Report Name: Microsoft Patch Tuesday, September 2023
Generated: 2023-09-30 15:13:45

Product Name	Prevalence	U	C	H	M	L	A	Comment
Windows Kernel	0.9			2	5		7	Windows Kernel
Windows TCP/IP	0.9			1	1		2	Windows component
.NET Core and Visual Studio	0.8				1		1	.NET Core and Visual Studio
.NET Framework	0.8			1			1	.NET Framework
Microsoft Edge	0.8	1	1	17	16		35	Web browser
Microsoft Exchange	0.8			3	2		5	Microsoft Exchange Server is a mail server and calendaring server developed by Microsoft
Microsoft Office	0.8				3		3	Microsoft Office is a suite of applications designed to help with productivity and completing common tasks on a computer
Windows Cloud Files Mini Filter Driver	0.8				1		1	Windows component
Windows Common Log File System Driver	0.8				2		2	Windows component
Windows GDI	0.8				2		2	Windows component
Windows MSHTML Platform	0.8			1			1	Windows component
Windows Miracast Wireless Display	0.8			1			1	Windows component
Windows Themes	0.8		1				1	Windows component
3D Viewer	0.7			3			3	Standard Windows Application
Dynamics Finance and Operations	0.7				1		1	Dynamics Finance and Operations
Microsoft Excel	0.6				1		1	MS Office product
Microsoft Outlook	0.6				1		1	MS Office product
Microsoft Word	0.6		1	1			2	MS Office product
3D Builder	0.5			4			4	3D Builder
Azure DevOps Server	0.5			2			2	Azure DevOps Server
Azure HDInsight Apache Ambari	0.5				1		1	Azure HDInsight Apache Ambari
DHCP Server Service	0.5				3		3	DHCP Server Service
Electron: CVE-2023-39956 -Visual Studio Code	0.5				1		1	Electron: CVE-2023-39956 -Visual Studio Code
Internet Connection Sharing (ICS)	0.5			1			1	Internet Connection Sharing (ICS)
Microsoft Dynamics 365 (on-premises)	0.5				2		2	Microsoft Dynamics 365 (on-premises)
Microsoft Identity Linux Broker	0.5				1		1	Microsoft Identity Linux Broker
Microsoft OneNote	0.5				1		1	Microsoft OneNote
Microsoft SharePoint Server	0.5				1		1	Microsoft SharePoint Server
Microsoft Streaming Service Proxy	0.5			1			1	Microsoft Streaming Service Proxy
Autodesk® FBX® SDK	0.3					1	1	The Autodesk® FBX® SDK is a free, easy-to-use, C++ software development platform and API toolkit that allows application and content vendors to transfer existing content into the FBX format with minimal effort.
Microsoft Azure Kubernetes Service	0.3				1		1	Microsoft Azure Kubernetes Service
Visual Studio	0.3				6		6	Integrated development environment
Visual Studio Code	0.3				1		1	Integrated development environment

Vulnerability Type	Criticality	U	C	H	M	L	A
Remote Code Execution	1.0		1	17	7		25
Security Feature Bypass	0.9			6	1		7
Denial of Service	0.7			1	2		3
Memory Corruption	0.6	1	1	12	6		20
Elevation of Privilege	0.5			2	16		18
Cross Site Scripting	0.4				3		3
Information Disclosure	0.4		1		9		10
Spoofing	0.4				7		7
Unknown Vulnerability Type	0				3	1	4

Source	U	C	H	M	L	A
MS PT Extended		1	17	17		35
Qualys		1	6	14		21
Tenable		1	4	3		8
Rapid7		1	8	4		13
ZDI		2	2	1		5

Urgent (1)

1. Memory Corruption - Microsoft Edge (CVE-2023-4863) - Urgent [883]

Description: Chromium: CVE-2023-4863 Heap buffer overflow in WebP. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. Google is aware that an exploit for CVE-2023-4863 exists in the wild.

Critical (3)

2. Remote Code Execution - Windows Themes (CVE-2023-38146) - Critical [716]

Description: Windows Themes Remote Code Execution Vulnerability

ZDI: CVE-2023-38146 - Windows Themes Remote Code Execution Vulnerability. This probably isn’t one of the most severe bugs patched this month, but it kicked off such a wave of nostalgia, that I had to call it out. This bug could allow code execution if an attacker can convince a user to open a specially crafted theme file. If this sounds like screensaver exploits from 20+ years, it’s because it’s just like screensaver bugs from 20+ years ago. Congrats to Pwn2Own winners Thijs Alkemade and Daan Keuper of Computest Sector 7 for helping bring this oldie but goodie to light.

3. Information Disclosure - Microsoft Word (CVE-2023-36761) - Critical [657]

Description: Microsoft Word Information Disclosure Vulnerability

Qualys: CVE-2023-36761: Microsoft Word Information Disclosure Vulnerability Successful exploitation of this vulnerability could allow an attacker to disclose NTLM hashes. The NTLM hashes are encoded by converting the user’s password into a 16-byte key using an MD4 hash function. The key is divided into two halves of 8 bytes. The key is used as input to three rounds of DES encryption that generates a 16-byte output representing the NTLM hash. CISA has added the vulnerability to its Known Exploited Vulnerabilities Catalog, requesting users to patch it before October 3, 2023.

Tenable: Microsoft’s September 2023 Patch Tuesday Addresses 61 CVEs (CVE-2023-36761)

Tenable: CVE-2023-36761 | Microsoft Word Information Disclosure Vulnerability

Tenable: CVE-2023-36761 is an information disclosure vulnerability in Microsoft Word. It was assigned a CVSSv3 score of 6.2 and is rated important. According to Microsoft, it has been exploited in the wild as a zero-day and was publicly disclosed prior to a patch being available. Its discovery is credited to the Microsoft Threat Intelligence team.

Rapid7: Microsoft Word receives a patch for CVE-2023-36761, which is marked as exploited in the wild as well as publicly disclosed; successful exploitation results in disclosure of NTLM hashes from a malicious opened document via the Preview Pane. This could provide an attacker with the means to “Pass the Hash” and authenticate remotely without resorting to brute force.

Rapid7: Microsoft is clearly concerned about the potential impact of CVE-2023-36761, since they are providing patches not only for current versions of Word, but also for Word 2013, which reached its Extended End Date back in April 2023. In March, Microsoft patched CVE-2023-23397, a vulnerability in Outlook which also led to NTLM hash leaks, and which received significant attention at the time.

ZDI: CVE-2023-36761 - Microsoft Word Information Disclosure Vulnerability. This is the bug currently under active attack, but I wouldn’t classify it as “information disclosure”. An attacker could use this vulnerability to allow the disclosure of NTLM hashes, which would then presumably be used in an NTLM-relay style attack. Those are usually defined as Spoofing bugs (see Exchange blew). Regardless of the classification, the preview pane is a vector here as well, which means no user interaction is required. Definitely put this one on the top of your test-and-deploy list.

4. Memory Corruption - Microsoft Edge (CVE-2023-4352) - Critical [621]

Description: Chromium: CVE-2023-4352 Type Confusion in V8. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2023-4352 was published before September 2023 Patch Tuesday from 2023-08-09 to 2023-09-11

High (38)

5. Remote Code Execution - Azure DevOps Server (CVE-2023-38155) - High [521]

Description: Azure DevOps Server Remote Code Execution Vulnerability

Rapid7: Azure DevOps Server receives two fixes this month. While CVE-2023-38155 requires that an attacker carry out significant recon and preparation of the environment, successful exploitation would lead to administrator privileges. Potentially of greater concern is CVE-2023-33136, which allows an attacker with Queue Build permissions to abuse an overridable input variable to achieve RCE. While most DevOps Server installations are hopefully managed by people both willing and able to apply prompt upgrades, CI/CD environments are prime targets for supply chain attacks.

6. Remote Code Execution - Microsoft Edge (CVE-2023-4762) - High [514]

Description: {'ms_cve_data_all': 'Chromium: CVE-2023-4762 Type Confusion in V8. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.\n', 'nvd_cve_data_all': '', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)', 'combined_cve_data_all': ''}

MS PT Extended: CVE-2023-4762 was published before September 2023 Patch Tuesday from 2023-08-09 to 2023-09-11

7. Elevation of Privilege - Microsoft Streaming Service Proxy (CVE-2023-36802) - High [494]

Description: Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability

Qualys: CVE-2023-36802: Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability Microsoft Streaming Service Proxy is connected to a video service called Microsoft Stream. The service allows users to share information and improves communication and connectivity in a secure enterprise environment. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CISA has added the vulnerability to its Known Exploited Vulnerabilities Catalog, requesting users to patch it before October 3, 2023.

Tenable: CVE-2023-36802 | Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability

Tenable: CVE-2023-36802 is an EoP vulnerability in the Microsoft Streaming Service Proxy. It was assigned a CVSSv3 score of 7.8 and is rated important. Exploitation of this flaw would grant an attacker SYSTEM privileges. According to Microsoft, it has been exploited in the wild as a zero-day. Discovery of this flaw is credited to Valentina Palmiotti from IBM X-Force, Quan Jin and ze0r with DBAPPSecurity WeBin Lab and both the Microsoft Security Response Center (MSRC) and Microsoft Threat Intelligence.

Rapid7: The second zero-day vulnerability patched this month is CVE-2023-36802, an elevation of privilege vulnerability in Microsoft Streaming Service Proxy, which could grant SYSTEM privileges via exploitation of a kernel driver. Microsoft has detected in-the-wild exploitation, but is not aware of publicly available exploit code. This is a debut Patch Tuesday appearance for Microsoft Streaming Service, but with several researchers from across the globe acknowledged on the advisory, it’s unlikely to be the last. Today’s confirmation of in-the-wild exploitation prior to publication all but guarantees that this will remain an area of interest.

ZDI: Moving on to the other EoP bugs receiving patches this month, the vast majority require an attacker to run a specially crafted program on an affected system. That’s true for CVE-2023-36802, which is the other bug listed as being under active attack. In most cases, this leads to either administrator privileges or running code at SYSTEM level. In fact, this is true of all of the EoP bugs patched this month outside of the previously mentioned Azure Kubernetes escalation.

8. Remote Code Execution - Windows Miracast Wireless Display (CVE-2023-38147) - High [466]

Description: Windows Miracast Wireless Display Remote Code Execution Vulnerability

Rapid7: A vulnerability in the Windows implementation of wireless display standard Miracast allows for an unauthenticated user to project to a vulnerable system. Although CVE-2023-38147 requires that an attacker be in close physical proximity to the target, consider that wireless display technology is often used in high-traffic environments such as conventions, which could allow an opportunistic attacker to inflict reputational damage. While exploitation requires that the target asset is configured to allow "Projecting to this PC" and marked as "Available Everywhere" – and Microsoft points out that this is not the default configuration – most administrators will know from long experience that many users will simply select whichever options cause them the least friction.

9. Remote Code Execution - .NET Framework (CVE-2023-36788) - High [454]

Description: .NET Framework Remote Code Execution Vulnerability

10. Security Feature Bypass - Microsoft Edge (CVE-2023-4357) - High [448]

Description: Chromium: CVE-2023-4357 Insufficient validation of untrusted input in XML. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2023-4357 was published before September 2023 Patch Tuesday from 2023-08-09 to 2023-09-11

11. Remote Code Execution - Azure DevOps Server (CVE-2023-33136) - High [440]

Description: Azure DevOps Server Remote Code Execution Vulnerability

Rapid7: Azure DevOps Server receives two fixes this month. While CVE-2023-38155 requires that an attacker carry out significant recon and preparation of the environment, successful exploitation would lead to administrator privileges. Potentially of greater concern is CVE-2023-33136, which allows an attacker with Queue Build permissions to abuse an overridable input variable to achieve RCE. While most DevOps Server installations are hopefully managed by people both willing and able to apply prompt upgrades, CI/CD environments are prime targets for supply chain attacks.

