Edge	0.8				3		3	Web browser
Microsoft Exchange	0.8			1			1	Microsoft Exchange Server is a mail server and calendaring server developed by Microsoft
Microsoft Office	0.8				1		1	Microsoft Office is a suite of applications designed to help with productivity and completing common tasks on a computer
Windows Client Server Run-time Subsystem (CSRSS)	0.8				1		1	Client Server Runtime Subsystem, or csrss.exe, is a component of the Windows NT family of operating systems that provides the user mode side of the Win32 subsystem and is included in Windows NT 3.1 and later
Windows Common Log File System Driver	0.8				1		1	Windows component
Windows Deployment Services	0.8				3		3	Windows component
Windows Error Reporting Service	0.8				1		1	Windows component
Windows Graphics Component	0.8				2		2	Windows component
Windows IIS Server	0.8			1			1	Windows component
Windows Internet Key Exchange (IKE) Extension	0.8				1		1	Windows component
Windows MSHTML Platform	0.8			1			1	Windows component
Windows Mark of the Web	0.8			1			1	Windows component
Windows Mixed Reality Developer Tools	0.8				1		1	Windows component
Windows Named Pipe Filesystem	0.8				1		1	Windows component
Windows Power Management Service	0.8				1		1	Windows component
Windows RDP Encoder Mirror Driver	0.8				1		1	Windows component
Windows Remote Desktop Gateway (RD Gateway)	0.8				1		1	Windows component
Windows Runtime	0.8			1			1	Windows component
Windows Runtime C++ Template Library	0.8				1		1	Windows component
Windows Search	0.8			1			1	Windows component
Windows Setup Files Cleanup	0.8			1			1	Windows component
Windows Virtual Trusted Platform Module	0.8				1		1	Windows component
Microsoft Office Graphics	0.6				1		1	Microsoft Office Graphics
Skype for Business	0.6		1	3			4	Skype for Business
Active Directory Domain Services	0.5				1		1	Active Directory Domain Services
Azure DevOps Server	0.5				1		1	Azure DevOps Server
Azure HDInsight Apache Oozie Workflow Scheduler	0.5				1		1	Azure HDInsight Apache Oozie Workflow Scheduler
Azure Identity SDK	0.5			2			2	Azure Identity SDK
Azure Network Watcher VM Agent	0.5			1			1	Azure Network Watcher VM Agent
Azure RTOS GUIX Studio	0.5			1			1	Azure RTOS GUIX Studio
DHCP Server Service	0.5				1		1	DHCP Server Service
Layer 2 Tunneling Protocol	0.5			9			9	Layer 2 Tunneling Protocol
Microsoft AllJoyn API	0.5				1		1	Microsoft AllJoyn API
Microsoft Common Data Model SDK	0.5				1		1	Microsoft Common Data Model SDK
Microsoft DirectMusic	0.5			1			1	Microsoft DirectMusic
Microsoft Dynamics 365 (On-Premises)	0.5				2		2	Microsoft Dynamics 365 (On-Premises)
Microsoft Dynamics 365 (on-premises)	0.5				1		1	Microsoft Dynamics 365 (on-premises)
Microsoft ODBC Driver for SQL Server	0.5			3			3	Microsoft ODBC Driver for SQL Server
Microsoft Office Click-To-Run	0.5				1		1	Microsoft Office Click-To-Run
Microsoft QUIC	0.5				2		2	Microsoft QUIC
Microsoft Resilient File System (ReFS)	0.5				1		1	Microsoft Resilient File System (ReFS)
Microsoft SQL OLE DB	0.5			1			1	Microsoft SQL OLE DB
Microsoft SQL Server	0.5				1		1	Microsoft SQL Server
Microsoft Virtual Trusted Platform Module	0.5				1		1	Microsoft Virtual Trusted Platform Module
Microsoft WDAC ODBC Driver	0.5			1			1	Microsoft WDAC ODBC Driver
Microsoft WDAC OLE DB provider for SQL Server	0.5			1			1	Microsoft WDAC OLE DB provider for SQL Server
Microsoft WordPad	0.5		1				1	Microsoft WordPad
PrintHTML API	0.5			1			1	PrintHTML API
Remote Procedure Call	0.5				1		1	Remote Procedure Call

Vulnerability Type	Criticality	U	C	H	M	L	A
Remote Code Execution	1.0			44	1		45
Security Feature Bypass	0.9			7	1		8
Denial of Service	0.7	1		6	10		17
Memory Corruption	0.6	1		1	3		5
Elevation of Privilege	0.5		1	3	24		28
Cross Site Scripting	0.4				1		1
Information Disclosure	0.4		1		11		12
Spoofing	0.4				6		6

Source	U	C	H	M	L	A
MS PT Extended	1		6	11		18
Qualys	1	2	28	10		41
Tenable	1	2	18	1		22
Rapid7	1	2	12	2		17
ZDI	1	2	2			5
KrebsOnSecurity	2	2	2			6
TheHackersNews	1	2	1			4

Urgent (2)

1. Denial of Service - HTTP/2 protocol (CVE-2023-44487) - Urgent [905]

Description: The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

Qualys: MITRE: CVE-2023-44487 HTTP/2 Rapid Reset Attack Microsoft has addressed the new “HTTP/2 Rapid Reset” zero-day DDoS attack method, which has been extensively exploited since August. The vulnerability exists in the HTTP/2’s stream cancellation feature. An attacker may exploit this vulnerability to repeatedly send and cancel requests, resulting in a DDoS condition. There is no “fix” for the method other than rate limiting or blocking the protocol, as the feature is part of the HTTP/2 standard. In the advisory, Microsoft has given a workaround to mitigate the vulnerability. CISA has added the vulnerability to its Known Exploited Vulnerabilities Catalog and requested users to patch it before October 31, 2023.

Qualys: CVE-2023-44487: HTTP/2 Rapid Reset Attack This vulnerability has a CVSS:3.1 Policy Compliance Control IDs (CIDs): 17331 Status of the ‘HTTP/2’ feature on the host (EnableHttp2Cleartext) 17330    Status of the ‘HTTP/2’ feature on the host (EnableHttp2Tls)

Qualys: CVE-2023-44487: HTTP/2 Rapid Reset Attack

Tenable: Microsoft patched 103 CVEs in its October Patch Tuesday release, with 12 rated as critical and 91 rated as important. We omitted CVE-2023-44487 from our counts as this vulnerability was reported to MITRE and not Microsoft and does not exclusively affect Microsoft products. Details about this flaw are included in our analysis below.

Tenable: CVE-2023-44487 | HTTP/2 Rapid Reset Attack

Tenable: CVE-2023-44487 is a denial of service (DoS) vulnerability affecting HTTP/2 web servers that was exploited in the wild. While this vulnerability was not exclusive to affecting Microsoft servers, patches were made available to address this vulnerability in multiple versions of Windows, including Server Core installations.

Tenable: A list of Tenable plugins to identify CVE-2023-44487 can be found in the plugins section of the individual CVE page as they’re released. This link will display all available plugins for this vulnerability, including upcoming plugins in our Plugins Pipeline.

Rapid7: Rounding out this month’s trio of exploited-in-the-wild vulnerabilities: the cross-platform Kestrel web server for ASP.NET Core receives a fix for CVE-2023-44487, a denial of service vulnerability.

Rapid7: CVE-2023-44487 is perhaps of less concern to defenders, unless the Kestrel instance is internet-facing. Dubbed "HTTP/2 rapid reset", the vulnerability is not specific to Microsoft, but is inherent to HTTP/2. Exploitation involves abuse of the lack of bounds on HTTP/2 request cancellation to bring about severe load on the server for a very low cost to the attacker.

Rapid7: 2023-10-11: expanded discussion of CVE-2023-44487 mechanism and risk.

ZDI: A quick note about CVE-2023-44487 – this was reported as being under active attack across Google systems in August. They have provided a thorough write-up of the exploit, but at a high level, attackers can abuse the Layer 7 stream cancellation feature within HTTP/2 to create a DoS across a service. The problem is shared across many services, and this Microsoft patch addresses any affected Microsoft products.

KrebsOnSecurity: Fortunately, the zero-days affecting Microsoft customers this month are somewhat less severe than usual, with the exception of CVE-2023-44487. This weakness is not specific to Windows but instead exists within the HTTP/2 protocol used by the World Wide Web: Attackers have figured out how to use a feature of HTTP/2 to massively increase the size of distributed denial-of-service (DDoS) attacks, and these monster attacks reportedly have been going on for several weeks now.

KrebsOnSecurity: Amazon, Cloudflare and Google all released advisories today about how they’re addressing CVE-2023-44487 in their cloud environments. Google’s Damian Menscher wrote on Twitter/X that the exploit — dubbed a “rapid reset attack” — works by sending a request and then immediately cancelling it (a feature of HTTP/2). “This lets attackers skip waiting for responses, resulting in a more efficient attack,” Menscher explained.

TheHackersNews: The tech giant has also released an update for CVE-2023-44487, also referred to as the HTTP/2 Rapid Reset attack, which has been exploited by unknown actors as a zero-day to stage hyper-volumetric distributed denial-of-service (DDoS) attacks.

2. Memory Corruption - Chromium (CVE-2023-5217) - Urgent [883]

Description: Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

MS PT Extended: CVE-2023-5217 was published before October 2023 Patch Tuesday from 2023-09-13 to 2023-10-09

KrebsOnSecurity: Apple said it also patched CVE-2023-5217, which is not listed as a zero-day bug. However, as Bleeping Computer pointed out, this flaw is caused by a weakness in the open-source “libvpx” video codec library, which was previously patched as a zero-day flaw by Google in the Chrome browser and by Microsoft in Edge, Teams, and Skype products. For anyone keeping count, this is the 17th zero-day flaw that Apple has patched so far this year.

Critical (2)

3. Elevation of Privilege - Skype for Business (CVE-2023-41763) - Critical [639]

Description: Skype for Business Elevation of Privilege Vulnerability

Qualys: CVE-2023-41763: Skype for Business Elevation of Privilege Vulnerability Skype for Business is an enterprise software application that is used for instant messaging and video calling. The software can be used with the on-premises Skype for Business Server software and a software-as-a-service version offered as part of the 365 suite. An attacker could exploit this vulnerability by making a specially crafted network call to the target server. Successful exploitation of the vulnerability may allow an attacker to parse an HTTP request to an arbitrary address that may disclose IP addresses, port numbers, or both to the attacker. In some cases, successful exploitation may expose sensitive information that could provide access to internal networks. CISA has added the vulnerability to its Known Exploited Vulnerabilities Catalog and requested users to patch it before October 31, 2023.

Tenable: Microsoft’s October 2023 Patch Tuesday Addresses 103 CVEs (CVE-2023-36563, CVE-2023-41763)

Tenable: CVE-2023-41763 | Skype for Business Elevation of Privilege Vulnerability

Tenable: CVE-2023-41763 is an EoP vulnerability in Skype for Business that was assigned a CVSSv3 score of 5.3 and rated important. An unauthenticated, remote attacker could exploit this vulnerability by sending a specially crafted network call to a vulnerable Skype for Business server. Successful exploitation would result in the disclosure of sensitive information, which could be used to gain access to internal networks.

