Revisions On September 2023 CVEs 59 Flaws Announced And 2 Zero-Day Vulnerabilities HTMD Blog

Let’s look at the latest updates or Revisions on September 2023 CVEs 59 flaws announced and 2 Zero-Day Vulnerabilities. Microsoft did release a revision for 3 vulnerabilities after the 12th patch Tuesday.

Apart from these 62 vulnerabilities, Microsoft released Windows 11 KB5030217 KB5030219 and Windows 10 KB5030211 latest cumulative updates (LCU) for September 2023.

The following common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide. CVE-2023-24936, CVE-2023-27909, and CVE-2023-27911 are the 3 CVEs that got revised.

This revision is because Microsoft added all supported versions of 3D Viewer, Microsoft Office 2019, Microsoft Office LTSC 2021, and Microsoft 365 Apps for Enterprise.

Revisions on September 2023 CVEs 59 flaws announced and 2 Zero-Day Vulnerabilities Fig. 1

2 Zero Day Security Vulnerabilities for September 2023

There are two zero-day vulnerabilities announced by Microsoft with the September patch Tuesday. Those CVEs are related to Office Word and Microsoft streaming services.

CVE-2023-36761 related to Office Word
CVE-2023-36802 related to Microsoft Streaming Service

Revisions on September 2023 CVEs

Let’s now look at the 62 CVE details released by Microsoft as part of the 12th Sep 2023 patch Tuesday. The following table gives you end-to-end details of all the released vulnerabilities, including the revised ones.

The following is one of the first Revisions on September 2023 CVEs. CVE-2023-24936 – NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability. You can check out the Aggregate CVE Severity Rating: Moderate.

Revisions on September 2023 CVEs: CVE -2023-27909 – AutoDesk: CVE-2023-27909 Out-Of-Bounds Write Vulnerability in Autodesk® FBX® SDK 2020 or prior. The Aggregate CVE Severity Rating is set to Important.

CVE -2023-27911: AutoDesk: CVE-2023-27911 Heap buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior. You can check out the Aggregate CVE Severity Rating, and it’s set to Important.

NOTE! – The vulnerability assigned to this CVE is in AutoDesk software which is consumed by the Microsoft products listed in the Security Updates table. It is being documented in the Security Update Guide to announce that the latest builds of these products are no longer vulnerable.