12. Remote Code Execution - 3D Viewer (CVE-2023-36739) - High [438]

Description: 3D Viewer Remote Code Execution Vulnerability

13. Remote Code Execution - 3D Viewer (CVE-2023-36740) - High [438]

Description: 3D Viewer Remote Code Execution Vulnerability

14. Remote Code Execution - 3D Viewer (CVE-2023-36760) - High [438]

Description: 3D Viewer Remote Code Execution Vulnerability

15. Remote Code Execution - Microsoft Exchange (CVE-2023-36744) - High [430]

Description: Microsoft Exchange Server Remote Code Execution Vulnerability

Qualys: Other Microsoft Vulnerability Highlights  CVE-2023-38161 and CVE-2023-36804 are elevation of privilege vulnerabilities in Windows GDI. The vulnerabilities may allow an attacker to gain SYSTEM privileges on successful exploitation. CVE-2023-38152 is an information disclosure vulnerability in the DHCP Server Service. Successful exploitation of the vulnerability may lead to the disclosure of initialized or uninitialized memory in the process heap. CVE-2023-38142 is an elevation of privilege vulnerability in Windows Kernel. The vulnerability may allow an attacker to gain SYSTEM privileges on successful exploitation. CVE-2023-38160 is an information disclosure vulnerability in Windows TCP/IP. Successful exploitation of the vulnerability would allow an attacker to read small portions of heap memory. CVE-2023-36777 is an information disclosure vulnerability in Microsoft Exchange Server. An attacker must be authenticated with LAN access and have credentials for a valid Exchange user to exploit the vulnerability. On successful exploitation, an attacker would disclose file content. CVE-2023-38143 and CVE-2023-38144 are elevation of privilege vulnerabilities in the Windows Common Log File System Driver. The vulnerabilities may allow an attacker to gain SYSTEM privileges on successful exploitation. CVE-2023-36756, CVE-2023-36745, and CVE-2023-36744 are remote code execution vulnerabilities in Microsoft Exchange Server. An attacker must be authenticated with LAN access and have credentials for a valid Exchange user to exploit the vulnerabilities. On successful exploitation, an attacker could trigger malicious code in the context of the server’s account through a network call.

Tenable: CVE-2023-36744, CVE-2023-36745 and CVE-2023-36756 | Microsoft Exchange Server Remote Code Execution Vulnerability

Tenable: CVE-2023-36744, CVE-2023-36745 and CVE-2023-36756 are RCE vulnerabilities affecting Microsoft Exchange. Each of these vulnerabilities were given CVSSv3 scores of 8.0 and were rated as “Exploitation More Likely” using the Microsoft Exploitability Index. Successful exploitation of these vulnerabilities requires an attacker to authenticate with LAN-access and have valid credentials for an Exchange user.

Rapid7: Microsoft is patching five vulnerabilities in Exchange this month. Although Microsoft doesn’t rate any of these higher than “Important” under their proprietary severity rating system, three of the five are RCE vulnerabilities with CVSSv3 base score of 8.0. CVE-2023-36744 CVE-2023-36745, and CVE-2023-36756 would surely receive higher severity if not for several mitigating factors. Successful exploitation requires that the attacker must be present on the same LAN as the Exchange server, and must already possess valid credentials for an Exchange user. Additionally, Microsoft notes that the August 2023 patches already protect against these newly published vulnerabilities, further underscoring the value of timely patching.

16. Remote Code Execution - Microsoft Exchange (CVE-2023-36745) - High [430]

Description: Microsoft Exchange Server Remote Code Execution Vulnerability

Qualys: Other Microsoft Vulnerability Highlights  CVE-2023-38161 and CVE-2023-36804 are elevation of privilege vulnerabilities in Windows GDI. The vulnerabilities may allow an attacker to gain SYSTEM privileges on successful exploitation. CVE-2023-38152 is an information disclosure vulnerability in the DHCP Server Service. Successful exploitation of the vulnerability may lead to the disclosure of initialized or uninitialized memory in the process heap. CVE-2023-38142 is an elevation of privilege vulnerability in Windows Kernel. The vulnerability may allow an attacker to gain SYSTEM privileges on successful exploitation. CVE-2023-38160 is an information disclosure vulnerability in Windows TCP/IP. Successful exploitation of the vulnerability would allow an attacker to read small portions of heap memory. CVE-2023-36777 is an information disclosure vulnerability in Microsoft Exchange Server. An attacker must be authenticated with LAN access and have credentials for a valid Exchange user to exploit the vulnerability. On successful exploitation, an attacker would disclose file content. CVE-2023-38143 and CVE-2023-38144 are elevation of privilege vulnerabilities in the Windows Common Log File System Driver. The vulnerabilities may allow an attacker to gain SYSTEM privileges on successful exploitation. CVE-2023-36756, CVE-2023-36745, and CVE-2023-36744 are remote code execution vulnerabilities in Microsoft Exchange Server. An attacker must be authenticated with LAN access and have credentials for a valid Exchange user to exploit the vulnerabilities. On successful exploitation, an attacker could trigger malicious code in the context of the server’s account through a network call.

Tenable: CVE-2023-36744, CVE-2023-36745 and CVE-2023-36756 | Microsoft Exchange Server Remote Code Execution Vulnerability

Tenable: CVE-2023-36744, CVE-2023-36745 and CVE-2023-36756 are RCE vulnerabilities affecting Microsoft Exchange. Each of these vulnerabilities were given CVSSv3 scores of 8.0 and were rated as “Exploitation More Likely” using the Microsoft Exploitability Index. Successful exploitation of these vulnerabilities requires an attacker to authenticate with LAN-access and have valid credentials for an Exchange user.

Rapid7: Microsoft is patching five vulnerabilities in Exchange this month. Although Microsoft doesn’t rate any of these higher than “Important” under their proprietary severity rating system, three of the five are RCE vulnerabilities with CVSSv3 base score of 8.0. CVE-2023-36744 CVE-2023-36745, and CVE-2023-36756 would surely receive higher severity if not for several mitigating factors. Successful exploitation requires that the attacker must be present on the same LAN as the Exchange server, and must already possess valid credentials for an Exchange user. Additionally, Microsoft notes that the August 2023 patches already protect against these newly published vulnerabilities, further underscoring the value of timely patching.

17. Remote Code Execution - Microsoft Exchange (CVE-2023-36756) - High [430]

Description: Microsoft Exchange Server Remote Code Execution Vulnerability

Qualys: Other Microsoft Vulnerability Highlights  CVE-2023-38161 and CVE-2023-36804 are elevation of privilege vulnerabilities in Windows GDI. The vulnerabilities may allow an attacker to gain SYSTEM privileges on successful exploitation. CVE-2023-38152 is an information disclosure vulnerability in the DHCP Server Service. Successful exploitation of the vulnerability may lead to the disclosure of initialized or uninitialized memory in the process heap. CVE-2023-38142 is an elevation of privilege vulnerability in Windows Kernel. The vulnerability may allow an attacker to gain SYSTEM privileges on successful exploitation. CVE-2023-38160 is an information disclosure vulnerability in Windows TCP/IP. Successful exploitation of the vulnerability would allow an attacker to read small portions of heap memory. CVE-2023-36777 is an information disclosure vulnerability in Microsoft Exchange Server. An attacker must be authenticated with LAN access and have credentials for a valid Exchange user to exploit the vulnerability. On successful exploitation, an attacker would disclose file content. CVE-2023-38143 and CVE-2023-38144 are elevation of privilege vulnerabilities in the Windows Common Log File System Driver. The vulnerabilities may allow an attacker to gain SYSTEM privileges on successful exploitation. CVE-2023-36756, CVE-2023-36745, and CVE-2023-36744 are remote code execution vulnerabilities in Microsoft Exchange Server. An attacker must be authenticated with LAN access and have credentials for a valid Exchange user to exploit the vulnerabilities. On successful exploitation, an attacker could trigger malicious code in the context of the server’s account through a network call.

Tenable: CVE-2023-36744, CVE-2023-36745 and CVE-2023-36756 | Microsoft Exchange Server Remote Code Execution Vulnerability

Tenable: CVE-2023-36744, CVE-2023-36745 and CVE-2023-36756 are RCE vulnerabilities affecting Microsoft Exchange. Each of these vulnerabilities were given CVSSv3 scores of 8.0 and were rated as “Exploitation More Likely” using the Microsoft Exploitability Index. Successful exploitation of these vulnerabilities requires an attacker to authenticate with LAN-access and have valid credentials for an Exchange user.

Rapid7: Microsoft is patching five vulnerabilities in Exchange this month. Although Microsoft doesn’t rate any of these higher than “Important” under their proprietary severity rating system, three of the five are RCE vulnerabilities with CVSSv3 base score of 8.0. CVE-2023-36744 CVE-2023-36745, and CVE-2023-36756 would surely receive higher severity if not for several mitigating factors. Successful exploitation requires that the attacker must be present on the same LAN as the Exchange server, and must already possess valid credentials for an Exchange user. Additionally, Microsoft notes that the August 2023 patches already protect against these newly published vulnerabilities, further underscoring the value of timely patching.

18. Security Feature Bypass - Windows Kernel (CVE-2023-38163) - High [429]

Description: Windows Defender Attack Surface Reduction Security Feature Bypass

19. Elevation of Privilege - Windows Kernel (CVE-2023-38150) - High [427]

Description: Windows Kernel Elevation of Privilege Vulnerability

20. Security Feature Bypass - Microsoft Edge (CVE-2023-4368) - High [425]

Description: Chromium: CVE-2023-4368 Insufficient policy enforcement in Extensions API. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2023-4368 was published before September 2023 Patch Tuesday from 2023-08-09 to 2023-09-11

21. Memory Corruption - Microsoft Edge (CVE-2023-4429) - High [419]

Description: Chromium: CVE-2023-4429: Use after free in Loader. This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2023-4429 was published before September 2023 Patch Tuesday from 2023-08-09 to 2023-09-11

22. Memory Corruption - Microsoft Edge (CVE-2023-4430) - High [419]

Description: Chromium: CVE-2023-4430: Use after free in Vulkan. This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2023-4430 was published before September 2023 Patch Tuesday from 2023-08-09 to 2023-09-11

23. Memory Corruption - Microsoft Edge (CVE-2023-4572) - High [419]

Description: Chromium: CVE-2023-4572 Use after free in MediaStream. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2023-4572 was published before September 2023 Patch Tuesday from 2023-08-09 to 2023-09-11

24. Memory Corruption - Microsoft Edge (CVE-2023-4763) - High [419]

Description: Chromium: CVE-2023-4763 Use after free in Networks. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2023-4763 was published before September 2023 Patch Tuesday from 2023-08-09 to 2023-09-11

25. Remote Code Execution - Internet Connection Sharing (ICS) (CVE-2023-38148) - High [416]

Description: Internet Connection Sharing (ICS) Remote Code Execution Vulnerability

Qualys: CVE-2023-38148: Internet Connection Sharing (ICS) Remote Code Execution Vulnerability Internet Connection Sharing (ICS) is a Windows service that enables one Internet-connected computer to share its Internet connection with other computers on a local area network (LAN). The vulnerability is exploitable only when Internet Connection Sharing (ICS) is enabled. An attacker can only attack systems connected to the same network segment as them. Attacks cannot be carried out across multiple networks (for example, a WAN). An unauthenticated attacker may exploit this vulnerability by sending a specially crafted network packet to the Internet Connection Sharing (ICS) Service.

