Let’s look at the latest updates or Revisions on September 2023 CVEs 59 flaws announced and 2 Zero-Day Vulnerabilities. Microsoft did release a revision for 3 vulnerabilities after the 12th patch Tuesday.
Apart from these 62 vulnerabilities, Microsoft released Windows 11 KB5030217 KB5030219 and Windows 10 KB5030211 latest cumulative updates (LCU) for September 2023.
The following common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide. CVE-2023-24936, CVE-2023-27909, and CVE-2023-27911 are the 3 CVEs that got revised.
This revision is because Microsoft added all supported versions of 3D Viewer, Microsoft Office 2019, Microsoft Office LTSC 2021, and Microsoft 365 Apps for Enterprise.
2 Zero Day Security Vulnerabilities for September 2023
There are two zero-day vulnerabilities announced by Microsoft with the September patch Tuesday. Those CVEs are related to Office Word and Microsoft streaming services.
- CVE-2023-36761 related to Office Word
- CVE-2023-36802 related to Microsoft Streaming Service
Revisions on September 2023 CVEs
Let’s now look at the 62 CVE details released by Microsoft as part of the 12th Sep 2023 patch Tuesday. The following table gives you end-to-end details of all the released vulnerabilities, including the revised ones.
The following is one of the first Revisions on September 2023 CVEs. CVE-2023-24936 – NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability. You can check out the Aggregate CVE Severity Rating: Moderate.
Revisions on September 2023 CVEs: CVE -2023-27909 – AutoDesk: CVE-2023-27909 Out-Of-Bounds Write Vulnerability in Autodesk® FBX® SDK 2020 or prior. The Aggregate CVE Severity Rating is set to Important.
CVE -2023-27911: AutoDesk: CVE-2023-27911 Heap buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior. You can check out the Aggregate CVE Severity Rating, and it’s set to Important.
NOTE! – The vulnerability assigned to this CVE is in AutoDesk software which is consumed by the Microsoft products listed in the Security Updates table. It is being documented in the Security Update Guide to announce that the latest builds of these products are no longer vulnerable.
CVE Number | CVE Title | Publicly Disclosed | Exploitability assessment | Exploited | Impact |
---|---|---|---|---|---|
CVE-2023-36739 | 3D Viewer Remote Code Execution Vulnerability CVEs | No | Exploitation Unlikely | No | Remote Code Execution |
CVE-2023-36740 | 3D Viewer Remote Code Execution Vulnerability CVEs | No | Exploitation Unlikely | No | Remote Code Execution |
CVE-2023-39956 | Electron: CVE-2023-39956 -Visual Studio Code Remote Code Execution Vulnerability | No | Exploitation Less Likely | No | Remote Code Execution |
CVE-2023-36760 | 3D Viewer Remote Code Execution Vulnerability | No | Exploitation Less Likely | No | Remote Code Execution |
CVE-2023-36761 | Microsoft Word Information Disclosure Vulnerability | Yes | Exploitation Detected | Yes | Information Disclosure |
CVE-2023-36762 | Microsoft Word Remote Code Execution Vulnerability | No | Exploitation Unlikely | No | Remote Code Execution |
CVE-2023-36763 | Microsoft Outlook Information Disclosure Vulnerability | No | Exploitation Less Likely | No | Information Disclosure |
CVE-2023-36764 | Microsoft SharePoint Server Elevation of Privilege Vulnerability | No | Exploitation Less Likely | No | Elevation of Privilege |
CVE-2023-36770 | 3D Builder Remote Code Execution Vulnerability | No | Exploitation Less Likely | No | Remote Code Execution |
CVE-2023-36771 | 3D Builder Remote Code Execution Vulnerability | No | Exploitation Less Likely | No | Remote Code Execution |
CVE-2023-36772 | 3D Builder Remote Code Execution Vulnerability | No | Exploitation Less Likely | No | Remote Code Execution |
CVE-2023-36773 | 3D Builder Remote Code Execution Vulnerability | No | Exploitation Less Likely | No | Remote Code Execution |
CVE-2023-36777 | Microsoft Exchange Server Information Disclosure Vulnerability | No | Exploitation More Likely | No | Information Disclosure |
CVE-2023-36788 | .NET Framework Remote Code Execution Vulnerability | No | Exploitation Less Likely | No | Remote Code Execution |
CVE-2023-36792 | Visual Studio Remote Code Execution Vulnerability | No | Exploitation Less Likely | No | Remote Code Execution |
CVE-2023-36793 | Visual Studio Remote Code Execution Vulnerability | No | Exploitation Less Likely | No | Remote Code Execution |
CVE-2023-36794 | Visual Studio Remote Code Execution Vulnerability | No | Exploitation Less Likely | No | Remote Code Execution |
CVE-2023-36796 | Visual Studio Remote Code Execution Vulnerability | No | Exploitation Less Likely | No | Remote Code Execution |
CVE-2023-36799 | .NET Core and Visual Studio Denial of Service Vulnerability | No | Exploitation Less Likely | No | Denial of Service |
CVE-2023-36800 | Dynamics Finance and Operations Cross-site Scripting Vulnerability | No | Exploitation Less Likely | No | Spoofing |
CVE-2023-38155 | Azure DevOps Server and Team Foundation Server Elevation of Privilege Vulnerability | No | Exploitation Less Likely | No | Elevation of Privilege |
CVE-2023-38160 | Windows TCP/IP Information Disclosure Vulnerability | No | Exploitation More Likely | No | Information Disclosure |
CVE-2023-38163 | Windows Defender Attack Surface Reduction Security Feature Bypass | No | Exploitation Less Likely | No | Security Feature Bypass |