Rapid7: Defenders responsible for a Skype for Business server should take note of an exploited-in-the-wild information disclosure vulnerability for which public exploit code exists. Successful exploitation of CVE-2023-41763 via a specially crafted network call could result in the disclosure of IP addresses and/or port numbers. Although Microsoft does not specify what the scope of the disclosure might be, it will presumably be limited to whatever the Skype for Business server can see; as always, appropriate network segmentation will pay defense-in-depth dividends.

ZDI: CVE-2023-41763 – Skype for Business Elevation of Privilege Vulnerability. This is the other bug under active attack this month, and it acts more like an information disclosure than a privilege escalation. An attacker could make a malicious call to an affected Skype for Business server that results in the server parsing an HTTP request to an arbitrary address. This could result in disclosing information, which could include sensitive information that provides access to internal networks.

KrebsOnSecurity: Microsoft also patched zero-day bugs in Skype for Business (CVE-2023-41763) and Wordpad (CVE-2023-36563). The latter vulnerability could expose NTLM hashes, which are used for authentication in Windows environments.

TheHackersNews: - CVE-2023-41763 (CVSS score: 5.3) - A privilege escalation vulnerability in Skype for Business that could lead to exposure of sensitive information such as IP addresses or port numbers (or both), enabling threat actors to gain access to internal networks

4. Information Disclosure - Microsoft WordPad (CVE-2023-36563) - Critical [616]

Description: Microsoft WordPad Information Disclosure Vulnerability

Qualys: CVE-2023-36563: Microsoft WordPad Information Disclosure Vulnerability Microsoft WordPad is a basic text-editing app used to create and edit files, insert pictures, and add links to other files. The word processor software was included with Windows 95 and, later, until Windows 11. An attacker must log on to the system and run a specially crafted application to exploit the vulnerability. An attacker must also convince a user to click a malicious link and open the specially crafted file. Successful exploitation of this vulnerability could allow an attacker to disclose NTLM hashes. The NTLM hashes are encoded by converting the user’s password into a 16-byte key using an MD4 hash function. The key is divided into two halves of 8 bytes. The key is used as input to three rounds of DES encryption that generates a 16-byte output representing the NTLM hash. CISA has added the vulnerability to its Known Exploited Vulnerabilities Catalog and requested users to patch it before October 31, 2023.

Tenable: Microsoft’s October 2023 Patch Tuesday Addresses 103 CVEs (CVE-2023-36563, CVE-2023-41763)

Tenable: CVE-2023-36563 | Microsoft WordPad Information Disclosure Vulnerability

Tenable: CVE-2023-36563 is an information disclosure vulnerability in Microsoft WordPad that was assigned a CVSSv3 score of 6.5. It was exploited in the wild as a zero-day and was publicly disclosed prior to the October 2023 Patch Tuesday release. An unauthenticated, remote attacker could exploit this vulnerability using social engineering in order to convince a target to open a link or download a malicious file and run it on the vulnerable system. Alternatively, an attacker could execute a specially crafted application to exploit the flaw after gaining access to a vulnerable system. Successful exploitation could lead to the disclosure of New Technology LAN Manager (NTLM) hashes.

Rapid7: Another Patch Tuesday, another zero-day vulnerability offering NTLM hash disclosure, this time in WordPad. The advisory for CVE-2023-36563 describes two possible attack vectors:. enticing the user to open a specially crafted malicious file delivered via email, IM, or some other means, or;

Rapid7: 2023-10-11: added detail about CVE-2023-36563 vulnerability location.

ZDI: CVE-2023-36563 - Microsoft WordPad Information Disclosure Vulnerability. This bug is one of the two being exploited in the wild. Successful exploitation could lead to the disclosure of NTLM hashes. Microsoft doesn’t list any Preview Pane vector, so user interaction is required. In addition to applying this patch, you should consider blocking outbound NTLM over SMB on Windows 11. This new feature hasn’t received much attention, but it could significantly hamper NTLM-relay exploits.

KrebsOnSecurity: Microsoft also patched zero-day bugs in Skype for Business (CVE-2023-41763) and Wordpad (CVE-2023-36563). The latter vulnerability could expose NTLM hashes, which are used for authentication in Windows environments.

TheHackersNews: - CVE-2023-36563 (CVSS score: 6.5) - An information disclosure vulnerability in Microsoft WordPad that could result in the leak of NTLM hashes

TheHackersNews: "To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system," Microsoft said in an advisory for CVE-2023-36563.

High (61)

5. Elevation of Privilege - Windows Container Manager Service (CVE-2023-36723) - High [596]

Description: Windows Container Manager Service Elevation of Privilege Vulnerability

6. Remote Code Execution - Microsoft Message Queuing (CVE-2023-35349) - High [542]

Description: Microsoft Message Queuing Remote Code Execution Vulnerability

Qualys: CVE-2023-35349: Microsoft Message Queuing Remote Code Execution Vulnerability Message Queuing (MSMQ) is a protocol developed by Microsoft to ensure reliable communication between Windows computers across different networks, even when a host is temporarily not connected (by maintaining a message queue of undelivered messages). Successful exploitation of the vulnerability may allow an attacker to perform remote code execution on the target server.

Qualys: CVE-2023-36591, CVE-2023-36578, CVE-2023-36575, CVE-2023-36571, CVE-2023-35349, CVE-2023-36574, CVE-2023-36590, CVE-2023-36573, CVE-2023-36583, CVE-2023-36570, CVE-2023-36572, CVE-2023-36582, CVE-2023-36589, CVE-2023-36593, CVE-2023-36592 – Microsoft Message Queuing Remote Code Execution Vulnerability This vulnerability has a CVSS:3.1 7.3 / 6.4 Policy Compliance Control IDs (CIDs): 4030 Status of the ‘Windows Message Queuing Service’ 14916 Status of Windows Services 14297 Status of the open network connections and listening ports (Qualys Agent only) The following QQL will return a posture assessment for the CIDs for this Patch Tuesday: control.id: [4030, 14916, 14297, 18266, 17331, 17330]

Qualys: CVE-2023-36591, CVE-2023-36578, CVE-2023-36575, CVE-2023-36571, CVE-2023-35349, CVE-2023-36574, CVE-2023-36590, CVE-2023-36573, CVE-2023-36583, CVE-2023-36570, CVE-2023-36572, CVE-2023-36582, CVE-2023-36589, CVE-2023-36593, CVE-2023-36592 – Microsoft Message Queuing Remote Code Execution Vulnerability  Visit the October 2023 Security Updates page to access the full description of The next Patch Tuesday falls on November 14, and we’ll be back with details and patch analysis. Until next Patch Tuesday, stay safe and secure. Be sure to subscribe to the ‘This Month in Vulnerabilities and Patch’s webinar.’

Tenable: CVE-2023-35349 | Microsoft Message Queuing Remote Code Execution Vulnerability

Tenable: CVE-2023-35349 is a RCE vulnerability in the Microsoft Message Queuing (MSMQ) component of Windows operating systems that was assigned a CVSSv3 score of 9.8 and rated critical. An unauthenticated, remote attacker could exploit this vulnerability by sending a specially crafted packet to a vulnerable target.

Tenable: In addition to CVE-2023-35349, Microsoft has patched 15 additional RCE vulnerabilities in MSMQ:

Tenable: CVE-2023-35349 and CVE-2023-36697 are two of several critical RCE vulnerabilities in MSMQ that have been patched this year. CVE-2023-35385, CVE-2023-36910 and CVE-2023-36911 were patched in August, CVE-2023-32057 in July and CVE-2023-21554 in April. Although all of these vulnerabilities were rated “Exploitation Less Likely” using the Microsoft Exploitability Index, customers are encouraged to apply these patches as soon as possible.

Rapid7: CVE-2023-35349 describes an RCE vulnerability in the Message Queueing Service. Microsoft does not describe the attack vector, but other similar vulnerabilities require that the attacker send specially crafted malicious MSMQ packet to a MSMQ server. One mitigating factor: the Microsoft Message Queueing Service must be enabled and listening on port 1801 for an asset to be vulnerable, and the Message Queueing Service is not installed by default. As Rapid7 has noted previously, however, a number of applications – including Microsoft Exchange – may quietly introduce MSMQ as part of their own installation routine.

ZDI: CVE-2023-35349 - Microsoft Message Queuing Remote Code Execution Vulnerability. This is one of 20(!) Message Queuing patches this month and the highest CVSS (9.8) of the bunch. A remote, unauthenticated attacker could execute arbitrary code at the level of the service without user interaction. That makes this bug wormable – at least on systems where Message Queuing is enabled. You should definitely check your systems to see if it’s installed and also consider blocking TCP port 1801 at your perimeter.

KrebsOnSecurity: Other notable bugs addressed by Microsoft include CVE-2023-35349, a remote code execution weakness in the Message Queuing (MSMQ) service, a technology that allows applications across multiple servers or hosts to communicate with each other. This vulnerability has earned a CVSS severity score of 9.8 (10 is the worst possible). Happily, the MSMQ service is not enabled by default in Windows, although Immersive Labs notes that Microsoft Exchange Server can enable this service during installation.

7. Security Feature Bypass - Windows Mark of the Web (CVE-2023-36584) - High [522]

Description: Windows Mark of the Web Security Feature Bypass Vulnerability

8. Remote Code Execution - Microsoft Message Queuing (CVE-2023-36697) - High [483]

Description: Microsoft Message Queuing Remote Code Execution Vulnerability

Qualys: CVE-2023-36697: Microsoft Message Queuing Remote Code Execution Vulnerability To exploit this vulnerability, an attacker must convince a user on the target machine to connect to a malicious server or compromise a legitimate MSMQ server host and make it run as a malicious server. Successful exploitation of this vulnerability could allow an authenticated domain user to execute code on the target server remotely.

Tenable: |CVE-2023-36697||Microsoft Message Queuing Remote Code Execution Vulnerability||6.8||Exploitation Less Likely|

Tenable: While CVE-2023-36697 was also rated critical, successful exploitation requires either user interaction or for the attacker to be authenticated as a domain user and to have compromised a MSMQ server within the target network.

Tenable: CVE-2023-35349 and CVE-2023-36697 are two of several critical RCE vulnerabilities in MSMQ that have been patched this year. CVE-2023-35385, CVE-2023-36910 and CVE-2023-36911 were patched in August, CVE-2023-32057 in July and CVE-2023-21554 in April. Although all of these vulnerabilities were rated “Exploitation Less Likely” using the Microsoft Exploitability Index, customers are encouraged to apply these patches as soon as possible.

Rapid7: Another MSMQ RCE vulnerability also receives a patch this month: CVE-2023-36697 has a lower CVSS score than its sibling, both because valid domain credentials are required, and because exploitation requires that a user on the target machine connects to a malicious server. Alternatively, Microsoft suggests that an attacker could compromise a legitimate MSMQ server host and make it run as a malicious server to exploit this vulnerability, although it’s not immediately clear how the attacker could do that without already having significant control over the MSMQ host.