Qualys: CVE-2023-38148: Internet Connection Sharing (ICS) Remote Code Execution Vulnerability This vulnerability has a CVSS:3.1 8.8 / 7.7 3719 Status of the ‘Internet Connection Sharing (ICS)’ service 14916 Status of Windows Services The following QQL will return a posture assessment for the CIDs for this Patch Tuesday: control.id: [11511,26238,26623,3719,14916]

Qualys: CVE-2023-38148: Internet Connection Sharing (ICS) Remote Code Execution Vulnerability This vulnerability has a CVSSv3.1 score of 8.8/10.

Rapid7: CVE-2023-38148 describes a critical remote code execution (RCE) in the Windows Internet Connection Sharing (ICS) functionality. Although the advisory is light on detail, it’s likely that successful exploitation would lead to arbitrary code execution on the ICS host at SYSTEM level. The silver lining is that the attack cannot be carried out from another network, so attackers must first establish an adjacent foothold.

ZDI: CVE-2023-38148 - Internet Connection Sharing (ICS) Remote Code Execution Vulnerability. This Critical-rated bug is the highest-rated CVSS this month (8.8), but it’s not all bad news. First, this is limited to network-adjacent attackers. A successful exploit also relies on ICS being enabled. Most places these days don’t require ICS, and it’s not turned on by default. However, if you’re in one of those places where ICS is used, this could allow an unauthenticated attacker to run their code on affected systems.

26. Remote Code Execution - Microsoft Word (CVE-2023-36762) - High [409]

Description: Microsoft Word Remote Code Execution Vulnerability

27. Memory Corruption - Microsoft Edge (CVE-2023-2312) - High [407]

Description: Chromium: CVE-2023-2312 Use after free in Offline. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2023-2312 was published before September 2023 Patch Tuesday from 2023-08-09 to 2023-09-11

28. Memory Corruption - Microsoft Edge (CVE-2023-4349) - High [407]

Description: Chromium: CVE-2023-4349 Use after free in Device Trust Connectors. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2023-4349 was published before September 2023 Patch Tuesday from 2023-08-09 to 2023-09-11

29. Memory Corruption - Microsoft Edge (CVE-2023-4353) - High [407]

Description: Chromium: CVE-2023-4353 Heap buffer overflow in ANGLE. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2023-4353 was published before September 2023 Patch Tuesday from 2023-08-09 to 2023-09-11

30. Memory Corruption - Microsoft Edge (CVE-2023-4354) - High [407]

Description: Chromium: CVE-2023-4354 Heap buffer overflow in Skia. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2023-4354 was published before September 2023 Patch Tuesday from 2023-08-09 to 2023-09-11

31. Memory Corruption - Microsoft Edge (CVE-2023-4355) - High [407]

Description: Chromium: CVE-2023-4355 Out of bounds memory access in V8. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2023-4355 was published before September 2023 Patch Tuesday from 2023-08-09 to 2023-09-11

32. Memory Corruption - Microsoft Edge (CVE-2023-4356) - High [407]

Description: Chromium: CVE-2023-4356 Use after free in Audio. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2023-4356 was published before September 2023 Patch Tuesday from 2023-08-09 to 2023-09-11

33. Memory Corruption - Microsoft Edge (CVE-2023-4358) - High [407]

Description: Chromium: CVE-2023-4358 Use after free in DNS. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2023-4358 was published before September 2023 Patch Tuesday from 2023-08-09 to 2023-09-11

34. Memory Corruption - Microsoft Edge (CVE-2023-4362) - High [407]

Description: Chromium: CVE-2023-4362 Heap buffer overflow in Mojom IDL. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2023-4362 was published before September 2023 Patch Tuesday from 2023-08-09 to 2023-09-11

35. Denial of Service - Windows TCP/IP (CVE-2023-38149) - High [405]

Description: Windows TCP/IP Denial of Service Vulnerability

Qualys: CVE-2023-38149: Windows TCP/IP Denial of Service Vulnerability This vulnerability has a CVSS:3.1 7.5 / 6.5 Policy Compliance Control IDs (CIDs): 26623 Status of the ‘RouterDiscovery’ setting configured on the IPv6 interfaces (Qualys Agent only) 4842 Status of the ‘Internet Protocol version 6 (IPv6) components’ setting

Qualys: CVE-2023-38149: Windows TCP/IP Denial of Service Vulnerability This vulnerability has a CVSSv3.1 score of 7.5/10. The next Patch Tuesday falls on October 10, and we’ll be back with details and patch analysis. Until next Patch Tuesday, stay safe and secure. Be sure to subscribe to the ‘This Month in Vulnerabilities and Patch’s webinar.’

36. Remote Code Execution - 3D Builder (CVE-2023-36770) - High [404]

Description: 3D Builder Remote Code Execution Vulnerability

37. Remote Code Execution - 3D Builder (CVE-2023-36771) - High [404]

Description: 3D Builder Remote Code Execution Vulnerability

38. Remote Code Execution - 3D Builder (CVE-2023-36772) - High [404]

Description: 3D Builder Remote Code Execution Vulnerability

39. Remote Code Execution - 3D Builder (CVE-2023-36773) - High [404]

Description: 3D Builder Remote Code Execution Vulnerability

40. Security Feature Bypass - Microsoft Edge (CVE-2023-4361) - High [401]

Description: {'ms_cve_data_all': 'Chromium: CVE-2023-4361 Inappropriate implementation in Autofill. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.\n', 'nvd_cve_data_all': '', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Inappropriate implementation in Autofill in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Medium)', 'combined_cve_data_all': ''}

MS PT Extended: CVE-2023-4361 was published before September 2023 Patch Tuesday from 2023-08-09 to 2023-09-11

41. Security Feature Bypass - Microsoft Edge (CVE-2023-4367) - High [401]

Description: Chromium: CVE-2023-4367 Insufficient policy enforcement in Extensions API. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2023-4367 was published before September 2023 Patch Tuesday from 2023-08-09 to 2023-09-11

42. Security Feature Bypass - Windows MSHTML Platform (CVE-2023-36805) - High [401]

Description: Windows MSHTML Platform Security Feature Bypass Vulnerability

Medium (54)

43. Memory Corruption - Microsoft Edge (CVE-2023-4351) - Medium [395]

Description: Chromium: CVE-2023-4351 Use after free in Network. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2023-4351 was published before September 2023 Patch Tuesday from 2023-08-09 to 2023-09-11

44. Memory Corruption - Microsoft Edge (CVE-2023-4427) - Medium [395]

Description: Chromium: CVE-2023-4427: Out of bounds memory access in V8. This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2023-4427 was published before September 2023 Patch Tuesday from 2023-08-09 to 2023-09-11

45. Memory Corruption - Microsoft Edge (CVE-2023-4428) - Medium [395]

Description: Chromium: CVE-2023-4428: Out of bounds memory access in CSS. This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2023-4428 was published before September 2023 Patch Tuesday from 2023-08-09 to 2023-09-11

46. Memory Corruption - Microsoft Edge (CVE-2023-4431) - Medium [395]

Description: Chromium: CVE-2023-4431: Out of bounds memory access in Fonts. This CVE was assigned by Chrome.  Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2023-4431 was published before September 2023 Patch Tuesday from 2023-08-09 to 2023-09-11

47. Memory Corruption - Microsoft Edge (CVE-2023-4761) - Medium [395]

Description: Chromium: CVE-2023-4761 Out of bounds memory access in FedCM. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2023-4761 was published before September 2023 Patch Tuesday from 2023-08-09 to 2023-09-11

48. Security Feature Bypass - Microsoft Office (CVE-2023-36767) - Medium [389]

Description: Microsoft Office Security Feature Bypass Vulnerability

49. Denial of Service - .NET Core and Visual Studio (CVE-2023-36799) - Medium [377]

Description: .NET Core and Visual Studio Denial of Service Vulnerability

50. Elevation of Privilege - Microsoft Edge (CVE-2023-36787) - Medium [377]

Description: Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

MS PT Extended: CVE-2023-36787 was published before September 2023 Patch Tuesday from 2023-08-09 to 2023-09-11

51. Elevation of Privilege - Microsoft Office (CVE-2023-36765) - Medium [377]

Description: Microsoft Office Elevation of Privilege Vulnerability

52. Memory Corruption - Microsoft Edge (CVE-2023-4366) - Medium [371]

Description: Chromium: CVE-2023-4366 Use after free in Extensions. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2023-4366 was published before September 2023 Patch Tuesday from 2023-08-09 to 2023-09-11

53. Remote Code Execution - Visual Studio (CVE-2023-36792) - Medium [371]

Description: Visual Studio Remote Code Execution Vulnerability

Qualys: CVE-2023-36792, CVE-2023-36793, and CVE-2023-36796: Visual Studio Remote Code Execution Vulnerability Visual Code allows users to edit, debug, build, and publish an app. Visual Studio also provides compilers, code completion tools, graphical designers, and many more features to enhance software development. To exploit the vulnerabilities, an attacker must convince a victim to download and open a specially crafted file from a website, leading to a local computer attack.

Rapid7: This month’s three other critical RCE vulnerabilities have quite a lot in common: CVE-2023-36792, CVE-2023-36793, and CVE-2023-36796 all rely on the user opening a malicious package file, and are thus classed as arbitrary code execution rather than no-interaction RCE. In each case, patches are available for a long list of Visual Studio and .NET installations. Organizations with large developer headcount are likely to be disproportionately at risk.

54. Remote Code Execution - Visual Studio (CVE-2023-36793) - Medium [371]

Description: Visual Studio Remote Code Execution Vulnerability

Qualys: CVE-2023-36792, CVE-2023-36793, and CVE-2023-36796: Visual Studio Remote Code Execution Vulnerability Visual Code allows users to edit, debug, build, and publish an app. Visual Studio also provides compilers, code completion tools, graphical designers, and many more features to enhance software development. To exploit the vulnerabilities, an attacker must convince a victim to download and open a specially crafted file from a website, leading to a local computer attack.

Rapid7: This month’s three other critical RCE vulnerabilities have quite a lot in common: CVE-2023-36792, CVE-2023-36793, and CVE-2023-36796 all rely on the user opening a malicious package file, and are thus classed as arbitrary code execution rather than no-interaction RCE. In each case, patches are available for a long list of Visual Studio and .NET installations. Organizations with large developer headcount are likely to be disproportionately at risk.

55. Remote Code Execution - Visual Studio (CVE-2023-36794) - Medium [371]

Description: Visual Studio Remote Code Execution Vulnerability

56. Remote Code Execution - Visual Studio (CVE-2023-36796) - Medium [371]

Description: Visual Studio Remote Code Execution Vulnerability

Qualys: CVE-2023-36792, CVE-2023-36793, and CVE-2023-36796: Visual Studio Remote Code Execution Vulnerability Visual Code allows users to edit, debug, build, and publish an app. Visual Studio also provides compilers, code completion tools, graphical designers, and many more features to enhance software development. To exploit the vulnerabilities, an attacker must convince a victim to download and open a specially crafted file from a website, leading to a local computer attack.

Rapid7: This month’s three other critical RCE vulnerabilities have quite a lot in common: CVE-2023-36792, CVE-2023-36793, and CVE-2023-36796 all rely on the user opening a malicious package file, and are thus classed as arbitrary code execution rather than no-interaction RCE. In each case, patches are available for a long list of Visual Studio and .NET installations. Organizations with large developer headcount are likely to be disproportionately at risk.