CVE Number	CVE Title	Publicly Disclosed	Exploitability assessment	Exploited	Impact
CVE-2023-36739	3D Viewer Remote Code Execution Vulnerability CVEs	No	Exploitation Unlikely	No	Remote Code Execution
CVE-2023-36740	3D Viewer Remote Code Execution Vulnerability CVEs	No	Exploitation Unlikely	No	Remote Code Execution
CVE-2023-39956	Electron: CVE-2023-39956 -Visual Studio Code Remote Code Execution Vulnerability	No	Exploitation Less Likely	No	Remote Code Execution
CVE-2023-36760	3D Viewer Remote Code Execution Vulnerability	No	Exploitation Less Likely	No	Remote Code Execution
CVE-2023-36761	Microsoft Word Information Disclosure Vulnerability	Yes	Exploitation Detected	Yes	Information Disclosure
CVE-2023-36762	Microsoft Word Remote Code Execution Vulnerability	No	Exploitation Unlikely	No	Remote Code Execution
CVE-2023-36763	Microsoft Outlook Information Disclosure Vulnerability	No	Exploitation Less Likely	No	Information Disclosure
CVE-2023-36764	Microsoft SharePoint Server Elevation of Privilege Vulnerability	No	Exploitation Less Likely	No	Elevation of Privilege
CVE-2023-36770	3D Builder Remote Code Execution Vulnerability	No	Exploitation Less Likely	No	Remote Code Execution
CVE-2023-36771	3D Builder Remote Code Execution Vulnerability	No	Exploitation Less Likely	No	Remote Code Execution
CVE-2023-36772	3D Builder Remote Code Execution Vulnerability	No	Exploitation Less Likely	No	Remote Code Execution
CVE-2023-36773	3D Builder Remote Code Execution Vulnerability	No	Exploitation Less Likely	No	Remote Code Execution
CVE-2023-36777	Microsoft Exchange Server Information Disclosure Vulnerability	No	Exploitation More Likely	No	Information Disclosure
CVE-2023-36788	.NET Framework Remote Code Execution Vulnerability	No	Exploitation Less Likely	No	Remote Code Execution
CVE-2023-36792	Visual Studio Remote Code Execution Vulnerability	No	Exploitation Less Likely	No	Remote Code Execution
CVE-2023-36793	Visual Studio Remote Code Execution Vulnerability	No	Exploitation Less Likely	No	Remote Code Execution
CVE-2023-36794	Visual Studio Remote Code Execution Vulnerability	No	Exploitation Less Likely	No	Remote Code Execution
CVE-2023-36796	Visual Studio Remote Code Execution Vulnerability	No	Exploitation Less Likely	No	Remote Code Execution
CVE-2023-36799	.NET Core and Visual Studio Denial of Service Vulnerability	No	Exploitation Less Likely	No	Denial of Service
CVE-2023-36800	Dynamics Finance and Operations Cross-site Scripting Vulnerability	No	Exploitation Less Likely	No	Spoofing
CVE-2023-38155	Azure DevOps Server and Team Foundation Server Elevation of Privilege Vulnerability	No	Exploitation Less Likely	No	Elevation of Privilege
CVE-2023-38160	Windows TCP/IP Information Disclosure Vulnerability	No	Exploitation More Likely	No	Information Disclosure
CVE-2023-38163	Windows Defender Attack Surface Reduction Security Feature Bypass	No	Exploitation Less Likely	No	Security Feature Bypass
CVE-2023-38164	Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability	No	Exploitation Less Likely	No	Spoofing
CVE-2023-36886	Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability	No	Exploitation Less Likely	No	Spoofing
CVE-2023-33136	Azure DevOps Server Remote Code Execution Vulnerability	No	Exploitation Less Likely	No	Remote Code Execution
CVE-2023-29332	Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability	No	Exploitation Less Likely	No	Elevation of Privilege
CVE-2022-41303	AutoDesk: CVE-2022-41303 use-after-free vulnerability in Autodesk® FBX® SDK 2020 or prior	No	Exploitation Less Likely	No	Remote Code Execution
CVE-2023-41764	Microsoft Office Spoofing Vulnerability	No	Exploitation Less Likely	No	Spoofing
CVE-2023-36736	Microsoft Identity Linux Broker Arbitrary Code Execution Vulnerability	No	Exploitation Less Likely	No	Remote Code Execution
CVE-2023-36742	Visual Studio Code Remote Code Execution Vulnerability	No	Exploitation Less Likely	No	Remote Code Execution
CVE-2023-36744	Microsoft Exchange Server Remote Code Execution Vulnerability	No	Exploitation More Likely	No	Remote Code Execution
CVE-2023-36745	Microsoft Exchange Server Remote Code Execution Vulnerability	No	Exploitation More Likely	No	Remote Code Execution
CVE-2023-36756	Microsoft Exchange Server Remote Code Execution Vulnerability	No	Exploitation More Likely	No	Remote Code Execution
CVE-2023-36757	Microsoft Exchange Server Spoofing Vulnerability	No	Exploitation Less Likely	No	Spoofing
CVE-2023-36758	Visual Studio Elevation of Privilege Vulnerability	No	Exploitation Less Likely	No	Elevation of Privilege
CVE-2023-36759	Visual Studio Elevation of Privilege Vulnerability	No	Exploitation Less Likely	No	Elevation of Privilege
CVE-2023-36765	Microsoft Office Elevation of Privilege Vulnerability CVEs	No	Exploitation Less Likely	No	Elevation of Privilege
CVE-2023-36766	Microsoft Excel Information Disclosure Vulnerability	No	Exploitation Less Likely	No	Information Disclosure
CVE-2023-36767	Microsoft Office Security Feature Bypass Vulnerability	No	Exploitation Less Likely	No	Security Feature Bypass
CVE-2023-36801	DHCP Server Service Information Disclosure Vulnerability	No	Exploitation Less Likely	No	Information Disclosure
CVE-2023-36802	Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability CVEs	No	Exploitation Detected	Yes	Elevation of Privilege
CVE-2023-36803	Windows Kernel Information Disclosure Vulnerability	No	Exploitation Less Likely	No	Information Disclosure
CVE-2023-36804	Windows GDI Elevation of Privilege Vulnerability	No	Exploitation More Likely	No	Elevation of Privilege
CVE-2023-36805	Windows MSHTML Platform Security Feature Bypass Vulnerability	No	Exploitation Less Likely	No	Remote Code Execution
CVE-2023-38139	Windows Kernel Elevation of Privilege Vulnerability	No	Exploitation Less Likely	No	Elevation of Privilege
CVE-2023-38140	Windows Kernel Information Disclosure Vulnerability	No	Exploitation Less Likely	No	Information Disclosure
CVE-2023-38141	Windows Kernel Elevation of Privilege Vulnerability	No	Exploitation Less Likely	No	Elevation of Privilege
CVE-2023-38142	Windows Kernel Elevation of Privilege Vulnerability	No	Exploitation More Likely	No	Elevation of Privilege
CVE-2023-38143	Windows Common Log File System Driver Elevation of Privilege Vulnerability	No	Exploitation More Likely	No	Elevation of Privilege
CVE-2023-38144	Windows Common Log File System Driver Elevation of Privilege Vulnerability	No	Exploitation More Likely	No	Elevation of Privilege
CVE-2023-38146	Windows Themes Remote Code Execution Vulnerability	No	Exploitation Less Likely	No	Remote Code Execution
CVE-2023-38147	Windows Miracast Wireless Display Remote Code Execution Vulnerability	No	Exploitation Less Likely	No	Remote Code Execution
CVE-2023-38148	Internet Connection Sharing (ICS) Remote Code Execution Vulnerability	No	Exploitation More Likely	No	Remote Code Execution
CVE-2023-38149	Windows TCP/IP Denial of Service Vulnerability	No	Exploitation Less Likely	No	Denial of Service
CVE-2023-38150	Windows Kernel Elevation of Privilege Vulnerability	No	Exploitation Less Likely	No	Elevation of Privilege
CVE-2023-38152	DHCP Server Service Information Disclosure Vulnerability	No	Exploitation More Likely	No	Information Disclosure
CVE-2023-38156	Azure HDInsight Apache Ambari Elevation of Privilege Vulnerability	No	Exploitation Less Likely	No	Elevation of Privilege
CVE-2023-38161	Windows GDI Elevation of Privilege Vulnerability	No	Exploitation More Likely	No	Elevation of Privilege
CVE-2023-38162	DHCP Server Service Denial of Service Vulnerability	No	Exploitation Less Likely	No	Denial of Service
CVE-2023-35355	Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability	No	Exploitation Less Likely	No	Elevation of Privilege

Revisions on September 2023 CVEs 59 flaws announced and 2 Zero-Day Vulnerabilities – Table 1

Author

Sumitha was introduced to the world of computers when she was very young. She loves to help users with their Windows 11 and related queries. She is here to share quick tips and tricks with Windows security.

2 Zero Day Security Vulnerabilities for September 2023

Revisions on September 2023 CVEs

Author

Leave a Comment Cancel reply