9. Remote Code Execution - Microsoft WDAC OLE DB provider for SQL Server (CVE-2023-36577) - High [476]

Description: Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

10. Remote Code Execution - Windows Media Foundation Core (CVE-2023-36710) - High [471]

Description: Windows Media Foundation Core Remote Code Execution Vulnerability

11. Remote Code Execution - Windows MSHTML Platform (CVE-2023-36436) - High [454]

Description: Windows MSHTML Platform Remote Code Execution Vulnerability

12. Remote Code Execution - Windows Setup Files Cleanup (CVE-2023-36704) - High [454]

Description: Windows Setup Files Cleanup Remote Code Execution Vulnerability

13. Remote Code Execution - Microsoft Message Queuing (CVE-2023-36593) - High [447]

Description: Microsoft Message Queuing Remote Code Execution Vulnerability

Qualys: CVE-2023-36591, CVE-2023-36578, CVE-2023-36575, CVE-2023-36571, CVE-2023-35349, CVE-2023-36574, CVE-2023-36590, CVE-2023-36573, CVE-2023-36583, CVE-2023-36570, CVE-2023-36572, CVE-2023-36582, CVE-2023-36589, CVE-2023-36593, CVE-2023-36592 – Microsoft Message Queuing Remote Code Execution Vulnerability This vulnerability has a CVSS:3.1 7.3 / 6.4 Policy Compliance Control IDs (CIDs): 4030 Status of the ‘Windows Message Queuing Service’ 14916 Status of Windows Services 14297 Status of the open network connections and listening ports (Qualys Agent only) The following QQL will return a posture assessment for the CIDs for this Patch Tuesday: control.id: [4030, 14916, 14297, 18266, 17331, 17330]

Qualys: CVE-2023-36591, CVE-2023-36578, CVE-2023-36575, CVE-2023-36571, CVE-2023-35349, CVE-2023-36574, CVE-2023-36590, CVE-2023-36573, CVE-2023-36583, CVE-2023-36570, CVE-2023-36572, CVE-2023-36582, CVE-2023-36589, CVE-2023-36593, CVE-2023-36592 – Microsoft Message Queuing Remote Code Execution Vulnerability  Visit the October 2023 Security Updates page to access the full description of The next Patch Tuesday falls on November 14, and we’ll be back with details and patch analysis. Until next Patch Tuesday, stay safe and secure. Be sure to subscribe to the ‘This Month in Vulnerabilities and Patch’s webinar.’

Tenable: |CVE-2023-36593||Microsoft Message Queuing Remote Code Execution Vulnerability||7.8||Exploitation Less Likely|

14. Remote Code Execution - Windows Runtime (CVE-2023-36902) - High [442]

Description: Windows Runtime Remote Code Execution Vulnerability

15. Remote Code Execution - Azure Identity SDK (CVE-2023-36414) - High [440]

Description: Azure Identity SDK Remote Code Execution Vulnerability

16. Remote Code Execution - Azure Identity SDK (CVE-2023-36415) - High [440]

Description: Azure Identity SDK Remote Code Execution Vulnerability

17. Remote Code Execution - Layer 2 Tunneling Protocol (CVE-2023-38166) - High [440]

Description: Layer 2 Tunneling Protocol Remote Code Execution Vulnerability

Qualys: CVE-2023-41765, CVE-2023-41767, CVE-2023-41768, CVE-2023-41769, CVE-2023-41770, CVE-2023-41771, CVE-2023-41773, CVE-2023-41774, CVE-2023-38166 – Layer 2 Tunneling Protocol Remote Code Execution Vulnerability Layer 2 Tunneling Protocol (L2TP) is an extension of the Point-to-Point Tunneling Protocol (PPTP) used mainly by Internet Service Providers and Virtual Private Networks (VPNs). L2TP is one of the protocols that help ensure security and privacy by enabling a tunnel for Layer 2 traffic over a Layer 3 network. To exploit these vulnerabilities, an attacker is required to win a race condition. An unauthenticated attacker could send a specially crafted connection request to a RAS server and perform remote code execution on the RAS server machine.

Rapid7: Twelve critical RCE vulnerabilities seems like a lot, and it is. Fully three-quarters of these are in the same Windows component — the Layer 2 Tunneling Protocol — which has already received fixes for a significant number of critical RCEs in recent months. Exploitation of each of the Layer 2 Tunneling Protocol critical RCEs this month — CVE-2023-41765 CVE-2023-41767 CVE-2023-41768 CVE-2023-41769 CVE-2023-41770 CVE-2023-41771 CVE-2023-41773 CVE-2023-41774 and CVE-2023-38166 — is via a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server.

18. Remote Code Execution - Layer 2 Tunneling Protocol (CVE-2023-41765) - High [440]

Description: Layer 2 Tunneling Protocol Remote Code Execution Vulnerability

Qualys: CVE-2023-41765, CVE-2023-41767, CVE-2023-41768, CVE-2023-41769, CVE-2023-41770, CVE-2023-41771, CVE-2023-41773, CVE-2023-41774, CVE-2023-38166 – Layer 2 Tunneling Protocol Remote Code Execution Vulnerability Layer 2 Tunneling Protocol (L2TP) is an extension of the Point-to-Point Tunneling Protocol (PPTP) used mainly by Internet Service Providers and Virtual Private Networks (VPNs). L2TP is one of the protocols that help ensure security and privacy by enabling a tunnel for Layer 2 traffic over a Layer 3 network. To exploit these vulnerabilities, an attacker is required to win a race condition. An unauthenticated attacker could send a specially crafted connection request to a RAS server and perform remote code execution on the RAS server machine.

Rapid7: Twelve critical RCE vulnerabilities seems like a lot, and it is. Fully three-quarters of these are in the same Windows component — the Layer 2 Tunneling Protocol — which has already received fixes for a significant number of critical RCEs in recent months. Exploitation of each of the Layer 2 Tunneling Protocol critical RCEs this month — CVE-2023-41765 CVE-2023-41767 CVE-2023-41768 CVE-2023-41769 CVE-2023-41770 CVE-2023-41771 CVE-2023-41773 CVE-2023-41774 and CVE-2023-38166 — is via a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server.

19. Remote Code Execution - Layer 2 Tunneling Protocol (CVE-2023-41767) - High [440]

Description: Layer 2 Tunneling Protocol Remote Code Execution Vulnerability

Qualys: CVE-2023-41765, CVE-2023-41767, CVE-2023-41768, CVE-2023-41769, CVE-2023-41770, CVE-2023-41771, CVE-2023-41773, CVE-2023-41774, CVE-2023-38166 – Layer 2 Tunneling Protocol Remote Code Execution Vulnerability Layer 2 Tunneling Protocol (L2TP) is an extension of the Point-to-Point Tunneling Protocol (PPTP) used mainly by Internet Service Providers and Virtual Private Networks (VPNs). L2TP is one of the protocols that help ensure security and privacy by enabling a tunnel for Layer 2 traffic over a Layer 3 network. To exploit these vulnerabilities, an attacker is required to win a race condition. An unauthenticated attacker could send a specially crafted connection request to a RAS server and perform remote code execution on the RAS server machine.

Rapid7: Twelve critical RCE vulnerabilities seems like a lot, and it is. Fully three-quarters of these are in the same Windows component — the Layer 2 Tunneling Protocol — which has already received fixes for a significant number of critical RCEs in recent months. Exploitation of each of the Layer 2 Tunneling Protocol critical RCEs this month — CVE-2023-41765 CVE-2023-41767 CVE-2023-41768 CVE-2023-41769 CVE-2023-41770 CVE-2023-41771 CVE-2023-41773 CVE-2023-41774 and CVE-2023-38166 — is via a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server.

20. Remote Code Execution - Layer 2 Tunneling Protocol (CVE-2023-41768) - High [440]

Description: Layer 2 Tunneling Protocol Remote Code Execution Vulnerability

Qualys: CVE-2023-41765, CVE-2023-41767, CVE-2023-41768, CVE-2023-41769, CVE-2023-41770, CVE-2023-41771, CVE-2023-41773, CVE-2023-41774, CVE-2023-38166 – Layer 2 Tunneling Protocol Remote Code Execution Vulnerability Layer 2 Tunneling Protocol (L2TP) is an extension of the Point-to-Point Tunneling Protocol (PPTP) used mainly by Internet Service Providers and Virtual Private Networks (VPNs). L2TP is one of the protocols that help ensure security and privacy by enabling a tunnel for Layer 2 traffic over a Layer 3 network. To exploit these vulnerabilities, an attacker is required to win a race condition. An unauthenticated attacker could send a specially crafted connection request to a RAS server and perform remote code execution on the RAS server machine.

Rapid7: Twelve critical RCE vulnerabilities seems like a lot, and it is. Fully three-quarters of these are in the same Windows component — the Layer 2 Tunneling Protocol — which has already received fixes for a significant number of critical RCEs in recent months. Exploitation of each of the Layer 2 Tunneling Protocol critical RCEs this month — CVE-2023-41765 CVE-2023-41767 CVE-2023-41768 CVE-2023-41769 CVE-2023-41770 CVE-2023-41771 CVE-2023-41773 CVE-2023-41774 and CVE-2023-38166 — is via a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server.

21. Remote Code Execution - Layer 2 Tunneling Protocol (CVE-2023-41769) - High [440]

Description: Layer 2 Tunneling Protocol Remote Code Execution Vulnerability

Qualys: CVE-2023-41765, CVE-2023-41767, CVE-2023-41768, CVE-2023-41769, CVE-2023-41770, CVE-2023-41771, CVE-2023-41773, CVE-2023-41774, CVE-2023-38166 – Layer 2 Tunneling Protocol Remote Code Execution Vulnerability Layer 2 Tunneling Protocol (L2TP) is an extension of the Point-to-Point Tunneling Protocol (PPTP) used mainly by Internet Service Providers and Virtual Private Networks (VPNs). L2TP is one of the protocols that help ensure security and privacy by enabling a tunnel for Layer 2 traffic over a Layer 3 network. To exploit these vulnerabilities, an attacker is required to win a race condition. An unauthenticated attacker could send a specially crafted connection request to a RAS server and perform remote code execution on the RAS server machine.

Rapid7: Twelve critical RCE vulnerabilities seems like a lot, and it is. Fully three-quarters of these are in the same Windows component — the Layer 2 Tunneling Protocol — which has already received fixes for a significant number of critical RCEs in recent months. Exploitation of each of the Layer 2 Tunneling Protocol critical RCEs this month — CVE-2023-41765 CVE-2023-41767 CVE-2023-41768 CVE-2023-41769 CVE-2023-41770 CVE-2023-41771 CVE-2023-41773 CVE-2023-41774 and CVE-2023-38166 — is via a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server.

22. Remote Code Execution - Layer 2 Tunneling Protocol (CVE-2023-41770) - High [440]

Description: Layer 2 Tunneling Protocol Remote Code Execution Vulnerability

Qualys: CVE-2023-41765, CVE-2023-41767, CVE-2023-41768, CVE-2023-41769, CVE-2023-41770, CVE-2023-41771, CVE-2023-41773, CVE-2023-41774, CVE-2023-38166 – Layer 2 Tunneling Protocol Remote Code Execution Vulnerability Layer 2 Tunneling Protocol (L2TP) is an extension of the Point-to-Point Tunneling Protocol (PPTP) used mainly by Internet Service Providers and Virtual Private Networks (VPNs). L2TP is one of the protocols that help ensure security and privacy by enabling a tunnel for Layer 2 traffic over a Layer 3 network. To exploit these vulnerabilities, an attacker is required to win a race condition. An unauthenticated attacker could send a specially crafted connection request to a RAS server and perform remote code execution on the RAS server machine.