57. Remote Code Execution - Visual Studio Code (CVE-2023-36742) - Medium [371]

Description: Visual Studio Code Remote Code Execution Vulnerability

58. Elevation of Privilege - Microsoft Edge (CVE-2023-36741) - Medium [365]

Description: Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

MS PT Extended: CVE-2023-36741 was published before September 2023 Patch Tuesday from 2023-08-09 to 2023-09-11

59. Remote Code Execution - Electron: CVE-2023-39956 -Visual Studio Code (CVE-2023-39956) - Medium [357]

Description: Electron: CVE-2023-39956 -Visual Studio Code Remote Code Execution Vulnerability

60. Spoofing - Microsoft Edge (CVE-2023-4764) - Medium [347]

Description: {'ms_cve_data_all': 'Chromium: CVE-2023-4764 Incorrect security UI in BFCache. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.\n', 'nvd_cve_data_all': '', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Incorrect security UI in BFCache in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)', 'combined_cve_data_all': ''}

MS PT Extended: CVE-2023-4764 was published before September 2023 Patch Tuesday from 2023-08-09 to 2023-09-11

61. Elevation of Privilege - Windows Kernel (CVE-2023-38139) - Medium [346]

Description: Windows Kernel Elevation of Privilege Vulnerability

62. Elevation of Privilege - Windows Kernel (CVE-2023-38141) - Medium [346]

Description: Windows Kernel Elevation of Privilege Vulnerability

63. Elevation of Privilege - Windows Kernel (CVE-2023-38142) - Medium [346]

Description: Windows Kernel Elevation of Privilege Vulnerability

Qualys: Other Microsoft Vulnerability Highlights  CVE-2023-38161 and CVE-2023-36804 are elevation of privilege vulnerabilities in Windows GDI. The vulnerabilities may allow an attacker to gain SYSTEM privileges on successful exploitation. CVE-2023-38152 is an information disclosure vulnerability in the DHCP Server Service. Successful exploitation of the vulnerability may lead to the disclosure of initialized or uninitialized memory in the process heap. CVE-2023-38142 is an elevation of privilege vulnerability in Windows Kernel. The vulnerability may allow an attacker to gain SYSTEM privileges on successful exploitation. CVE-2023-38160 is an information disclosure vulnerability in Windows TCP/IP. Successful exploitation of the vulnerability would allow an attacker to read small portions of heap memory. CVE-2023-36777 is an information disclosure vulnerability in Microsoft Exchange Server. An attacker must be authenticated with LAN access and have credentials for a valid Exchange user to exploit the vulnerability. On successful exploitation, an attacker would disclose file content. CVE-2023-38143 and CVE-2023-38144 are elevation of privilege vulnerabilities in the Windows Common Log File System Driver. The vulnerabilities may allow an attacker to gain SYSTEM privileges on successful exploitation. CVE-2023-36756, CVE-2023-36745, and CVE-2023-36744 are remote code execution vulnerabilities in Microsoft Exchange Server. An attacker must be authenticated with LAN access and have credentials for a valid Exchange user to exploit the vulnerabilities. On successful exploitation, an attacker could trigger malicious code in the context of the server’s account through a network call.

64. Remote Code Execution - Microsoft Identity Linux Broker (CVE-2023-36736) - Medium [345]

Description: Microsoft Identity Linux Broker Remote Code Execution Vulnerability

65. Denial of Service - DHCP Server Service (CVE-2023-38162) - Medium [339]

Description: DHCP Server Service Denial of Service Vulnerability

Qualys: CVE-2023-38162: DHCP Server Service Denial of Service Vulnerability This vulnerability has a CVSS:3.1 7.5 / 6.5 Policy Compliance Control IDs (CIDs): 26238 Status of the DHCP Failover Configuration (Qualys Agent Only)

66. Spoofing - Microsoft Edge (CVE-2023-4350) - Medium [335]

Description: {'ms_cve_data_all': 'Chromium: CVE-2023-4350 Inappropriate implementation in Fullscreen. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.\n', 'nvd_cve_data_all': '', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)', 'combined_cve_data_all': ''}

MS PT Extended: CVE-2023-4350 was published before September 2023 Patch Tuesday from 2023-08-09 to 2023-09-11

67. Elevation of Privilege - Windows Cloud Files Mini Filter Driver (CVE-2023-35355) - Medium [329]

Description: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

68. Elevation of Privilege - Windows Common Log File System Driver (CVE-2023-38143) - Medium [329]

Description: Windows Common Log File System Driver Elevation of Privilege Vulnerability

Qualys: Other Microsoft Vulnerability Highlights  CVE-2023-38161 and CVE-2023-36804 are elevation of privilege vulnerabilities in Windows GDI. The vulnerabilities may allow an attacker to gain SYSTEM privileges on successful exploitation. CVE-2023-38152 is an information disclosure vulnerability in the DHCP Server Service. Successful exploitation of the vulnerability may lead to the disclosure of initialized or uninitialized memory in the process heap. CVE-2023-38142 is an elevation of privilege vulnerability in Windows Kernel. The vulnerability may allow an attacker to gain SYSTEM privileges on successful exploitation. CVE-2023-38160 is an information disclosure vulnerability in Windows TCP/IP. Successful exploitation of the vulnerability would allow an attacker to read small portions of heap memory. CVE-2023-36777 is an information disclosure vulnerability in Microsoft Exchange Server. An attacker must be authenticated with LAN access and have credentials for a valid Exchange user to exploit the vulnerability. On successful exploitation, an attacker would disclose file content. CVE-2023-38143 and CVE-2023-38144 are elevation of privilege vulnerabilities in the Windows Common Log File System Driver. The vulnerabilities may allow an attacker to gain SYSTEM privileges on successful exploitation. CVE-2023-36756, CVE-2023-36745, and CVE-2023-36744 are remote code execution vulnerabilities in Microsoft Exchange Server. An attacker must be authenticated with LAN access and have credentials for a valid Exchange user to exploit the vulnerabilities. On successful exploitation, an attacker could trigger malicious code in the context of the server’s account through a network call.

Tenable: CVE-2023-38143, CVE-2023-38144 | Windows Common Log File System Driver Elevation of Privilege Vulnerability

Tenable: CVE-2023-38143 and CVE-2023-38144 are EoP vulnerabilities in the Windows Common Log File System (CLFS) Driver. Both CVEs were assigned a CVSSv3 score of 7.8 and are rated as “Exploitation More Likely.” An authenticated attacker could exploit these vulnerabilities to gain SYSTEM privileges.

69. Elevation of Privilege - Windows Common Log File System Driver (CVE-2023-38144) - Medium [329]

Description: Windows Common Log File System Driver Elevation of Privilege Vulnerability

Qualys: Other Microsoft Vulnerability Highlights  CVE-2023-38161 and CVE-2023-36804 are elevation of privilege vulnerabilities in Windows GDI. The vulnerabilities may allow an attacker to gain SYSTEM privileges on successful exploitation. CVE-2023-38152 is an information disclosure vulnerability in the DHCP Server Service. Successful exploitation of the vulnerability may lead to the disclosure of initialized or uninitialized memory in the process heap. CVE-2023-38142 is an elevation of privilege vulnerability in Windows Kernel. The vulnerability may allow an attacker to gain SYSTEM privileges on successful exploitation. CVE-2023-38160 is an information disclosure vulnerability in Windows TCP/IP. Successful exploitation of the vulnerability would allow an attacker to read small portions of heap memory. CVE-2023-36777 is an information disclosure vulnerability in Microsoft Exchange Server. An attacker must be authenticated with LAN access and have credentials for a valid Exchange user to exploit the vulnerability. On successful exploitation, an attacker would disclose file content. CVE-2023-38143 and CVE-2023-38144 are elevation of privilege vulnerabilities in the Windows Common Log File System Driver. The vulnerabilities may allow an attacker to gain SYSTEM privileges on successful exploitation. CVE-2023-36756, CVE-2023-36745, and CVE-2023-36744 are remote code execution vulnerabilities in Microsoft Exchange Server. An attacker must be authenticated with LAN access and have credentials for a valid Exchange user to exploit the vulnerabilities. On successful exploitation, an attacker could trigger malicious code in the context of the server’s account through a network call.

Tenable: CVE-2023-38143, CVE-2023-38144 | Windows Common Log File System Driver Elevation of Privilege Vulnerability

Tenable: CVE-2023-38143 and CVE-2023-38144 are EoP vulnerabilities in the Windows Common Log File System (CLFS) Driver. Both CVEs were assigned a CVSSv3 score of 7.8 and are rated as “Exploitation More Likely.” An authenticated attacker could exploit these vulnerabilities to gain SYSTEM privileges.

70. Elevation of Privilege - Windows GDI (CVE-2023-36804) - Medium [329]

Description: Windows GDI Elevation of Privilege Vulnerability

Qualys: Other Microsoft Vulnerability Highlights  CVE-2023-38161 and CVE-2023-36804 are elevation of privilege vulnerabilities in Windows GDI. The vulnerabilities may allow an attacker to gain SYSTEM privileges on successful exploitation. CVE-2023-38152 is an information disclosure vulnerability in the DHCP Server Service. Successful exploitation of the vulnerability may lead to the disclosure of initialized or uninitialized memory in the process heap. CVE-2023-38142 is an elevation of privilege vulnerability in Windows Kernel. The vulnerability may allow an attacker to gain SYSTEM privileges on successful exploitation. CVE-2023-38160 is an information disclosure vulnerability in Windows TCP/IP. Successful exploitation of the vulnerability would allow an attacker to read small portions of heap memory. CVE-2023-36777 is an information disclosure vulnerability in Microsoft Exchange Server. An attacker must be authenticated with LAN access and have credentials for a valid Exchange user to exploit the vulnerability. On successful exploitation, an attacker would disclose file content. CVE-2023-38143 and CVE-2023-38144 are elevation of privilege vulnerabilities in the Windows Common Log File System Driver. The vulnerabilities may allow an attacker to gain SYSTEM privileges on successful exploitation. CVE-2023-36756, CVE-2023-36745, and CVE-2023-36744 are remote code execution vulnerabilities in Microsoft Exchange Server. An attacker must be authenticated with LAN access and have credentials for a valid Exchange user to exploit the vulnerabilities. On successful exploitation, an attacker could trigger malicious code in the context of the server’s account through a network call.

71. Elevation of Privilege - Windows GDI (CVE-2023-38161) - Medium [329]

Description: Windows GDI Elevation of Privilege Vulnerability

Qualys: Other Microsoft Vulnerability Highlights  CVE-2023-38161 and CVE-2023-36804 are elevation of privilege vulnerabilities in Windows GDI. The vulnerabilities may allow an attacker to gain SYSTEM privileges on successful exploitation. CVE-2023-38152 is an information disclosure vulnerability in the DHCP Server Service. Successful exploitation of the vulnerability may lead to the disclosure of initialized or uninitialized memory in the process heap. CVE-2023-38142 is an elevation of privilege vulnerability in Windows Kernel. The vulnerability may allow an attacker to gain SYSTEM privileges on successful exploitation. CVE-2023-38160 is an information disclosure vulnerability in Windows TCP/IP. Successful exploitation of the vulnerability would allow an attacker to read small portions of heap memory. CVE-2023-36777 is an information disclosure vulnerability in Microsoft Exchange Server. An attacker must be authenticated with LAN access and have credentials for a valid Exchange user to exploit the vulnerability. On successful exploitation, an attacker would disclose file content. CVE-2023-38143 and CVE-2023-38144 are elevation of privilege vulnerabilities in the Windows Common Log File System Driver. The vulnerabilities may allow an attacker to gain SYSTEM privileges on successful exploitation. CVE-2023-36756, CVE-2023-36745, and CVE-2023-36744 are remote code execution vulnerabilities in Microsoft Exchange Server. An attacker must be authenticated with LAN access and have credentials for a valid Exchange user to exploit the vulnerabilities. On successful exploitation, an attacker could trigger malicious code in the context of the server’s account through a network call.