CVE-2023-38164 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | No | Exploitation Less Likely | No | Spoofing |
CVE-2023-36886 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | No | Exploitation Less Likely | No | Spoofing |
CVE-2023-33136 | Azure DevOps Server Remote Code Execution Vulnerability | No | Exploitation Less Likely | No | Remote Code Execution |
CVE-2023-29332 | Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability | No | Exploitation Less Likely | No | Elevation of Privilege |
CVE-2022-41303 | AutoDesk: CVE-2022-41303 use-after-free vulnerability in Autodesk® FBX® SDK 2020 or prior | No | Exploitation Less Likely | No | Remote Code Execution |
CVE-2023-41764 | Microsoft Office Spoofing Vulnerability | No | Exploitation Less Likely | No | Spoofing |
CVE-2023-36736 | Microsoft Identity Linux Broker Arbitrary Code Execution Vulnerability | No | Exploitation Less Likely | No | Remote Code Execution |
CVE-2023-36742 | Visual Studio Code Remote Code Execution Vulnerability | No | Exploitation Less Likely | No | Remote Code Execution |
CVE-2023-36744 | Microsoft Exchange Server Remote Code Execution Vulnerability | No | Exploitation More Likely | No | Remote Code Execution |
CVE-2023-36745 | Microsoft Exchange Server Remote Code Execution Vulnerability | No | Exploitation More Likely | No | Remote Code Execution |
CVE-2023-36756 | Microsoft Exchange Server Remote Code Execution Vulnerability | No | Exploitation More Likely | No | Remote Code Execution |
CVE-2023-36757 | Microsoft Exchange Server Spoofing Vulnerability | No | Exploitation Less Likely | No | Spoofing |
CVE-2023-36758 | Visual Studio Elevation of Privilege Vulnerability | No | Exploitation Less Likely | No | Elevation of Privilege |
CVE-2023-36759 | Visual Studio Elevation of Privilege Vulnerability | No | Exploitation Less Likely | No | Elevation of Privilege |
CVE-2023-36765 | Microsoft Office Elevation of Privilege Vulnerability CVEs | No | Exploitation Less Likely | No | Elevation of Privilege |
CVE-2023-36766 | Microsoft Excel Information Disclosure Vulnerability | No | Exploitation Less Likely | No | Information Disclosure |
CVE-2023-36767 | Microsoft Office Security Feature Bypass Vulnerability | No | Exploitation Less Likely | No | Security Feature Bypass |
CVE-2023-36801 | DHCP Server Service Information Disclosure Vulnerability | No | Exploitation Less Likely | No | Information Disclosure |
CVE-2023-36802 | Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability CVEs | No | Exploitation Detected | Yes | Elevation of Privilege |
CVE-2023-36803 | Windows Kernel Information Disclosure Vulnerability | No | Exploitation Less Likely | No | Information Disclosure |
CVE-2023-36804 | Windows GDI Elevation of Privilege Vulnerability | No | Exploitation More Likely | No | Elevation of Privilege |
CVE-2023-36805 | Windows MSHTML Platform Security Feature Bypass Vulnerability | No | Exploitation Less Likely | No | Remote Code Execution |
CVE-2023-38139 | Windows Kernel Elevation of Privilege Vulnerability | No | Exploitation Less Likely | No | Elevation of Privilege |
CVE-2023-38140 | Windows Kernel Information Disclosure Vulnerability | No | Exploitation Less Likely | No | Information Disclosure |
CVE-2023-38141 | Windows Kernel Elevation of Privilege Vulnerability | No | Exploitation Less Likely | No | Elevation of Privilege |
CVE-2023-38142 | Windows Kernel Elevation of Privilege Vulnerability | No | Exploitation More Likely | No | Elevation of Privilege |
CVE-2023-38143 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | No | Exploitation More Likely | No | Elevation of Privilege |
CVE-2023-38144 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | No | Exploitation More Likely | No | Elevation of Privilege |
CVE-2023-38146 | Windows Themes Remote Code Execution Vulnerability | No | Exploitation Less Likely | No | Remote Code Execution |
CVE-2023-38147 | Windows Miracast Wireless Display Remote Code Execution Vulnerability | No | Exploitation Less Likely | No | Remote Code Execution |
CVE-2023-38148 | Internet Connection Sharing (ICS) Remote Code Execution Vulnerability | No | Exploitation More Likely | No | Remote Code Execution |
CVE-2023-38149 | Windows TCP/IP Denial of Service Vulnerability | No | Exploitation Less Likely | No | Denial of Service |
CVE-2023-38150 | Windows Kernel Elevation of Privilege Vulnerability | No | Exploitation Less Likely | No | Elevation of Privilege |
CVE-2023-38152 | DHCP Server Service Information Disclosure Vulnerability | No | Exploitation More Likely | No | Information Disclosure |
CVE-2023-38156 | Azure HDInsight Apache Ambari Elevation of Privilege Vulnerability | No | Exploitation Less Likely | No | Elevation of Privilege |
CVE-2023-38161 | Windows GDI Elevation of Privilege Vulnerability | No | Exploitation More Likely | No | Elevation of Privilege |
CVE-2023-38162 | DHCP Server Service Denial of Service Vulnerability | No | Exploitation Less Likely | No | Denial of Service |
CVE-2023-35355 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | No | Exploitation Less Likely | No | Elevation of Privilege |
Author
Sumitha was introduced to the world of computers when she was very young. She loves to help users with their Windows 11 and related queries. She is here to share quick tips and tricks with Windows security.