Rapid7: Twelve critical RCE vulnerabilities seems like a lot, and it is. Fully three-quarters of these are in the same Windows component — the Layer 2 Tunneling Protocol — which has already received fixes for a significant number of critical RCEs in recent months. Exploitation of each of the Layer 2 Tunneling Protocol critical RCEs this month — CVE-2023-41765 CVE-2023-41767 CVE-2023-41768 CVE-2023-41769 CVE-2023-41770 CVE-2023-41771 CVE-2023-41773 CVE-2023-41774 and CVE-2023-38166 — is via a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server.

23. Remote Code Execution - Layer 2 Tunneling Protocol (CVE-2023-41771) - High [440]

Description: Layer 2 Tunneling Protocol Remote Code Execution Vulnerability

Qualys: CVE-2023-41765, CVE-2023-41767, CVE-2023-41768, CVE-2023-41769, CVE-2023-41770, CVE-2023-41771, CVE-2023-41773, CVE-2023-41774, CVE-2023-38166 – Layer 2 Tunneling Protocol Remote Code Execution Vulnerability Layer 2 Tunneling Protocol (L2TP) is an extension of the Point-to-Point Tunneling Protocol (PPTP) used mainly by Internet Service Providers and Virtual Private Networks (VPNs). L2TP is one of the protocols that help ensure security and privacy by enabling a tunnel for Layer 2 traffic over a Layer 3 network. To exploit these vulnerabilities, an attacker is required to win a race condition. An unauthenticated attacker could send a specially crafted connection request to a RAS server and perform remote code execution on the RAS server machine.

Rapid7: Twelve critical RCE vulnerabilities seems like a lot, and it is. Fully three-quarters of these are in the same Windows component — the Layer 2 Tunneling Protocol — which has already received fixes for a significant number of critical RCEs in recent months. Exploitation of each of the Layer 2 Tunneling Protocol critical RCEs this month — CVE-2023-41765 CVE-2023-41767 CVE-2023-41768 CVE-2023-41769 CVE-2023-41770 CVE-2023-41771 CVE-2023-41773 CVE-2023-41774 and CVE-2023-38166 — is via a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server.

24. Remote Code Execution - Layer 2 Tunneling Protocol (CVE-2023-41773) - High [440]

Description: Layer 2 Tunneling Protocol Remote Code Execution Vulnerability

Qualys: CVE-2023-41765, CVE-2023-41767, CVE-2023-41768, CVE-2023-41769, CVE-2023-41770, CVE-2023-41771, CVE-2023-41773, CVE-2023-41774, CVE-2023-38166 – Layer 2 Tunneling Protocol Remote Code Execution Vulnerability Layer 2 Tunneling Protocol (L2TP) is an extension of the Point-to-Point Tunneling Protocol (PPTP) used mainly by Internet Service Providers and Virtual Private Networks (VPNs). L2TP is one of the protocols that help ensure security and privacy by enabling a tunnel for Layer 2 traffic over a Layer 3 network. To exploit these vulnerabilities, an attacker is required to win a race condition. An unauthenticated attacker could send a specially crafted connection request to a RAS server and perform remote code execution on the RAS server machine.

Rapid7: Twelve critical RCE vulnerabilities seems like a lot, and it is. Fully three-quarters of these are in the same Windows component — the Layer 2 Tunneling Protocol — which has already received fixes for a significant number of critical RCEs in recent months. Exploitation of each of the Layer 2 Tunneling Protocol critical RCEs this month — CVE-2023-41765 CVE-2023-41767 CVE-2023-41768 CVE-2023-41769 CVE-2023-41770 CVE-2023-41771 CVE-2023-41773 CVE-2023-41774 and CVE-2023-38166 — is via a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server.

25. Remote Code Execution - Layer 2 Tunneling Protocol (CVE-2023-41774) - High [440]

Description: Layer 2 Tunneling Protocol Remote Code Execution Vulnerability

Qualys: CVE-2023-41765, CVE-2023-41767, CVE-2023-41768, CVE-2023-41769, CVE-2023-41770, CVE-2023-41771, CVE-2023-41773, CVE-2023-41774, CVE-2023-38166 – Layer 2 Tunneling Protocol Remote Code Execution Vulnerability Layer 2 Tunneling Protocol (L2TP) is an extension of the Point-to-Point Tunneling Protocol (PPTP) used mainly by Internet Service Providers and Virtual Private Networks (VPNs). L2TP is one of the protocols that help ensure security and privacy by enabling a tunnel for Layer 2 traffic over a Layer 3 network. To exploit these vulnerabilities, an attacker is required to win a race condition. An unauthenticated attacker could send a specially crafted connection request to a RAS server and perform remote code execution on the RAS server machine.

Rapid7: Twelve critical RCE vulnerabilities seems like a lot, and it is. Fully three-quarters of these are in the same Windows component — the Layer 2 Tunneling Protocol — which has already received fixes for a significant number of critical RCEs in recent months. Exploitation of each of the Layer 2 Tunneling Protocol critical RCEs this month — CVE-2023-41765 CVE-2023-41767 CVE-2023-41768 CVE-2023-41769 CVE-2023-41770 CVE-2023-41771 CVE-2023-41773 CVE-2023-41774 and CVE-2023-38166 — is via a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server.

26. Security Feature Bypass - Windows Search (CVE-2023-36564) - High [436]

Description: Windows Search Security Feature Bypass Vulnerability

27. Remote Code Execution - Microsoft Message Queuing (CVE-2023-36570) - High [435]

Description: Microsoft Message Queuing Remote Code Execution Vulnerability

Qualys: CVE-2023-36591, CVE-2023-36578, CVE-2023-36575, CVE-2023-36571, CVE-2023-35349, CVE-2023-36574, CVE-2023-36590, CVE-2023-36573, CVE-2023-36583, CVE-2023-36570, CVE-2023-36572, CVE-2023-36582, CVE-2023-36589, CVE-2023-36593, CVE-2023-36592 – Microsoft Message Queuing Remote Code Execution Vulnerability This vulnerability has a CVSS:3.1 7.3 / 6.4 Policy Compliance Control IDs (CIDs): 4030 Status of the ‘Windows Message Queuing Service’ 14916 Status of Windows Services 14297 Status of the open network connections and listening ports (Qualys Agent only) The following QQL will return a posture assessment for the CIDs for this Patch Tuesday: control.id: [4030, 14916, 14297, 18266, 17331, 17330]

Qualys: CVE-2023-36591, CVE-2023-36578, CVE-2023-36575, CVE-2023-36571, CVE-2023-35349, CVE-2023-36574, CVE-2023-36590, CVE-2023-36573, CVE-2023-36583, CVE-2023-36570, CVE-2023-36572, CVE-2023-36582, CVE-2023-36589, CVE-2023-36593, CVE-2023-36592 – Microsoft Message Queuing Remote Code Execution Vulnerability  Visit the October 2023 Security Updates page to access the full description of The next Patch Tuesday falls on November 14, and we’ll be back with details and patch analysis. Until next Patch Tuesday, stay safe and secure. Be sure to subscribe to the ‘This Month in Vulnerabilities and Patch’s webinar.’

Tenable: |CVE-2023-36570||Microsoft Message Queuing Remote Code Execution Vulnerability||7.3||Exploitation Less Likely|

28. Remote Code Execution - Microsoft Message Queuing (CVE-2023-36571) - High [435]

Description: Microsoft Message Queuing Remote Code Execution Vulnerability

Qualys: CVE-2023-36591, CVE-2023-36578, CVE-2023-36575, CVE-2023-36571, CVE-2023-35349, CVE-2023-36574, CVE-2023-36590, CVE-2023-36573, CVE-2023-36583, CVE-2023-36570, CVE-2023-36572, CVE-2023-36582, CVE-2023-36589, CVE-2023-36593, CVE-2023-36592 – Microsoft Message Queuing Remote Code Execution Vulnerability This vulnerability has a CVSS:3.1 7.3 / 6.4 Policy Compliance Control IDs (CIDs): 4030 Status of the ‘Windows Message Queuing Service’ 14916 Status of Windows Services 14297 Status of the open network connections and listening ports (Qualys Agent only) The following QQL will return a posture assessment for the CIDs for this Patch Tuesday: control.id: [4030, 14916, 14297, 18266, 17331, 17330]

Qualys: CVE-2023-36591, CVE-2023-36578, CVE-2023-36575, CVE-2023-36571, CVE-2023-35349, CVE-2023-36574, CVE-2023-36590, CVE-2023-36573, CVE-2023-36583, CVE-2023-36570, CVE-2023-36572, CVE-2023-36582, CVE-2023-36589, CVE-2023-36593, CVE-2023-36592 – Microsoft Message Queuing Remote Code Execution Vulnerability  Visit the October 2023 Security Updates page to access the full description of The next Patch Tuesday falls on November 14, and we’ll be back with details and patch analysis. Until next Patch Tuesday, stay safe and secure. Be sure to subscribe to the ‘This Month in Vulnerabilities and Patch’s webinar.’

Tenable: |CVE-2023-36571||Microsoft Message Queuing Remote Code Execution Vulnerability||7.3||Exploitation Less Likely|

29. Remote Code Execution - Microsoft Message Queuing (CVE-2023-36572) - High [435]

Description: Microsoft Message Queuing Remote Code Execution Vulnerability

Qualys: CVE-2023-36591, CVE-2023-36578, CVE-2023-36575, CVE-2023-36571, CVE-2023-35349, CVE-2023-36574, CVE-2023-36590, CVE-2023-36573, CVE-2023-36583, CVE-2023-36570, CVE-2023-36572, CVE-2023-36582, CVE-2023-36589, CVE-2023-36593, CVE-2023-36592 – Microsoft Message Queuing Remote Code Execution Vulnerability This vulnerability has a CVSS:3.1 7.3 / 6.4 Policy Compliance Control IDs (CIDs): 4030 Status of the ‘Windows Message Queuing Service’ 14916 Status of Windows Services 14297 Status of the open network connections and listening ports (Qualys Agent only) The following QQL will return a posture assessment for the CIDs for this Patch Tuesday: control.id: [4030, 14916, 14297, 18266, 17331, 17330]

Qualys: CVE-2023-36591, CVE-2023-36578, CVE-2023-36575, CVE-2023-36571, CVE-2023-35349, CVE-2023-36574, CVE-2023-36590, CVE-2023-36573, CVE-2023-36583, CVE-2023-36570, CVE-2023-36572, CVE-2023-36582, CVE-2023-36589, CVE-2023-36593, CVE-2023-36592 – Microsoft Message Queuing Remote Code Execution Vulnerability  Visit the October 2023 Security Updates page to access the full description of The next Patch Tuesday falls on November 14, and we’ll be back with details and patch analysis. Until next Patch Tuesday, stay safe and secure. Be sure to subscribe to the ‘This Month in Vulnerabilities and Patch’s webinar.’