72. Spoofing - Microsoft Exchange (CVE-2023-36757) - Medium [323]

Description: Microsoft Exchange Server Spoofing Vulnerability

73. Elevation of Privilege - Microsoft Azure Kubernetes Service (CVE-2023-29332) - Medium [317]

Description: Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability

Qualys: CVE-2023-29332: Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability Azure Kubernetes Service (AKS) has built-in code-to-cloud pipelines and guardrails that offer the fastest development and deployment of cloud-native apps in Azure data centers. The service provides unified management and governance for on-premises, edge, and multi-cloud Kubernetes clusters. The vulnerability can be exploited remotely in a low-complexity attack by an attacker with no privileges required. An attacker could gain Cluster Administrator privileges on successful exploitation of the vulnerability.

ZDI: CVE-2023-29332 - Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability. This Critical-rated bug in the Azure Kubernetes service could allow a remote, unauthenticated attacker to gain Cluster Administration privileges. We’ve seen bugs like this before, but this one stands out as it can be reached from the Internet, requires no user interaction, and is listed as low complexity. Microsoft gives this an “Exploitation Less Likely” rating, but based on the remote, unauthenticated aspect of this bug, this could prove quite tempting for attackers.

74. Information Disclosure - Microsoft Outlook (CVE-2023-36763) - Medium [314]

Description: Microsoft Outlook Information Disclosure Vulnerability

75. Spoofing - Microsoft Edge (CVE-2023-4359) - Medium [311]

Description: {'ms_cve_data_all': 'Chromium: CVE-2023-4359 Inappropriate implementation in App Launcher. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.\n', 'nvd_cve_data_all': '', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Inappropriate implementation in App Launcher in Google Chrome on iOS prior to 116.0.5845.96 allowed a remote attacker to potentially spoof elements of the security UI via a crafted HTML page. (Chromium security severity: Medium)', 'combined_cve_data_all': ''}

MS PT Extended: CVE-2023-4359 was published before September 2023 Patch Tuesday from 2023-08-09 to 2023-09-11

76. Cross Site Scripting - Dynamics Finance and Operations (CVE-2023-36800) - Medium [307]

Description: Dynamics Finance and Operations Cross-site Scripting Vulnerability

77. Information Disclosure - Windows Kernel (CVE-2023-36803) - Medium [304]

Description: Windows Kernel Information Disclosure Vulnerability

78. Information Disclosure - Windows Kernel (CVE-2023-38140) - Medium [304]

Description: Windows Kernel Information Disclosure Vulnerability

79. Information Disclosure - Windows TCP/IP (CVE-2023-38160) - Medium [304]

Description: Windows TCP/IP Information Disclosure Vulnerability

Qualys: Other Microsoft Vulnerability Highlights  CVE-2023-38161 and CVE-2023-36804 are elevation of privilege vulnerabilities in Windows GDI. The vulnerabilities may allow an attacker to gain SYSTEM privileges on successful exploitation. CVE-2023-38152 is an information disclosure vulnerability in the DHCP Server Service. Successful exploitation of the vulnerability may lead to the disclosure of initialized or uninitialized memory in the process heap. CVE-2023-38142 is an elevation of privilege vulnerability in Windows Kernel. The vulnerability may allow an attacker to gain SYSTEM privileges on successful exploitation. CVE-2023-38160 is an information disclosure vulnerability in Windows TCP/IP. Successful exploitation of the vulnerability would allow an attacker to read small portions of heap memory. CVE-2023-36777 is an information disclosure vulnerability in Microsoft Exchange Server. An attacker must be authenticated with LAN access and have credentials for a valid Exchange user to exploit the vulnerability. On successful exploitation, an attacker would disclose file content. CVE-2023-38143 and CVE-2023-38144 are elevation of privilege vulnerabilities in the Windows Common Log File System Driver. The vulnerabilities may allow an attacker to gain SYSTEM privileges on successful exploitation. CVE-2023-36756, CVE-2023-36745, and CVE-2023-36744 are remote code execution vulnerabilities in Microsoft Exchange Server. An attacker must be authenticated with LAN access and have credentials for a valid Exchange user to exploit the vulnerabilities. On successful exploitation, an attacker could trigger malicious code in the context of the server’s account through a network call.

80. Information Disclosure - Microsoft Exchange (CVE-2023-36777) - Medium [300]

Description: Microsoft Exchange Server Information Disclosure Vulnerability

Qualys: Other Microsoft Vulnerability Highlights  CVE-2023-38161 and CVE-2023-36804 are elevation of privilege vulnerabilities in Windows GDI. The vulnerabilities may allow an attacker to gain SYSTEM privileges on successful exploitation. CVE-2023-38152 is an information disclosure vulnerability in the DHCP Server Service. Successful exploitation of the vulnerability may lead to the disclosure of initialized or uninitialized memory in the process heap. CVE-2023-38142 is an elevation of privilege vulnerability in Windows Kernel. The vulnerability may allow an attacker to gain SYSTEM privileges on successful exploitation. CVE-2023-38160 is an information disclosure vulnerability in Windows TCP/IP. Successful exploitation of the vulnerability would allow an attacker to read small portions of heap memory. CVE-2023-36777 is an information disclosure vulnerability in Microsoft Exchange Server. An attacker must be authenticated with LAN access and have credentials for a valid Exchange user to exploit the vulnerability. On successful exploitation, an attacker would disclose file content. CVE-2023-38143 and CVE-2023-38144 are elevation of privilege vulnerabilities in the Windows Common Log File System Driver. The vulnerabilities may allow an attacker to gain SYSTEM privileges on successful exploitation. CVE-2023-36756, CVE-2023-36745, and CVE-2023-36744 are remote code execution vulnerabilities in Microsoft Exchange Server. An attacker must be authenticated with LAN access and have credentials for a valid Exchange user to exploit the vulnerabilities. On successful exploitation, an attacker could trigger malicious code in the context of the server’s account through a network call.

Tenable: Separately, an information disclosure vulnerability, CVE-2023-36777, was also patched this month. This vulnerability was also rated as “Exploitation More Likely” and all four of these Exchange vulnerabilities were credited to Piotr Bazydlo of Trend Micro’s Zero Day Initiative.

81. Spoofing - Microsoft Office (CVE-2023-41764) - Medium [300]

Description: Microsoft Office Spoofing Vulnerability

82. Information Disclosure - DHCP Server Service (CVE-2023-38152) - Medium [297]

Description: DHCP Server Service Information Disclosure Vulnerability

Qualys: Other Microsoft Vulnerability Highlights  CVE-2023-38161 and CVE-2023-36804 are elevation of privilege vulnerabilities in Windows GDI. The vulnerabilities may allow an attacker to gain SYSTEM privileges on successful exploitation. CVE-2023-38152 is an information disclosure vulnerability in the DHCP Server Service. Successful exploitation of the vulnerability may lead to the disclosure of initialized or uninitialized memory in the process heap. CVE-2023-38142 is an elevation of privilege vulnerability in Windows Kernel. The vulnerability may allow an attacker to gain SYSTEM privileges on successful exploitation. CVE-2023-38160 is an information disclosure vulnerability in Windows TCP/IP. Successful exploitation of the vulnerability would allow an attacker to read small portions of heap memory. CVE-2023-36777 is an information disclosure vulnerability in Microsoft Exchange Server. An attacker must be authenticated with LAN access and have credentials for a valid Exchange user to exploit the vulnerability. On successful exploitation, an attacker would disclose file content. CVE-2023-38143 and CVE-2023-38144 are elevation of privilege vulnerabilities in the Windows Common Log File System Driver. The vulnerabilities may allow an attacker to gain SYSTEM privileges on successful exploitation. CVE-2023-36756, CVE-2023-36745, and CVE-2023-36744 are remote code execution vulnerabilities in Microsoft Exchange Server. An attacker must be authenticated with LAN access and have credentials for a valid Exchange user to exploit the vulnerabilities. On successful exploitation, an attacker could trigger malicious code in the context of the server’s account through a network call.

Qualys: CVE-2023-36801, CVE-2023-38152: DHCP Server Service Information Disclosure Vulnerability This vulnerability has a CVSS:3.1 5.3 / 4.6 Policy Compliance Control IDs (CIDs): 11511 List of installed features on the system

Qualys: CVE-2023-38152: DHCP Server Service Information Disclosure Vulnerability This vulnerability has a CVSSv3.1 score of 5.3/10.

83. Elevation of Privilege - Visual Studio (CVE-2023-36758) - Medium [294]

Description: Visual Studio Elevation of Privilege Vulnerability

84. Elevation of Privilege - Microsoft SharePoint Server (CVE-2023-36764) - Medium [291]

Description: Microsoft SharePoint Server Elevation of Privilege Vulnerability

Rapid7: SharePoint receives a patch for CVE-2023-36764, which allows an attacker to achieve administrator privileges via a specially-crafted ASP.NET page. As is often the case with SharePoint vulnerabilities, a level of access is already required, but Site Member privileges are typically widely granted.

85. Information Disclosure - Microsoft Excel (CVE-2023-36766) - Medium [290]

Description: Microsoft Excel Information Disclosure Vulnerability

86. Spoofing - Microsoft Edge (CVE-2023-4363) - Medium [288]

Description: {'ms_cve_data_all': 'Chromium: CVE-2023-4363 Inappropriate implementation in WebShare. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.\n', 'nvd_cve_data_all': '', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Inappropriate implementation in WebShare in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to spoof the contents of a dialog URL via a crafted HTML page. (Chromium security severity: Medium)', 'combined_cve_data_all': ''}

MS PT Extended: CVE-2023-4363 was published before September 2023 Patch Tuesday from 2023-08-09 to 2023-09-11

87. Information Disclosure - Microsoft Edge (CVE-2023-38158) - Medium [276]

Description: Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

MS PT Extended: CVE-2023-38158 was published before September 2023 Patch Tuesday from 2023-08-09 to 2023-09-11

88. Cross Site Scripting - Microsoft Dynamics 365 (on-premises) (CVE-2023-36886) - Medium [273]

Description: Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

89. Cross Site Scripting - Microsoft Dynamics 365 (on-premises) (CVE-2023-38164) - Medium [273]

Description: Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

90. Elevation of Privilege - Azure HDInsight Apache Ambari (CVE-2023-38156) - Medium [267]

Description: Azure HDInsight Apache Ambari Elevation of Privilege Vulnerability

91. Information Disclosure - DHCP Server Service (CVE-2023-36801) - Medium [250]

Description: DHCP Server Service Information Disclosure Vulnerability

Qualys: CVE-2023-36801, CVE-2023-38152: DHCP Server Service Information Disclosure Vulnerability This vulnerability has a CVSS:3.1 5.3 / 4.6 Policy Compliance Control IDs (CIDs): 11511 List of installed features on the system

92. Elevation of Privilege - Visual Studio (CVE-2023-36759) - Medium [246]

Description: Visual Studio Elevation of Privilege Vulnerability

93. Unknown Vulnerability Type - Microsoft Edge (CVE-2023-4360) - Medium [228]

Description: {'ms_cve_data_all': 'Chromium: CVE-2023-4360 Inappropriate implementation in Color. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.\n', 'nvd_cve_data_all': '', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Inappropriate implementation in Color in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)', 'combined_cve_data_all': ''}