Tenable: |CVE-2023-36572||Microsoft Message Queuing Remote Code Execution Vulnerability||7.3||Exploitation Less Likely|

30. Remote Code Execution - Microsoft Message Queuing (CVE-2023-36573) - High [435]

Description: Microsoft Message Queuing Remote Code Execution Vulnerability

Qualys: CVE-2023-36591, CVE-2023-36578, CVE-2023-36575, CVE-2023-36571, CVE-2023-35349, CVE-2023-36574, CVE-2023-36590, CVE-2023-36573, CVE-2023-36583, CVE-2023-36570, CVE-2023-36572, CVE-2023-36582, CVE-2023-36589, CVE-2023-36593, CVE-2023-36592 – Microsoft Message Queuing Remote Code Execution Vulnerability This vulnerability has a CVSS:3.1 7.3 / 6.4 Policy Compliance Control IDs (CIDs): 4030 Status of the ‘Windows Message Queuing Service’ 14916 Status of Windows Services 14297 Status of the open network connections and listening ports (Qualys Agent only) The following QQL will return a posture assessment for the CIDs for this Patch Tuesday: control.id: [4030, 14916, 14297, 18266, 17331, 17330]

Qualys: CVE-2023-36591, CVE-2023-36578, CVE-2023-36575, CVE-2023-36571, CVE-2023-35349, CVE-2023-36574, CVE-2023-36590, CVE-2023-36573, CVE-2023-36583, CVE-2023-36570, CVE-2023-36572, CVE-2023-36582, CVE-2023-36589, CVE-2023-36593, CVE-2023-36592 – Microsoft Message Queuing Remote Code Execution Vulnerability  Visit the October 2023 Security Updates page to access the full description of The next Patch Tuesday falls on November 14, and we’ll be back with details and patch analysis. Until next Patch Tuesday, stay safe and secure. Be sure to subscribe to the ‘This Month in Vulnerabilities and Patch’s webinar.’

Tenable: |CVE-2023-36573||Microsoft Message Queuing Remote Code Execution Vulnerability||7.3||Exploitation Less Likely|

31. Remote Code Execution - Microsoft Message Queuing (CVE-2023-36574) - High [435]

Description: Microsoft Message Queuing Remote Code Execution Vulnerability

Qualys: CVE-2023-36591, CVE-2023-36578, CVE-2023-36575, CVE-2023-36571, CVE-2023-35349, CVE-2023-36574, CVE-2023-36590, CVE-2023-36573, CVE-2023-36583, CVE-2023-36570, CVE-2023-36572, CVE-2023-36582, CVE-2023-36589, CVE-2023-36593, CVE-2023-36592 – Microsoft Message Queuing Remote Code Execution Vulnerability This vulnerability has a CVSS:3.1 7.3 / 6.4 Policy Compliance Control IDs (CIDs): 4030 Status of the ‘Windows Message Queuing Service’ 14916 Status of Windows Services 14297 Status of the open network connections and listening ports (Qualys Agent only) The following QQL will return a posture assessment for the CIDs for this Patch Tuesday: control.id: [4030, 14916, 14297, 18266, 17331, 17330]

Qualys: CVE-2023-36591, CVE-2023-36578, CVE-2023-36575, CVE-2023-36571, CVE-2023-35349, CVE-2023-36574, CVE-2023-36590, CVE-2023-36573, CVE-2023-36583, CVE-2023-36570, CVE-2023-36572, CVE-2023-36582, CVE-2023-36589, CVE-2023-36593, CVE-2023-36592 – Microsoft Message Queuing Remote Code Execution Vulnerability  Visit the October 2023 Security Updates page to access the full description of The next Patch Tuesday falls on November 14, and we’ll be back with details and patch analysis. Until next Patch Tuesday, stay safe and secure. Be sure to subscribe to the ‘This Month in Vulnerabilities and Patch’s webinar.’

Tenable: |CVE-2023-36574||Microsoft Message Queuing Remote Code Execution Vulnerability||7.3||Exploitation Less Likely|

32. Remote Code Execution - Microsoft Message Queuing (CVE-2023-36575) - High [435]

Description: Microsoft Message Queuing Remote Code Execution Vulnerability

Qualys: CVE-2023-36591, CVE-2023-36578, CVE-2023-36575, CVE-2023-36571, CVE-2023-35349, CVE-2023-36574, CVE-2023-36590, CVE-2023-36573, CVE-2023-36583, CVE-2023-36570, CVE-2023-36572, CVE-2023-36582, CVE-2023-36589, CVE-2023-36593, CVE-2023-36592 – Microsoft Message Queuing Remote Code Execution Vulnerability This vulnerability has a CVSS:3.1 7.3 / 6.4 Policy Compliance Control IDs (CIDs): 4030 Status of the ‘Windows Message Queuing Service’ 14916 Status of Windows Services 14297 Status of the open network connections and listening ports (Qualys Agent only) The following QQL will return a posture assessment for the CIDs for this Patch Tuesday: control.id: [4030, 14916, 14297, 18266, 17331, 17330]

Qualys: CVE-2023-36591, CVE-2023-36578, CVE-2023-36575, CVE-2023-36571, CVE-2023-35349, CVE-2023-36574, CVE-2023-36590, CVE-2023-36573, CVE-2023-36583, CVE-2023-36570, CVE-2023-36572, CVE-2023-36582, CVE-2023-36589, CVE-2023-36593, CVE-2023-36592 – Microsoft Message Queuing Remote Code Execution Vulnerability  Visit the October 2023 Security Updates page to access the full description of The next Patch Tuesday falls on November 14, and we’ll be back with details and patch analysis. Until next Patch Tuesday, stay safe and secure. Be sure to subscribe to the ‘This Month in Vulnerabilities and Patch’s webinar.’

Tenable: |CVE-2023-36575||Microsoft Message Queuing Remote Code Execution Vulnerability||7.3||Exploitation Less Likely|

33. Remote Code Execution - Microsoft Message Queuing (CVE-2023-36578) - High [435]

Description: Microsoft Message Queuing Remote Code Execution Vulnerability

Qualys: CVE-2023-36591, CVE-2023-36578, CVE-2023-36575, CVE-2023-36571, CVE-2023-35349, CVE-2023-36574, CVE-2023-36590, CVE-2023-36573, CVE-2023-36583, CVE-2023-36570, CVE-2023-36572, CVE-2023-36582, CVE-2023-36589, CVE-2023-36593, CVE-2023-36592 – Microsoft Message Queuing Remote Code Execution Vulnerability This vulnerability has a CVSS:3.1 7.3 / 6.4 Policy Compliance Control IDs (CIDs): 4030 Status of the ‘Windows Message Queuing Service’ 14916 Status of Windows Services 14297 Status of the open network connections and listening ports (Qualys Agent only) The following QQL will return a posture assessment for the CIDs for this Patch Tuesday: control.id: [4030, 14916, 14297, 18266, 17331, 17330]

Qualys: CVE-2023-36591, CVE-2023-36578, CVE-2023-36575, CVE-2023-36571, CVE-2023-35349, CVE-2023-36574, CVE-2023-36590, CVE-2023-36573, CVE-2023-36583, CVE-2023-36570, CVE-2023-36572, CVE-2023-36582, CVE-2023-36589, CVE-2023-36593, CVE-2023-36592 – Microsoft Message Queuing Remote Code Execution Vulnerability  Visit the October 2023 Security Updates page to access the full description of The next Patch Tuesday falls on November 14, and we’ll be back with details and patch analysis. Until next Patch Tuesday, stay safe and secure. Be sure to subscribe to the ‘This Month in Vulnerabilities and Patch’s webinar.’

Tenable: |CVE-2023-36578||Microsoft Message Queuing Remote Code Execution Vulnerability||7.3||Exploitation Less Likely|

34. Remote Code Execution - Microsoft Message Queuing (CVE-2023-36582) - High [435]

Description: Microsoft Message Queuing Remote Code Execution Vulnerability

Qualys: CVE-2023-36591, CVE-2023-36578, CVE-2023-36575, CVE-2023-36571, CVE-2023-35349, CVE-2023-36574, CVE-2023-36590, CVE-2023-36573, CVE-2023-36583, CVE-2023-36570, CVE-2023-36572, CVE-2023-36582, CVE-2023-36589, CVE-2023-36593, CVE-2023-36592 – Microsoft Message Queuing Remote Code Execution Vulnerability This vulnerability has a CVSS:3.1 7.3 / 6.4 Policy Compliance Control IDs (CIDs): 4030 Status of the ‘Windows Message Queuing Service’ 14916 Status of Windows Services 14297 Status of the open network connections and listening ports (Qualys Agent only) The following QQL will return a posture assessment for the CIDs for this Patch Tuesday: control.id: [4030, 14916, 14297, 18266, 17331, 17330]

Qualys: CVE-2023-36591, CVE-2023-36578, CVE-2023-36575, CVE-2023-36571, CVE-2023-35349, CVE-2023-36574, CVE-2023-36590, CVE-2023-36573, CVE-2023-36583, CVE-2023-36570, CVE-2023-36572, CVE-2023-36582, CVE-2023-36589, CVE-2023-36593, CVE-2023-36592 – Microsoft Message Queuing Remote Code Execution Vulnerability  Visit the October 2023 Security Updates page to access the full description of The next Patch Tuesday falls on November 14, and we’ll be back with details and patch analysis. Until next Patch Tuesday, stay safe and secure. Be sure to subscribe to the ‘This Month in Vulnerabilities and Patch’s webinar.’

Tenable: |CVE-2023-36582||Microsoft Message Queuing Remote Code Execution Vulnerability||7.3||Exploitation Less Likely|

35. Remote Code Execution - Microsoft Message Queuing (CVE-2023-36583) - High [435]

Description: Microsoft Message Queuing Remote Code Execution Vulnerability

Qualys: CVE-2023-36591, CVE-2023-36578, CVE-2023-36575, CVE-2023-36571, CVE-2023-35349, CVE-2023-36574, CVE-2023-36590, CVE-2023-36573, CVE-2023-36583, CVE-2023-36570, CVE-2023-36572, CVE-2023-36582, CVE-2023-36589, CVE-2023-36593, CVE-2023-36592 – Microsoft Message Queuing Remote Code Execution Vulnerability This vulnerability has a CVSS:3.1 7.3 / 6.4 Policy Compliance Control IDs (CIDs): 4030 Status of the ‘Windows Message Queuing Service’ 14916 Status of Windows Services 14297 Status of the open network connections and listening ports (Qualys Agent only) The following QQL will return a posture assessment for the CIDs for this Patch Tuesday: control.id: [4030, 14916, 14297, 18266, 17331, 17330]

Qualys: CVE-2023-36591, CVE-2023-36578, CVE-2023-36575, CVE-2023-36571, CVE-2023-35349, CVE-2023-36574, CVE-2023-36590, CVE-2023-36573, CVE-2023-36583, CVE-2023-36570, CVE-2023-36572, CVE-2023-36582, CVE-2023-36589, CVE-2023-36593, CVE-2023-36592 – Microsoft Message Queuing Remote Code Execution Vulnerability  Visit the October 2023 Security Updates page to access the full description of The next Patch Tuesday falls on November 14, and we’ll be back with details and patch analysis. Until next Patch Tuesday, stay safe and secure. Be sure to subscribe to the ‘This Month in Vulnerabilities and Patch’s webinar.’

Tenable: |CVE-2023-36583||Microsoft Message Queuing Remote Code Execution Vulnerability||7.3||Exploitation Less Likely|

36. Remote Code Execution - Microsoft Message Queuing (CVE-2023-36589) - High [435]

Description: Microsoft Message Queuing Remote Code Execution Vulnerability

Qualys: CVE-2023-36591, CVE-2023-36578, CVE-2023-36575, CVE-2023-36571, CVE-2023-35349, CVE-2023-36574, CVE-2023-36590, CVE-2023-36573, CVE-2023-36583, CVE-2023-36570, CVE-2023-36572, CVE-2023-36582, CVE-2023-36589, CVE-2023-36593, CVE-2023-36592 – Microsoft Message Queuing Remote Code Execution Vulnerability This vulnerability has a CVSS:3.1 7.3 / 6.4 Policy Compliance Control IDs (CIDs): 4030 Status of the ‘Windows Message Queuing Service’ 14916 Status of Windows Services 14297 Status of the open network connections and listening ports (Qualys Agent only) The following QQL will return a posture assessment for the CIDs for this Patch Tuesday: control.id: [4030, 14916, 14297, 18266, 17331, 17330]

Qualys: CVE-2023-36591, CVE-2023-36578, CVE-2023-36575, CVE-2023-36571, CVE-2023-35349, CVE-2023-36574, CVE-2023-36590, CVE-2023-36573, CVE-2023-36583, CVE-2023-36570, CVE-2023-36572, CVE-2023-36582, CVE-2023-36589, CVE-2023-36593, CVE-2023-36592 – Microsoft Message Queuing Remote Code Execution Vulnerability  Visit the October 2023 Security Updates page to access the full description of The next Patch Tuesday falls on November 14, and we’ll be back with details and patch analysis. Until next Patch Tuesday, stay safe and secure. Be sure to subscribe to the ‘This Month in Vulnerabilities and Patch’s webinar.’

Tenable: |CVE-2023-36589||Microsoft Message Queuing Remote Code Execution Vulnerability||7.3||Exploitation Less Likely|

37. Remote Code Execution - Microsoft Message Queuing (CVE-2023-36590) - High [435]

Description: Microsoft Message Queuing Remote Code Execution Vulnerability

Qualys: CVE-2023-36591, CVE-2023-36578, CVE-2023-36575, CVE-2023-36571, CVE-2023-35349, CVE-2023-36574, CVE-2023-36590, CVE-2023-36573, CVE-2023-36583, CVE-2023-36570, CVE-2023-36572, CVE-2023-36582, CVE-2023-36589, CVE-2023-36593, CVE-2023-36592 – Microsoft Message Queuing Remote Code Execution Vulnerability This vulnerability has a CVSS:3.1 7.3 / 6.4 Policy Compliance Control IDs (CIDs): 4030 Status of the ‘Windows Message Queuing Service’ 14916 Status of Windows Services 14297 Status of the open network connections and listening ports (Qualys Agent only) The following QQL will return a posture assessment for the CIDs for this Patch Tuesday: control.id: [4030, 14916, 14297, 18266, 17331, 17330]

Qualys: CVE-2023-36591, CVE-2023-36578, CVE-2023-36575, CVE-2023-36571, CVE-2023-35349, CVE-2023-36574, CVE-2023-36590, CVE-2023-36573, CVE-2023-36583, CVE-2023-36570, CVE-2023-36572, CVE-2023-36582, CVE-2023-36589, CVE-2023-36593, CVE-2023-36592 – Microsoft Message Queuing Remote Code Execution Vulnerability  Visit the October 2023 Security Updates page to access the full description of The next Patch Tuesday falls on November 14, and we’ll be back with details and patch analysis. Until next Patch Tuesday, stay safe and secure. Be sure to subscribe to the ‘This Month in Vulnerabilities and Patch’s webinar.’

Tenable: |CVE-2023-36590||Microsoft Message Queuing Remote Code Execution Vulnerability||7.3||Exploitation Less Likely|

38. Remote Code Execution - Microsoft Message Queuing (CVE-2023-36591) - High [435]

Description: Microsoft Message Queuing Remote Code Execution Vulnerability

Qualys: CVE-2023-36591, CVE-2023-36578, CVE-2023-36575, CVE-2023-36571, CVE-2023-35349, CVE-2023-36574, CVE-2023-36590, CVE-2023-36573, CVE-2023-36583, CVE-2023-36570, CVE-2023-36572, CVE-2023-36582, CVE-2023-36589, CVE-2023-36593, CVE-2023-36592 – Microsoft Message Queuing Remote Code Execution Vulnerability This vulnerability has a CVSS:3.1 7.3 / 6.4 Policy Compliance Control IDs (CIDs): 4030 Status of the ‘Windows Message Queuing Service’ 14916 Status of Windows Services 14297 Status of the open network connections and listening ports (Qualys Agent only) The following QQL will return a posture assessment for the CIDs for this Patch Tuesday: control.id: [4030, 14916, 14297, 18266, 17331, 17330]

Qualys: CVE-2023-36591, CVE-2023-36578, CVE-2023-36575, CVE-2023-36571, CVE-2023-35349, CVE-2023-36574, CVE-2023-36590, CVE-2023-36573, CVE-2023-36583, CVE-2023-36570, CVE-2023-36572, CVE-2023-36582, CVE-2023-36589, CVE-2023-36593, CVE-2023-36592 – Microsoft Message Queuing Remote Code Execution Vulnerability  Visit the October 2023 Security Updates page to access the full description of The next Patch Tuesday falls on November 14, and we’ll be back with details and patch analysis. Until next Patch Tuesday, stay safe and secure. Be sure to subscribe to the ‘This Month in Vulnerabilities and Patch’s webinar.’

Tenable: |CVE-2023-36591||Microsoft Message Queuing Remote Code Execution Vulnerability||7.3||Exploitation Less Likely|

39. Remote Code Execution - Microsoft Message Queuing (CVE-2023-36592) - High [435]

Description: Microsoft Message Queuing Remote Code Execution Vulnerability

Qualys: CVE-2023-36591, CVE-2023-36578, CVE-2023-36575, CVE-2023-36571, CVE-2023-35349, CVE-2023-36574, CVE-2023-36590, CVE-2023-36573, CVE-2023-36583, CVE-2023-36570, CVE-2023-36572, CVE-2023-36582, CVE-2023-36589, CVE-2023-36593, CVE-2023-36592 – Microsoft Message Queuing Remote Code Execution Vulnerability This vulnerability has a CVSS:3.1 7.3 / 6.4 Policy Compliance Control IDs (CIDs): 4030 Status of the ‘Windows Message Queuing Service’ 14916 Status of Windows Services 14297 Status of the open network connections and listening ports (Qualys Agent only) The following QQL will return a posture assessment for the CIDs for this Patch Tuesday: control.id: [4030, 14916, 14297, 18266, 17331, 17330]

Qualys: CVE-2023-36591, CVE-2023-36578, CVE-2023-36575, CVE-2023-36571, CVE-2023-35349, CVE-2023-36574, CVE-2023-36590, CVE-2023-36573, CVE-2023-36583, CVE-2023-36570, CVE-2023-36572, CVE-2023-36582, CVE-2023-36589, CVE-2023-36593, CVE-2023-36592 – Microsoft Message Queuing Remote Code Execution Vulnerability  Visit the October 2023 Security Updates page to access the full description of The next Patch Tuesday falls on November 14, and we’ll be back with details and patch analysis. Until next Patch Tuesday, stay safe and secure. Be sure to subscribe to the ‘This Month in Vulnerabilities and Patch’s webinar.’

Tenable: |CVE-2023-36592||Microsoft Message Queuing Remote Code Execution Vulnerability||7.3||Exploitation Less Likely|

40. Remote Code Execution - Skype for Business (CVE-2023-36780) - High [433]

Description: Skype for Business Remote Code Execution Vulnerability

Qualys: Other Microsoft Vulnerability Highlights CVE-2023-36780 is a remote code execution vulnerability in Skype for Business. The vulnerability exists in PowerShell when exposed through Microsoft Exchange or Skype. To exploit this vulnerability, an attacker must be granted an administrative role in the Skype for Business Control Panel. Successful exploitation of the vulnerability would allow an attacker to perform remote code execution on the Skype for Business Server backend. CVE-2023-36778 is a remote code execution vulnerability in Microsoft Exchange Server. An attacker must have LAN access and credentials for a valid Exchange user to exploit this vulnerability. An authenticated attacker who is on the same intranet as the Exchange server may perform remote code execution via a PowerShell remoting session. CVE-2023-36713 is an information disclosure vulnerability in the Windows Common Log File System Driver. Successful exploitation of the vulnerability would allow an attacker to read small portions of heap memory potentially. CVE-2023-36594 and CVE-2023-38159 are elevation of privilege vulnerabilities in the Microsoft Graphics Component. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-36731, CVE-2023-36732, CVE-2023-36743, CVE-2023-36776, and CVE-2023-41772 are elevation of privilege vulnerabilities in Win32k. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges.

41. Remote Code Execution - Skype for Business (CVE-2023-36786) - High [433]

Description: Skype for Business Remote Code Execution Vulnerability

42. Remote Code Execution - Skype for Business (CVE-2023-36789) - High [433]

Description: Skype for Business Remote Code Execution Vulnerability

43. Remote Code Execution - Microsoft Exchange (CVE-2023-36778) - High [430]

Description: Microsoft Exchange Server Remote Code Execution Vulnerability

Qualys: Other Microsoft Vulnerability Highlights CVE-2023-36780 is a remote code execution vulnerability in Skype for Business. The vulnerability exists in PowerShell when exposed through Microsoft Exchange or Skype. To exploit this vulnerability, an attacker must be granted an administrative role in the Skype for Business Control Panel. Successful exploitation of the vulnerability would allow an attacker to perform remote code execution on the Skype for Business Server backend. CVE-2023-36778 is a remote code execution vulnerability in Microsoft Exchange Server. An attacker must have LAN access and credentials for a valid Exchange user to exploit this vulnerability. An authenticated attacker who is on the same intranet as the Exchange server may perform remote code execution via a PowerShell remoting session. CVE-2023-36713 is an information disclosure vulnerability in the Windows Common Log File System Driver. Successful exploitation of the vulnerability would allow an attacker to read small portions of heap memory potentially. CVE-2023-36594 and CVE-2023-38159 are elevation of privilege vulnerabilities in the Microsoft Graphics Component. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-36731, CVE-2023-36732, CVE-2023-36743, CVE-2023-36776, and CVE-2023-41772 are elevation of privilege vulnerabilities in Win32k. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges.