MS PT Extended: CVE-2023-4360 was published before September 2023 Patch Tuesday from 2023-08-09 to 2023-09-11

94. Unknown Vulnerability Type - Microsoft Edge (CVE-2023-4364) - Medium [228]

Description: {'ms_cve_data_all': 'Chromium: CVE-2023-4364 Inappropriate implementation in Permission Prompts. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.\n', 'nvd_cve_data_all': '', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Inappropriate implementation in Permission Prompts in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)', 'combined_cve_data_all': ''}

MS PT Extended: CVE-2023-4364 was published before September 2023 Patch Tuesday from 2023-08-09 to 2023-09-11

95. Unknown Vulnerability Type - Microsoft Edge (CVE-2023-4365) - Medium [228]

Description: {'ms_cve_data_all': 'Chromium: CVE-2023-4365 Inappropriate implementation in Fullscreen. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.\n', 'nvd_cve_data_all': '', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Inappropriate implementation in Fullscreen in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)', 'combined_cve_data_all': ''}

MS PT Extended: CVE-2023-4365 was published before September 2023 Patch Tuesday from 2023-08-09 to 2023-09-11

96. Spoofing - Microsoft OneNote (CVE-2023-36769) - Medium [214]

Description: Microsoft OneNote Spoofing Vulnerability

MS PT Extended: CVE-2023-36769 was published before September 2023 Patch Tuesday from 2023-08-09 to 2023-09-11

Low (1)

97. Unknown Vulnerability Type - Autodesk® FBX® SDK (CVE-2022-41303) - Low [169]

Description: {'ms_cve_data_all': 'AutoDesk: CVE-2022-41303 use-after-free vulnerability in Autodesk® FBX® SDK 2020 or prior', 'nvd_cve_data_all': 'A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in Autodesk FBX SDK 2020 version causing the application to reference a memory location controlled by an unauthorized third party, thereby running arbitrary code on the system.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in Autodesk FBX SDK 2020 version causing the application to reference a memory location controlled by an unauthorized third party, thereby running arbitrary code on the system.', 'combined_cve_data_all': ''}

Exploitation in the wild detected (3)

Memory Corruption (1)

• Microsoft Edge (CVE-2023-4863)

Information Disclosure (1)

• Microsoft Word (CVE-2023-36761)

Qualys: CVE-2023-36761: Microsoft Word Information Disclosure Vulnerability Successful exploitation of this vulnerability could allow an attacker to disclose NTLM hashes. The NTLM hashes are encoded by converting the user’s password into a 16-byte key using an MD4 hash function. The key is divided into two halves of 8 bytes. The key is used as input to three rounds of DES encryption that generates a 16-byte output representing the NTLM hash. CISA has added the vulnerability to its Known Exploited Vulnerabilities Catalog, requesting users to patch it before October 3, 2023.

Tenable: Microsoft’s September 2023 Patch Tuesday Addresses 61 CVEs (CVE-2023-36761)

Tenable: CVE-2023-36761 | Microsoft Word Information Disclosure Vulnerability

Tenable: CVE-2023-36761 is an information disclosure vulnerability in Microsoft Word. It was assigned a CVSSv3 score of 6.2 and is rated important. According to Microsoft, it has been exploited in the wild as a zero-day and was publicly disclosed prior to a patch being available. Its discovery is credited to the Microsoft Threat Intelligence team.

Rapid7: Microsoft Word receives a patch for CVE-2023-36761, which is marked as exploited in the wild as well as publicly disclosed; successful exploitation results in disclosure of NTLM hashes from a malicious opened document via the Preview Pane. This could provide an attacker with the means to “Pass the Hash” and authenticate remotely without resorting to brute force.

Rapid7: Microsoft is clearly concerned about the potential impact of CVE-2023-36761, since they are providing patches not only for current versions of Word, but also for Word 2013, which reached its Extended End Date back in April 2023. In March, Microsoft patched CVE-2023-23397, a vulnerability in Outlook which also led to NTLM hash leaks, and which received significant attention at the time.

ZDI: CVE-2023-36761 - Microsoft Word Information Disclosure Vulnerability. This is the bug currently under active attack, but I wouldn’t classify it as “information disclosure”. An attacker could use this vulnerability to allow the disclosure of NTLM hashes, which would then presumably be used in an NTLM-relay style attack. Those are usually defined as Spoofing bugs (see Exchange blew). Regardless of the classification, the preview pane is a vector here as well, which means no user interaction is required. Definitely put this one on the top of your test-and-deploy list.

Elevation of Privilege (1)

• Microsoft Streaming Service Proxy (CVE-2023-36802)

Qualys: CVE-2023-36802: Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability Microsoft Streaming Service Proxy is connected to a video service called Microsoft Stream. The service allows users to share information and improves communication and connectivity in a secure enterprise environment. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CISA has added the vulnerability to its Known Exploited Vulnerabilities Catalog, requesting users to patch it before October 3, 2023.

Tenable: CVE-2023-36802 | Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability

Tenable: CVE-2023-36802 is an EoP vulnerability in the Microsoft Streaming Service Proxy. It was assigned a CVSSv3 score of 7.8 and is rated important. Exploitation of this flaw would grant an attacker SYSTEM privileges. According to Microsoft, it has been exploited in the wild as a zero-day. Discovery of this flaw is credited to Valentina Palmiotti from IBM X-Force, Quan Jin and ze0r with DBAPPSecurity WeBin Lab and both the Microsoft Security Response Center (MSRC) and Microsoft Threat Intelligence.

Rapid7: The second zero-day vulnerability patched this month is CVE-2023-36802, an elevation of privilege vulnerability in Microsoft Streaming Service Proxy, which could grant SYSTEM privileges via exploitation of a kernel driver. Microsoft has detected in-the-wild exploitation, but is not aware of publicly available exploit code. This is a debut Patch Tuesday appearance for Microsoft Streaming Service, but with several researchers from across the globe acknowledged on the advisory, it’s unlikely to be the last. Today’s confirmation of in-the-wild exploitation prior to publication all but guarantees that this will remain an area of interest.

ZDI: Moving on to the other EoP bugs receiving patches this month, the vast majority require an attacker to run a specially crafted program on an affected system. That’s true for CVE-2023-36802, which is the other bug listed as being under active attack. In most cases, this leads to either administrator privileges or running code at SYSTEM level. In fact, this is true of all of the EoP bugs patched this month outside of the previously mentioned Azure Kubernetes escalation.

Public exploit exists, but exploitation in the wild is NOT detected (2)

Remote Code Execution (1)

• Windows Themes (CVE-2023-38146)

ZDI: CVE-2023-38146 - Windows Themes Remote Code Execution Vulnerability. This probably isn’t one of the most severe bugs patched this month, but it kicked off such a wave of nostalgia, that I had to call it out. This bug could allow code execution if an attacker can convince a user to open a specially crafted theme file. If this sounds like screensaver exploits from 20+ years, it’s because it’s just like screensaver bugs from 20+ years ago. Congrats to Pwn2Own winners Thijs Alkemade and Daan Keuper of Computest Sector 7 for helping bring this oldie but goodie to light.

Memory Corruption (1)

• Microsoft Edge (CVE-2023-4352)

MS PT Extended: CVE-2023-4352 was published before September 2023 Patch Tuesday from 2023-08-09 to 2023-09-11

Other Vulnerabilities (92)

Remote Code Execution (24)

• Azure DevOps Server (CVE-2023-33136, CVE-2023-38155)

Rapid7: Azure DevOps Server receives two fixes this month. While CVE-2023-38155 requires that an attacker carry out significant recon and preparation of the environment, successful exploitation would lead to administrator privileges. Potentially of greater concern is CVE-2023-33136, which allows an attacker with Queue Build permissions to abuse an overridable input variable to achieve RCE. While most DevOps Server installations are hopefully managed by people both willing and able to apply prompt upgrades, CI/CD environments are prime targets for supply chain attacks.

• Microsoft Edge (CVE-2023-4762)

MS PT Extended: CVE-2023-4762 was published before September 2023 Patch Tuesday from 2023-08-09 to 2023-09-11

• Windows Miracast Wireless Display (CVE-2023-38147)

Rapid7: A vulnerability in the Windows implementation of wireless display standard Miracast allows for an unauthenticated user to project to a vulnerable system. Although CVE-2023-38147 requires that an attacker be in close physical proximity to the target, consider that wireless display technology is often used in high-traffic environments such as conventions, which could allow an opportunistic attacker to inflict reputational damage. While exploitation requires that the target asset is configured to allow "Projecting to this PC" and marked as "Available Everywhere" – and Microsoft points out that this is not the default configuration – most administrators will know from long experience that many users will simply select whichever options cause them the least friction.

• .NET Framework (CVE-2023-36788)
• 3D Viewer (CVE-2023-36739, CVE-2023-36740, CVE-2023-36760)
• Microsoft Exchange (CVE-2023-36744, CVE-2023-36745, CVE-2023-36756)

Qualys: Other Microsoft Vulnerability Highlights  CVE-2023-38161 and CVE-2023-36804 are elevation of privilege vulnerabilities in Windows GDI. The vulnerabilities may allow an attacker to gain SYSTEM privileges on successful exploitation. CVE-2023-38152 is an information disclosure vulnerability in the DHCP Server Service. Successful exploitation of the vulnerability may lead to the disclosure of initialized or uninitialized memory in the process heap. CVE-2023-38142 is an elevation of privilege vulnerability in Windows Kernel. The vulnerability may allow an attacker to gain SYSTEM privileges on successful exploitation. CVE-2023-38160 is an information disclosure vulnerability in Windows TCP/IP. Successful exploitation of the vulnerability would allow an attacker to read small portions of heap memory. CVE-2023-36777 is an information disclosure vulnerability in Microsoft Exchange Server. An attacker must be authenticated with LAN access and have credentials for a valid Exchange user to exploit the vulnerability. On successful exploitation, an attacker would disclose file content. CVE-2023-38143 and CVE-2023-38144 are elevation of privilege vulnerabilities in the Windows Common Log File System Driver. The vulnerabilities may allow an attacker to gain SYSTEM privileges on successful exploitation. CVE-2023-36756, CVE-2023-36745, and CVE-2023-36744 are remote code execution vulnerabilities in Microsoft Exchange Server. An attacker must be authenticated with LAN access and have credentials for a valid Exchange user to exploit the vulnerabilities. On successful exploitation, an attacker could trigger malicious code in the context of the server’s account through a network call.

Tenable: CVE-2023-36744, CVE-2023-36745 and CVE-2023-36756 | Microsoft Exchange Server Remote Code Execution Vulnerability

Tenable: CVE-2023-36744, CVE-2023-36745 and CVE-2023-36756 are RCE vulnerabilities affecting Microsoft Exchange. Each of these vulnerabilities were given CVSSv3 scores of 8.0 and were rated as “Exploitation More Likely” using the Microsoft Exploitability Index. Successful exploitation of these vulnerabilities requires an attacker to authenticate with LAN-access and have valid credentials for an Exchange user.

Rapid7: Microsoft is patching five vulnerabilities in Exchange this month. Although Microsoft doesn’t rate any of these higher than “Important” under their proprietary severity rating system, three of the five are RCE vulnerabilities with CVSSv3 base score of 8.0. CVE-2023-36744 CVE-2023-36745, and CVE-2023-36756 would surely receive higher severity if not for several mitigating factors. Successful exploitation requires that the attacker must be present on the same LAN as the Exchange server, and must already possess valid credentials for an Exchange user. Additionally, Microsoft notes that the August 2023 patches already protect against these newly published vulnerabilities, further underscoring the value of timely patching.