Tenable: CVE-2023-36778 | Microsoft Exchange Server Remote Code Execution Vulnerability

Tenable: CVE-2023-36778 is a RCE vulnerability in Microsoft Exchange Server that was assigned a CVSSv3 score of 8 and is rated as important. A local, authenticated attacker could exploit this vulnerability through a remote PowerShell session with the target server. The vulnerability is caused by improper validation of cmdlet arguments within Microsoft Exchange Server. CVE-2023-36778 was rated “Exploitation More Likely” using the Microsoft Exploitability Index.

Rapid7: Exchange administrators should note the existence of CVE-2023-36778, a same-network RCE vulnerability in all current versions of Exchange Server. Successful exploitation requires that the attacker be on the same network as the Exchange Server host, and use valid credentials for an Exchange user in a PowerShell remoting session. By default, PowerShell Remoting only allows connections from members of the Administrators group, and the relevant Windows Firewall rule for connections via public networks rejects connections from outside the same subnet. Defenders may wish to review these rules to ensure that they have not been loosened beyond the default.

KrebsOnSecurity: Speaking of Exchange, Microsoft also patched CVE-2023-36778, a vulnerability in all current versions of Exchange Server that could allow attackers to run code of their choosing. Rapid7’s Barnett said successful exploitation requires that the attacker be on the same network as the Exchange Server host, and use valid credentials for an Exchange user in a PowerShell session.

44. Memory Corruption - Chromium (CVE-2023-5186) - High [407]

Description: Use after free in Passwords in Google Chrome prior to 117.0.5938.132 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: High)

MS PT Extended: CVE-2023-5186 was published before October 2023 Patch Tuesday from 2023-09-13 to 2023-10-09

45. Denial of Service - Microsoft Message Queuing (CVE-2023-36431) - High [405]

Description: Microsoft Message Queuing Denial of Service Vulnerability

46. Denial of Service - Microsoft Message Queuing (CVE-2023-36579) - High [405]

Description: Microsoft Message Queuing Denial of Service Vulnerability

47. Denial of Service - Microsoft Message Queuing (CVE-2023-36581) - High [405]

Description: Microsoft Message Queuing Denial of Service Vulnerability

48. Denial of Service - Microsoft Message Queuing (CVE-2023-36606) - High [405]

Description: Microsoft Message Queuing Denial of Service Vulnerability

49. Denial of Service - Windows TCP/IP (CVE-2023-36602) - High [405]

Description: Windows TCP/IP Denial of Service Vulnerability

50. Denial of Service - Windows TCP/IP (CVE-2023-36603) - High [405]

Description: Windows TCP/IP Denial of Service Vulnerability

Qualys: CVE-2023-36603: Windows TCP/IP Denial of Service Vulnerability This vulnerability has a CVSS:3.1 7.5 / 6.5 Policy Compliance Control IDs (CIDs): 18266 Status of the ‘Firewall CSP – EnablePacketQueue’ setting (Microsoft Intune / MDM)

51. Remote Code Execution - Azure RTOS GUIX Studio (CVE-2023-36418) - High [404]

Description: Azure RTOS GUIX Studio Remote Code Execution Vulnerability

52. Remote Code Execution - Microsoft DirectMusic (CVE-2023-36702) - High [404]

Description: Microsoft DirectMusic Remote Code Execution Vulnerability

53. Remote Code Execution - Microsoft ODBC Driver for SQL Server (CVE-2023-36420) - High [404]

Description: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

54. Remote Code Execution - Microsoft ODBC Driver for SQL Server (CVE-2023-36730) - High [404]

Description: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

55. Remote Code Execution - Microsoft ODBC Driver for SQL Server (CVE-2023-36785) - High [404]

Description: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

56. Remote Code Execution - Microsoft SQL OLE DB (CVE-2023-36417) - High [404]

Description: Microsoft SQL OLE DB Remote Code Execution Vulnerability

57. Remote Code Execution - Microsoft WDAC ODBC Driver (CVE-2023-36598) - High [404]

Description: Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability

58. Remote Code Execution - PrintHTML API (CVE-2023-36557) - High [404]

Description: PrintHTML API Remote Code Execution Vulnerability

59. Elevation of Privilege - Azure Network Watcher VM Agent (CVE-2023-36737) - High [401]

Description: Azure Network Watcher VM Agent Elevation of Privilege Vulnerability

60. Elevation of Privilege - Windows IIS Server (CVE-2023-36434) - High [401]

Description: Windows IIS Server Elevation of Privilege Vulnerability

Tenable: CVE-2023-36434 | Windows IIS Server Elevation of Privilege Vulnerability

Tenable: CVE-2023-36434 is an EoP vulnerability in Windows IIS server that was assigned a CVSSv3 score of 9.8 and rated as important. According to Microsoft, exploitation of this vulnerability is achieved by an attacker brute forcing a user’s login credentials. Because the chances of success can vary greatly and are less likely when strong passwords are in place, Microsoft’s severity rating is important, despite the critical CVSS score.

ZDI: CVE-2023-36434 - Windows IIS Server Elevation of Privilege Vulnerability. Although labeled Important by Microsoft, it receives a CVSS 9.8 rating. An attacker who successfully exploits this bug could log on to an affected IIS server as another user. Microsoft doesn’t rate this as Critical since it would require a brute-force attack, but these days, brute force attacks can be easily automated. If you’re running IIS, you should treat this as a critical update and patch quickly.

TheHackersNews: The security update further resolves a severe privilege escalation bug in Windows IIS Server (CVE-2023-36434, CVSS score: 9.8) that could permit an attacker to impersonate and login as another user via a brute-force attack.

61. Security Feature Bypass - Chromium (CVE-2023-4900) - High [401]

Description: Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate a permission prompt via a crafted HTML page. (Chromium security severity: Medium)

MS PT Extended: CVE-2023-4900 was published before October 2023 Patch Tuesday from 2023-09-13 to 2023-10-09

62. Security Feature Bypass - Chromium (CVE-2023-4904) - High [401]

Description: Insufficient policy enforcement in Downloads in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Enterprise policy restrictions via a crafted download. (Chromium security severity: Medium)

MS PT Extended: CVE-2023-4904 was published before October 2023 Patch Tuesday from 2023-09-13 to 2023-10-09

63. Security Feature Bypass - Chromium (CVE-2023-4906) - High [401]

Description: Insufficient policy enforcement in Autofill in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low)

MS PT Extended: CVE-2023-4906 was published before October 2023 Patch Tuesday from 2023-09-13 to 2023-10-09

64. Security Feature Bypass - Chromium (CVE-2023-4907) - High [401]

Description: Inappropriate implementation in Intents in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low)

MS PT Extended: CVE-2023-4907 was published before October 2023 Patch Tuesday from 2023-09-13 to 2023-10-09

65. Security Feature Bypass - Chromium (CVE-2023-4909) - High [401]

Description: Inappropriate implementation in Interstitials in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low)

MS PT Extended: CVE-2023-4909 was published before October 2023 Patch Tuesday from 2023-09-13 to 2023-10-09

Medium (57)

66. Denial of Service - Active Template Library (CVE-2023-36585) - Medium [389]

Description: Active Template Library Denial of Service Vulnerability

67. Denial of Service - Windows Mixed Reality Developer Tools (CVE-2023-36720) - Medium [389]

Description: Windows Mixed Reality Developer Tools Denial of Service Vulnerability

68. Elevation of Privilege - Microsoft Edge (CVE-2023-36735) - Medium [389]

Description: Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

MS PT Extended: CVE-2023-36735 was published before October 2023 Patch Tuesday from 2023-09-13 to 2023-10-09

69. Memory Corruption - Chromium (CVE-2023-5187) - Medium [383]

Description: Use after free in Extensions in Google Chrome prior to 117.0.5938.132 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

MS PT Extended: CVE-2023-5187 was published before October 2023 Patch Tuesday from 2023-09-13 to 2023-10-09

70. Memory Corruption - Chromium (CVE-2023-5346) - Medium [383]

Description: Type confusion in V8 in Google Chrome prior to 117.0.5938.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

MS PT Extended: CVE-2023-5346 was published before October 2023 Patch Tuesday from 2023-09-13 to 2023-10-09

71. Remote Code Execution - Microsoft Virtual Trusted Platform Module (CVE-2023-36718) - Medium [380]

Description: Microsoft Virtual Trusted Platform Module Remote Code Execution Vulnerability

Qualys: CVE-2023-36718: Microsoft Virtual Trusted Platform Module Remote Code Execution Vulnerability The Trusted Platform Module (TPM) technology is designed to provide hardware-based, security-related functions. A TPM chip is a secure crypto processor that is intended to carry out cryptographic operations. An attacker must perform complex memory-shaping techniques to attempt an attack. To escape the virtual machine, the attacker must be authenticated as a guest mode user. Successful exploitation of the vulnerability could lead to a contained execution environment escape.

Rapid7: The final constituent of this month’s dozen patched critical RCE vulnerabilities is rather more exotic: CVE-2023-36718 describes a vulnerability in the Microsoft Virtual Trusted Platform Module (vTPM), which is a TPM 2.0-compliant virtualized version of a hardware TPM offered as a feature of Azure confidential VMs. Successful exploitation could lead to a container escape. The attacker would first need to access the vulnerable VM, and the advisory notes that exploitation is possible when authenticated as a guest mode user. On the bright side, Microsoft evaluates attack complexity as High, since successful exploitation of this vulnerability would rely upon complex memory shaping techniques to attempt an attack.

72. Denial of Service - Windows Deployment Services (CVE-2023-36707) - Medium [377]

Description: Windows Deployment Services Denial of Service Vulnerability

73. Security Feature Bypass - Windows Kernel (CVE-2023-36698) - Medium [370]

Description: Windows Kernel Security Feature Bypass Vulnerability

74. Information Disclosure - Remote Procedure Call (CVE-2023-36596) - Medium [369]

Description: Remote Procedure Call Information Disclosure Vulnerability

75. Information Disclosure - Windows TCP/IP (CVE-2023-36438) - Medium [364]

Description: Windows TCP/IP Information Disclosure Vulnerability

76. Elevation of Privilege - Windows Kernel (CVE-2023-36712) - Medium [358]

Description: Windows Kernel Elevation of Privilege Vulnerability

77. Denial of Service - Windows Virtual Trusted Platform Module (CVE-2023-36717) - Medium [353]

Description: Windows Virtual Trusted Platform Module Denial of Service Vulnerability

78. Information Disclosure - Windows Deployment Services (CVE-2023-36567) - Medium [347]

Description: Windows Deployment Services Information Disclosure Vulnerability

79. Elevation of Privilege - Named Pipe File System (CVE-2023-36729) - Medium [346]

Description: Named Pipe File System Elevation of Privilege Vulnerability

80. Elevation of Privilege - Windows Kernel (CVE-2023-36725) - Medium [346]

Description: Windows Kernel Elevation of Privilege Vulnerability

81. Elevation of Privilege - Windows Win32k (CVE-2023-36731) - Medium [346]

Description: Win32k Elevation of Privilege Vulnerability

Qualys: Other Microsoft Vulnerability Highlights CVE-2023-36780 is a remote code execution vulnerability in Skype for Business. The vulnerability exists in PowerShell when exposed through Microsoft Exchange or Skype. To exploit this vulnerability, an attacker must be granted an administrative role in the Skype for Business Control Panel. Successful exploitation of the vulnerability would allow an attacker to perform remote code execution on the Skype for Business Server backend. CVE-2023-36778 is a remote code execution vulnerability in Microsoft Exchange Server. An attacker must have LAN access and credentials for a valid Exchange user to exploit this vulnerability. An authenticated attacker who is on the same intranet as the Exchange server may perform remote code execution via a PowerShell remoting session. CVE-2023-36713 is an information disclosure vulnerability in the Windows Common Log File System Driver. Successful exploitation of the vulnerability would allow an attacker to read small portions of heap memory potentially. CVE-2023-36594 and CVE-2023-38159 are elevation of privilege vulnerabilities in the Microsoft Graphics Component. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-36731, CVE-2023-36732, CVE-2023-36743, CVE-2023-36776, and CVE-2023-41772 are elevation of privilege vulnerabilities in Win32k. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges.