• Internet Connection Sharing (ICS) (CVE-2023-38148)

Qualys: CVE-2023-38148: Internet Connection Sharing (ICS) Remote Code Execution Vulnerability Internet Connection Sharing (ICS) is a Windows service that enables one Internet-connected computer to share its Internet connection with other computers on a local area network (LAN). The vulnerability is exploitable only when Internet Connection Sharing (ICS) is enabled. An attacker can only attack systems connected to the same network segment as them. Attacks cannot be carried out across multiple networks (for example, a WAN). An unauthenticated attacker may exploit this vulnerability by sending a specially crafted network packet to the Internet Connection Sharing (ICS) Service.

Qualys: CVE-2023-38148: Internet Connection Sharing (ICS) Remote Code Execution Vulnerability This vulnerability has a CVSS:3.1 8.8 / 7.7 3719 Status of the ‘Internet Connection Sharing (ICS)’ service 14916 Status of Windows Services The following QQL will return a posture assessment for the CIDs for this Patch Tuesday: control.id: [11511,26238,26623,3719,14916]

Qualys: CVE-2023-38148: Internet Connection Sharing (ICS) Remote Code Execution Vulnerability This vulnerability has a CVSSv3.1 score of 8.8/10.

Rapid7: CVE-2023-38148 describes a critical remote code execution (RCE) in the Windows Internet Connection Sharing (ICS) functionality. Although the advisory is light on detail, it’s likely that successful exploitation would lead to arbitrary code execution on the ICS host at SYSTEM level. The silver lining is that the attack cannot be carried out from another network, so attackers must first establish an adjacent foothold.

ZDI: CVE-2023-38148 - Internet Connection Sharing (ICS) Remote Code Execution Vulnerability. This Critical-rated bug is the highest-rated CVSS this month (8.8), but it’s not all bad news. First, this is limited to network-adjacent attackers. A successful exploit also relies on ICS being enabled. Most places these days don’t require ICS, and it’s not turned on by default. However, if you’re in one of those places where ICS is used, this could allow an unauthenticated attacker to run their code on affected systems.

• Microsoft Word (CVE-2023-36762)
• 3D Builder (CVE-2023-36770, CVE-2023-36771, CVE-2023-36772, CVE-2023-36773)
• Visual Studio (CVE-2023-36792, CVE-2023-36793, CVE-2023-36794, CVE-2023-36796)

Qualys: CVE-2023-36792, CVE-2023-36793, and CVE-2023-36796: Visual Studio Remote Code Execution Vulnerability Visual Code allows users to edit, debug, build, and publish an app. Visual Studio also provides compilers, code completion tools, graphical designers, and many more features to enhance software development. To exploit the vulnerabilities, an attacker must convince a victim to download and open a specially crafted file from a website, leading to a local computer attack.

Rapid7: This month’s three other critical RCE vulnerabilities have quite a lot in common: CVE-2023-36792, CVE-2023-36793, and CVE-2023-36796 all rely on the user opening a malicious package file, and are thus classed as arbitrary code execution rather than no-interaction RCE. In each case, patches are available for a long list of Visual Studio and .NET installations. Organizations with large developer headcount are likely to be disproportionately at risk.

• Visual Studio Code (CVE-2023-36742)
• Electron: CVE-2023-39956 -Visual Studio Code (CVE-2023-39956)
• Microsoft Identity Linux Broker (CVE-2023-36736)

Security Feature Bypass (7)

• Microsoft Edge (CVE-2023-4357, CVE-2023-4361, CVE-2023-4367, CVE-2023-4368)

MS PT Extended: CVE-2023-4367 was published before September 2023 Patch Tuesday from 2023-08-09 to 2023-09-11

MS PT Extended: CVE-2023-4361 was published before September 2023 Patch Tuesday from 2023-08-09 to 2023-09-11

MS PT Extended: CVE-2023-4368 was published before September 2023 Patch Tuesday from 2023-08-09 to 2023-09-11

MS PT Extended: CVE-2023-4357 was published before September 2023 Patch Tuesday from 2023-08-09 to 2023-09-11

• Windows Kernel (CVE-2023-38163)
• Windows MSHTML Platform (CVE-2023-36805)
• Microsoft Office (CVE-2023-36767)

Elevation of Privilege (17)

• Windows Kernel (CVE-2023-38139, CVE-2023-38141, CVE-2023-38142, CVE-2023-38150)

Qualys: Other Microsoft Vulnerability Highlights  CVE-2023-38161 and CVE-2023-36804 are elevation of privilege vulnerabilities in Windows GDI. The vulnerabilities may allow an attacker to gain SYSTEM privileges on successful exploitation. CVE-2023-38152 is an information disclosure vulnerability in the DHCP Server Service. Successful exploitation of the vulnerability may lead to the disclosure of initialized or uninitialized memory in the process heap. CVE-2023-38142 is an elevation of privilege vulnerability in Windows Kernel. The vulnerability may allow an attacker to gain SYSTEM privileges on successful exploitation. CVE-2023-38160 is an information disclosure vulnerability in Windows TCP/IP. Successful exploitation of the vulnerability would allow an attacker to read small portions of heap memory. CVE-2023-36777 is an information disclosure vulnerability in Microsoft Exchange Server. An attacker must be authenticated with LAN access and have credentials for a valid Exchange user to exploit the vulnerability. On successful exploitation, an attacker would disclose file content. CVE-2023-38143 and CVE-2023-38144 are elevation of privilege vulnerabilities in the Windows Common Log File System Driver. The vulnerabilities may allow an attacker to gain SYSTEM privileges on successful exploitation. CVE-2023-36756, CVE-2023-36745, and CVE-2023-36744 are remote code execution vulnerabilities in Microsoft Exchange Server. An attacker must be authenticated with LAN access and have credentials for a valid Exchange user to exploit the vulnerabilities. On successful exploitation, an attacker could trigger malicious code in the context of the server’s account through a network call.

• Microsoft Edge (CVE-2023-36741, CVE-2023-36787)

MS PT Extended: CVE-2023-36787 was published before September 2023 Patch Tuesday from 2023-08-09 to 2023-09-11

MS PT Extended: CVE-2023-36741 was published before September 2023 Patch Tuesday from 2023-08-09 to 2023-09-11

• Microsoft Office (CVE-2023-36765)
• Windows Cloud Files Mini Filter Driver (CVE-2023-35355)
• Windows Common Log File System Driver (CVE-2023-38143, CVE-2023-38144)

Qualys: Other Microsoft Vulnerability Highlights  CVE-2023-38161 and CVE-2023-36804 are elevation of privilege vulnerabilities in Windows GDI. The vulnerabilities may allow an attacker to gain SYSTEM privileges on successful exploitation. CVE-2023-38152 is an information disclosure vulnerability in the DHCP Server Service. Successful exploitation of the vulnerability may lead to the disclosure of initialized or uninitialized memory in the process heap. CVE-2023-38142 is an elevation of privilege vulnerability in Windows Kernel. The vulnerability may allow an attacker to gain SYSTEM privileges on successful exploitation. CVE-2023-38160 is an information disclosure vulnerability in Windows TCP/IP. Successful exploitation of the vulnerability would allow an attacker to read small portions of heap memory. CVE-2023-36777 is an information disclosure vulnerability in Microsoft Exchange Server. An attacker must be authenticated with LAN access and have credentials for a valid Exchange user to exploit the vulnerability. On successful exploitation, an attacker would disclose file content. CVE-2023-38143 and CVE-2023-38144 are elevation of privilege vulnerabilities in the Windows Common Log File System Driver. The vulnerabilities may allow an attacker to gain SYSTEM privileges on successful exploitation. CVE-2023-36756, CVE-2023-36745, and CVE-2023-36744 are remote code execution vulnerabilities in Microsoft Exchange Server. An attacker must be authenticated with LAN access and have credentials for a valid Exchange user to exploit the vulnerabilities. On successful exploitation, an attacker could trigger malicious code in the context of the server’s account through a network call.

Tenable: CVE-2023-38143, CVE-2023-38144 | Windows Common Log File System Driver Elevation of Privilege Vulnerability

Tenable: CVE-2023-38143 and CVE-2023-38144 are EoP vulnerabilities in the Windows Common Log File System (CLFS) Driver. Both CVEs were assigned a CVSSv3 score of 7.8 and are rated as “Exploitation More Likely.” An authenticated attacker could exploit these vulnerabilities to gain SYSTEM privileges.

• Windows GDI (CVE-2023-36804, CVE-2023-38161)

Qualys: Other Microsoft Vulnerability Highlights  CVE-2023-38161 and CVE-2023-36804 are elevation of privilege vulnerabilities in Windows GDI. The vulnerabilities may allow an attacker to gain SYSTEM privileges on successful exploitation. CVE-2023-38152 is an information disclosure vulnerability in the DHCP Server Service. Successful exploitation of the vulnerability may lead to the disclosure of initialized or uninitialized memory in the process heap. CVE-2023-38142 is an elevation of privilege vulnerability in Windows Kernel. The vulnerability may allow an attacker to gain SYSTEM privileges on successful exploitation. CVE-2023-38160 is an information disclosure vulnerability in Windows TCP/IP. Successful exploitation of the vulnerability would allow an attacker to read small portions of heap memory. CVE-2023-36777 is an information disclosure vulnerability in Microsoft Exchange Server. An attacker must be authenticated with LAN access and have credentials for a valid Exchange user to exploit the vulnerability. On successful exploitation, an attacker would disclose file content. CVE-2023-38143 and CVE-2023-38144 are elevation of privilege vulnerabilities in the Windows Common Log File System Driver. The vulnerabilities may allow an attacker to gain SYSTEM privileges on successful exploitation. CVE-2023-36756, CVE-2023-36745, and CVE-2023-36744 are remote code execution vulnerabilities in Microsoft Exchange Server. An attacker must be authenticated with LAN access and have credentials for a valid Exchange user to exploit the vulnerabilities. On successful exploitation, an attacker could trigger malicious code in the context of the server’s account through a network call.

• Microsoft Azure Kubernetes Service (CVE-2023-29332)

Qualys: CVE-2023-29332: Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability Azure Kubernetes Service (AKS) has built-in code-to-cloud pipelines and guardrails that offer the fastest development and deployment of cloud-native apps in Azure data centers. The service provides unified management and governance for on-premises, edge, and multi-cloud Kubernetes clusters. The vulnerability can be exploited remotely in a low-complexity attack by an attacker with no privileges required. An attacker could gain Cluster Administrator privileges on successful exploitation of the vulnerability.

ZDI: CVE-2023-29332 - Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability. This Critical-rated bug in the Azure Kubernetes service could allow a remote, unauthenticated attacker to gain Cluster Administration privileges. We’ve seen bugs like this before, but this one stands out as it can be reached from the Internet, requires no user interaction, and is listed as low complexity. Microsoft gives this an “Exploitation Less Likely” rating, but based on the remote, unauthenticated aspect of this bug, this could prove quite tempting for attackers.

• Visual Studio (CVE-2023-36758, CVE-2023-36759)
• Microsoft SharePoint Server (CVE-2023-36764)

Rapid7: SharePoint receives a patch for CVE-2023-36764, which allows an attacker to achieve administrator privileges via a specially-crafted ASP.NET page. As is often the case with SharePoint vulnerabilities, a level of access is already required, but Site Member privileges are typically widely granted.

• Azure HDInsight Apache Ambari (CVE-2023-38156)

Memory Corruption (18)

• Microsoft Edge (CVE-2023-2312, CVE-2023-4349, CVE-2023-4351, CVE-2023-4353, CVE-2023-4354, CVE-2023-4355, CVE-2023-4356, CVE-2023-4358, CVE-2023-4362, CVE-2023-4366, CVE-2023-4427, CVE-2023-4428, CVE-2023-4429, CVE-2023-4430, CVE-2023-4431, CVE-2023-4572, CVE-2023-4761, CVE-2023-4763)

MS PT Extended: CVE-2023-2312 was published before September 2023 Patch Tuesday from 2023-08-09 to 2023-09-11

MS PT Extended: CVE-2023-4430 was published before September 2023 Patch Tuesday from 2023-08-09 to 2023-09-11

MS PT Extended: CVE-2023-4351 was published before September 2023 Patch Tuesday from 2023-08-09 to 2023-09-11

MS PT Extended: CVE-2023-4428 was published before September 2023 Patch Tuesday from 2023-08-09 to 2023-09-11

MS PT Extended: CVE-2023-4429 was published before September 2023 Patch Tuesday from 2023-08-09 to 2023-09-11

MS PT Extended: CVE-2023-4358 was published before September 2023 Patch Tuesday from 2023-08-09 to 2023-09-11

MS PT Extended: CVE-2023-4761 was published before September 2023 Patch Tuesday from 2023-08-09 to 2023-09-11

MS PT Extended: CVE-2023-4572 was published before September 2023 Patch Tuesday from 2023-08-09 to 2023-09-11

MS PT Extended: CVE-2023-4427 was published before September 2023 Patch Tuesday from 2023-08-09 to 2023-09-11

MS PT Extended: CVE-2023-4356 was published before September 2023 Patch Tuesday from 2023-08-09 to 2023-09-11

MS PT Extended: CVE-2023-4366 was published before September 2023 Patch Tuesday from 2023-08-09 to 2023-09-11

MS PT Extended: CVE-2023-4431 was published before September 2023 Patch Tuesday from 2023-08-09 to 2023-09-11

MS PT Extended: CVE-2023-4763 was published before September 2023 Patch Tuesday from 2023-08-09 to 2023-09-11

MS PT Extended: CVE-2023-4353 was published before September 2023 Patch Tuesday from 2023-08-09 to 2023-09-11

MS PT Extended: CVE-2023-4349 was published before September 2023 Patch Tuesday from 2023-08-09 to 2023-09-11

MS PT Extended: CVE-2023-4362 was published before September 2023 Patch Tuesday from 2023-08-09 to 2023-09-11

MS PT Extended: CVE-2023-4354 was published before September 2023 Patch Tuesday from 2023-08-09 to 2023-09-11

MS PT Extended: CVE-2023-4355 was published before September 2023 Patch Tuesday from 2023-08-09 to 2023-09-11

Denial of Service (3)

• Windows TCP/IP (CVE-2023-38149)

Qualys: CVE-2023-38149: Windows TCP/IP Denial of Service Vulnerability This vulnerability has a CVSS:3.1 7.5 / 6.5 Policy Compliance Control IDs (CIDs): 26623 Status of the ‘RouterDiscovery’ setting configured on the IPv6 interfaces (Qualys Agent only) 4842 Status of the ‘Internet Protocol version 6 (IPv6) components’ setting

Qualys: CVE-2023-38149: Windows TCP/IP Denial of Service Vulnerability This vulnerability has a CVSSv3.1 score of 7.5/10. The next Patch Tuesday falls on October 10, and we’ll be back with details and patch analysis. Until next Patch Tuesday, stay safe and secure. Be sure to subscribe to the ‘This Month in Vulnerabilities and Patch’s webinar.’

• .NET Core and Visual Studio (CVE-2023-36799)
• DHCP Server Service (CVE-2023-38162)

Qualys: CVE-2023-38162: DHCP Server Service Denial of Service Vulnerability This vulnerability has a CVSS:3.1 7.5 / 6.5 Policy Compliance Control IDs (CIDs): 26238 Status of the DHCP Failover Configuration (Qualys Agent Only)

Spoofing (7)

• Microsoft Edge (CVE-2023-4350, CVE-2023-4359, CVE-2023-4363, CVE-2023-4764)

MS PT Extended: CVE-2023-4359 was published before September 2023 Patch Tuesday from 2023-08-09 to 2023-09-11

MS PT Extended: CVE-2023-4764 was published before September 2023 Patch Tuesday from 2023-08-09 to 2023-09-11

MS PT Extended: CVE-2023-4350 was published before September 2023 Patch Tuesday from 2023-08-09 to 2023-09-11

MS PT Extended: CVE-2023-4363 was published before September 2023 Patch Tuesday from 2023-08-09 to 2023-09-11

• Microsoft Exchange (CVE-2023-36757)
• Microsoft Office (CVE-2023-41764)
• Microsoft OneNote (CVE-2023-36769)

MS PT Extended: CVE-2023-36769 was published before September 2023 Patch Tuesday from 2023-08-09 to 2023-09-11

Information Disclosure (9)

• Microsoft Outlook (CVE-2023-36763)
• Windows Kernel (CVE-2023-36803, CVE-2023-38140)
• Windows TCP/IP (CVE-2023-38160)

Qualys: Other Microsoft Vulnerability Highlights  CVE-2023-38161 and CVE-2023-36804 are elevation of privilege vulnerabilities in Windows GDI. The vulnerabilities may allow an attacker to gain SYSTEM privileges on successful exploitation. CVE-2023-38152 is an information disclosure vulnerability in the DHCP Server Service. Successful exploitation of the vulnerability may lead to the disclosure of initialized or uninitialized memory in the process heap. CVE-2023-38142 is an elevation of privilege vulnerability in Windows Kernel. The vulnerability may allow an attacker to gain SYSTEM privileges on successful exploitation. CVE-2023-38160 is an information disclosure vulnerability in Windows TCP/IP. Successful exploitation of the vulnerability would allow an attacker to read small portions of heap memory. CVE-2023-36777 is an information disclosure vulnerability in Microsoft Exchange Server. An attacker must be authenticated with LAN access and have credentials for a valid Exchange user to exploit the vulnerability. On successful exploitation, an attacker would disclose file content. CVE-2023-38143 and CVE-2023-38144 are elevation of privilege vulnerabilities in the Windows Common Log File System Driver. The vulnerabilities may allow an attacker to gain SYSTEM privileges on successful exploitation. CVE-2023-36756, CVE-2023-36745, and CVE-2023-36744 are remote code execution vulnerabilities in Microsoft Exchange Server. An attacker must be authenticated with LAN access and have credentials for a valid Exchange user to exploit the vulnerabilities. On successful exploitation, an attacker could trigger malicious code in the context of the server’s account through a network call.

• Microsoft Exchange (CVE-2023-36777)

Qualys: Other Microsoft Vulnerability Highlights  CVE-2023-38161 and CVE-2023-36804 are elevation of privilege vulnerabilities in Windows GDI. The vulnerabilities may allow an attacker to gain SYSTEM privileges on successful exploitation. CVE-2023-38152 is an information disclosure vulnerability in the DHCP Server Service. Successful exploitation of the vulnerability may lead to the disclosure of initialized or uninitialized memory in the process heap. CVE-2023-38142 is an elevation of privilege vulnerability in Windows Kernel. The vulnerability may allow an attacker to gain SYSTEM privileges on successful exploitation. CVE-2023-38160 is an information disclosure vulnerability in Windows TCP/IP. Successful exploitation of the vulnerability would allow an attacker to read small portions of heap memory. CVE-2023-36777 is an information disclosure vulnerability in Microsoft Exchange Server. An attacker must be authenticated with LAN access and have credentials for a valid Exchange user to exploit the vulnerability. On successful exploitation, an attacker would disclose file content. CVE-2023-38143 and CVE-2023-38144 are elevation of privilege vulnerabilities in the Windows Common Log File System Driver. The vulnerabilities may allow an attacker to gain SYSTEM privileges on successful exploitation. CVE-2023-36756, CVE-2023-36745, and CVE-2023-36744 are remote code execution vulnerabilities in Microsoft Exchange Server. An attacker must be authenticated with LAN access and have credentials for a valid Exchange user to exploit the vulnerabilities. On successful exploitation, an attacker could trigger malicious code in the context of the server’s account through a network call.

Tenable: Separately, an information disclosure vulnerability, CVE-2023-36777, was also patched this month. This vulnerability was also rated as “Exploitation More Likely” and all four of these Exchange vulnerabilities were credited to Piotr Bazydlo of Trend Micro’s Zero Day Initiative.

• DHCP Server Service (CVE-2023-36801, CVE-2023-38152)

Qualys: Other Microsoft Vulnerability Highlights  CVE-2023-38161 and CVE-2023-36804 are elevation of privilege vulnerabilities in Windows GDI. The vulnerabilities may allow an attacker to gain SYSTEM privileges on successful exploitation. CVE-2023-38152 is an information disclosure vulnerability in the DHCP Server Service. Successful exploitation of the vulnerability may lead to the disclosure of initialized or uninitialized memory in the process heap. CVE-2023-38142 is an elevation of privilege vulnerability in Windows Kernel. The vulnerability may allow an attacker to gain SYSTEM privileges on successful exploitation. CVE-2023-38160 is an information disclosure vulnerability in Windows TCP/IP. Successful exploitation of the vulnerability would allow an attacker to read small portions of heap memory. CVE-2023-36777 is an information disclosure vulnerability in Microsoft Exchange Server. An attacker must be authenticated with LAN access and have credentials for a valid Exchange user to exploit the vulnerability. On successful exploitation, an attacker would disclose file content. CVE-2023-38143 and CVE-2023-38144 are elevation of privilege vulnerabilities in the Windows Common Log File System Driver. The vulnerabilities may allow an attacker to gain SYSTEM privileges on successful exploitation. CVE-2023-36756, CVE-2023-36745, and CVE-2023-36744 are remote code execution vulnerabilities in Microsoft Exchange Server. An attacker must be authenticated with LAN access and have credentials for a valid Exchange user to exploit the vulnerabilities. On successful exploitation, an attacker could trigger malicious code in the context of the server’s account through a network call.

Qualys: CVE-2023-36801, CVE-2023-38152: DHCP Server Service Information Disclosure Vulnerability This vulnerability has a CVSS:3.1 5.3 / 4.6 Policy Compliance Control IDs (CIDs): 11511 List of installed features on the system

Qualys: CVE-2023-38152: DHCP Server Service Information Disclosure Vulnerability This vulnerability has a CVSSv3.1 score of 5.3/10.

• Microsoft Excel (CVE-2023-36766)
• Microsoft Edge (CVE-2023-38158)

MS PT Extended: CVE-2023-38158 was published before September 2023 Patch Tuesday from 2023-08-09 to 2023-09-11

Cross Site Scripting (3)

• Dynamics Finance and Operations (CVE-2023-36800)
• Microsoft Dynamics 365 (on-premises) (CVE-2023-36886, CVE-2023-38164)

Unknown Vulnerability Type (4)

• Microsoft Edge (CVE-2023-4360, CVE-2023-4364, CVE-2023-4365)

MS PT Extended: CVE-2023-4360 was published before September 2023 Patch Tuesday from 2023-08-09 to 2023-09-11

MS PT Extended: CVE-2023-4365 was published before September 2023 Patch Tuesday from 2023-08-09 to 2023-09-11

MS PT Extended: CVE-2023-4364 was published before September 2023 Patch Tuesday from 2023-08-09 to 2023-09-11

• Autodesk® FBX® SDK (CVE-2022-41303)