82. Elevation of Privilege - Windows Win32k (CVE-2023-36732) - Medium [346]

Description: Win32k Elevation of Privilege Vulnerability

Qualys: Other Microsoft Vulnerability Highlights CVE-2023-36780 is a remote code execution vulnerability in Skype for Business. The vulnerability exists in PowerShell when exposed through Microsoft Exchange or Skype. To exploit this vulnerability, an attacker must be granted an administrative role in the Skype for Business Control Panel. Successful exploitation of the vulnerability would allow an attacker to perform remote code execution on the Skype for Business Server backend. CVE-2023-36778 is a remote code execution vulnerability in Microsoft Exchange Server. An attacker must have LAN access and credentials for a valid Exchange user to exploit this vulnerability. An authenticated attacker who is on the same intranet as the Exchange server may perform remote code execution via a PowerShell remoting session. CVE-2023-36713 is an information disclosure vulnerability in the Windows Common Log File System Driver. Successful exploitation of the vulnerability would allow an attacker to read small portions of heap memory potentially. CVE-2023-36594 and CVE-2023-38159 are elevation of privilege vulnerabilities in the Microsoft Graphics Component. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-36731, CVE-2023-36732, CVE-2023-36743, CVE-2023-36776, and CVE-2023-41772 are elevation of privilege vulnerabilities in Win32k. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges.

83. Elevation of Privilege - Windows Win32k (CVE-2023-36743) - Medium [346]

Description: Win32k Elevation of Privilege Vulnerability

Qualys: Other Microsoft Vulnerability Highlights CVE-2023-36780 is a remote code execution vulnerability in Skype for Business. The vulnerability exists in PowerShell when exposed through Microsoft Exchange or Skype. To exploit this vulnerability, an attacker must be granted an administrative role in the Skype for Business Control Panel. Successful exploitation of the vulnerability would allow an attacker to perform remote code execution on the Skype for Business Server backend. CVE-2023-36778 is a remote code execution vulnerability in Microsoft Exchange Server. An attacker must have LAN access and credentials for a valid Exchange user to exploit this vulnerability. An authenticated attacker who is on the same intranet as the Exchange server may perform remote code execution via a PowerShell remoting session. CVE-2023-36713 is an information disclosure vulnerability in the Windows Common Log File System Driver. Successful exploitation of the vulnerability would allow an attacker to read small portions of heap memory potentially. CVE-2023-36594 and CVE-2023-38159 are elevation of privilege vulnerabilities in the Microsoft Graphics Component. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-36731, CVE-2023-36732, CVE-2023-36743, CVE-2023-36776, and CVE-2023-41772 are elevation of privilege vulnerabilities in Win32k. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges.

84. Elevation of Privilege - Windows Win32k (CVE-2023-41772) - Medium [346]

Description: Win32k Elevation of Privilege Vulnerability

Qualys: Other Microsoft Vulnerability Highlights CVE-2023-36780 is a remote code execution vulnerability in Skype for Business. The vulnerability exists in PowerShell when exposed through Microsoft Exchange or Skype. To exploit this vulnerability, an attacker must be granted an administrative role in the Skype for Business Control Panel. Successful exploitation of the vulnerability would allow an attacker to perform remote code execution on the Skype for Business Server backend. CVE-2023-36778 is a remote code execution vulnerability in Microsoft Exchange Server. An attacker must have LAN access and credentials for a valid Exchange user to exploit this vulnerability. An authenticated attacker who is on the same intranet as the Exchange server may perform remote code execution via a PowerShell remoting session. CVE-2023-36713 is an information disclosure vulnerability in the Windows Common Log File System Driver. Successful exploitation of the vulnerability would allow an attacker to read small portions of heap memory potentially. CVE-2023-36594 and CVE-2023-38159 are elevation of privilege vulnerabilities in the Microsoft Graphics Component. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-36731, CVE-2023-36732, CVE-2023-36743, CVE-2023-36776, and CVE-2023-41772 are elevation of privilege vulnerabilities in Win32k. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges.

85. Elevation of Privilege - Microsoft Edge (CVE-2023-36562) - Medium [341]

Description: Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

MS PT Extended: CVE-2023-36562 was published before October 2023 Patch Tuesday from 2023-09-13 to 2023-10-09

86. Elevation of Privilege - Microsoft Office (CVE-2023-36569) - Medium [341]

Description: Microsoft Office Elevation of Privilege Vulnerability

Tenable: CVE-2023-36569 | Microsoft Office Elevation of Privilege Vulnerability

Tenable: CVE-2023-36569 is an EoP vulnerability in Microsoft Office assigned a CVSSv3 score of 8.4 and is rated as important. Successful exploitation of this vulnerability would provide an attacker with SYSTEM level privileges. Microsoft notes that this vulnerability is less likely to be exploited and that the preview pane is not an attack vector for exploiting this vulnerability.

Rapid7: Microsoft Office receives a patch for CVE-2023-36569, a local privilege escalation (LPE) vulnerability. Successful exploitation could lead to SYSTEM privileges, but Microsoft states that the Preview Pane is not a vector. The advisory doesn’t provide much more information; patches are available for Office 2019, 2021, and Apps for Enterprise. Office 2016 is not listed, which might signify that it isn’t vulnerable, or could mean that patches will be provided later.

87. Denial of Service - DHCP Server Service (CVE-2023-36703) - Medium [339]

Description: DHCP Server Service Denial of Service Vulnerability

88. Denial of Service - Microsoft AllJoyn API (CVE-2023-36709) - Medium [339]

Description: Microsoft AllJoyn API Denial of Service Vulnerability

89. Denial of Service - Microsoft QUIC (CVE-2023-36435) - Medium [339]

Description: Microsoft QUIC Denial of Service Vulnerability

90. Denial of Service - Microsoft QUIC (CVE-2023-38171) - Medium [339]

Description: Microsoft QUIC Denial of Service Vulnerability

91. Elevation of Privilege - Azure HDInsight Apache Oozie Workflow Scheduler (CVE-2023-36419) - Medium [339]

Description: Azure HDInsight Apache Oozie Workflow Scheduler Elevation of Privilege Vulnerability

92. Information Disclosure - Windows Remote Desktop Gateway (RD Gateway) (CVE-2023-29348) - Medium [335]

Description: Windows Remote Desktop Gateway (RD Gateway) Information Disclosure Vulnerability

93. Elevation of Privilege - Windows Win32k (CVE-2023-36776) - Medium [334]

Description: Win32k Elevation of Privilege Vulnerability

Qualys: Other Microsoft Vulnerability Highlights CVE-2023-36780 is a remote code execution vulnerability in Skype for Business. The vulnerability exists in PowerShell when exposed through Microsoft Exchange or Skype. To exploit this vulnerability, an attacker must be granted an administrative role in the Skype for Business Control Panel. Successful exploitation of the vulnerability would allow an attacker to perform remote code execution on the Skype for Business Server backend. CVE-2023-36778 is a remote code execution vulnerability in Microsoft Exchange Server. An attacker must have LAN access and credentials for a valid Exchange user to exploit this vulnerability. An authenticated attacker who is on the same intranet as the Exchange server may perform remote code execution via a PowerShell remoting session. CVE-2023-36713 is an information disclosure vulnerability in the Windows Common Log File System Driver. Successful exploitation of the vulnerability would allow an attacker to read small portions of heap memory potentially. CVE-2023-36594 and CVE-2023-38159 are elevation of privilege vulnerabilities in the Microsoft Graphics Component. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-36731, CVE-2023-36732, CVE-2023-36743, CVE-2023-36776, and CVE-2023-41772 are elevation of privilege vulnerabilities in Win32k. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges.

94. Elevation of Privilege - Windows Client Server Run-time Subsystem (CSRSS) (CVE-2023-41766) - Medium [329]

Description: Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability

95. Elevation of Privilege - Windows Graphics Component (CVE-2023-36594) - Medium [329]

Description: Windows Graphics Component Elevation of Privilege Vulnerability

Qualys: Other Microsoft Vulnerability Highlights CVE-2023-36780 is a remote code execution vulnerability in Skype for Business. The vulnerability exists in PowerShell when exposed through Microsoft Exchange or Skype. To exploit this vulnerability, an attacker must be granted an administrative role in the Skype for Business Control Panel. Successful exploitation of the vulnerability would allow an attacker to perform remote code execution on the Skype for Business Server backend. CVE-2023-36778 is a remote code execution vulnerability in Microsoft Exchange Server. An attacker must have LAN access and credentials for a valid Exchange user to exploit this vulnerability. An authenticated attacker who is on the same intranet as the Exchange server may perform remote code execution via a PowerShell remoting session. CVE-2023-36713 is an information disclosure vulnerability in the Windows Common Log File System Driver. Successful exploitation of the vulnerability would allow an attacker to read small portions of heap memory potentially. CVE-2023-36594 and CVE-2023-38159 are elevation of privilege vulnerabilities in the Microsoft Graphics Component. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2023-36731, CVE-2023-36732, CVE-2023-36743, CVE-2023-36776, and CVE-2023-41772 are elevation of privilege vulnerabilities in Win32k. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges.

96. Elevation of Privilege - Windows Internet Key Exchange (IKE) Extension (CVE-2023-36726) - Medium [329]

Description: Windows Internet Key Exchange (IKE) Extension Elevation of Privilege Vulnerability

97. Elevation of Privilege - Windows RDP Encoder Mirror Driver (CVE-2023-36790) - Medium [329]

Description: Windows RDP Encoder Mirror Driver Elevation of Privilege Vulnerability

98. Elevation of Privilege - Windows Runtime C++ Template Library (CVE-2023-36711) - Medium [329]

Description: Windows Runtime C++ Template Library Elevation of Privilege Vulnerability

99. Information Disclosure - Windows Deployment Services (CVE-2023-36706) - Medium [323]

Description: Windows Deployment Services Information Disclosure Vulnerability

100. Elevation of Privilege - Windows Error Reporting Service (CVE-2023-36721) - Medium [317]

Description: Windows Error Reporting Service Elevation of Privilege Vulnerability

101. Elevation of Privilege - Windows Graphics Component (CVE-2023-38159) - Medium [317]

Description: Windows Graphics Component Elevation of Privilege Vulnerability