Revisions on September 2023 CVEs 59 flaws announced and 2 Zero-Day Vulnerabilities

Let’s look at the latest updates or Revisions on September 2023 CVEs 59 flaws announced and 2 Zero-Day Vulnerabilities. Microsoft did release a revision for 3 vulnerabilities after the 12th patch Tuesday.

Apart from these 62 vulnerabilities, Microsoft released Windows 11 KB5030217 KB5030219 and Windows 10 KB5030211 latest cumulative updates (LCU) for September 2023.

The following common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide. CVE-2023-24936, CVE-2023-27909, and CVE-2023-27911 are the 3 CVEs that got revised.

This revision is because Microsoft added all supported versions of 3D Viewer, Microsoft Office 2019, Microsoft Office LTSC 2021, and Microsoft 365 Apps for Enterprise.

Patch My PC
Revisions on September 2023 CVEs 59 flaws announced and 2 Zero-Day Vulnerabilities Fig. 1
Revisions on September 2023 CVEs 59 flaws announced and 2 Zero-Day Vulnerabilities Fig. 1

2 Zero Day Security Vulnerabilities for September 2023

There are two zero-day vulnerabilities announced by Microsoft with the September patch Tuesday. Those CVEs are related to Office Word and Microsoft streaming services.

  • CVE-2023-36761 related to Office Word
  • CVE-2023-36802 related to Microsoft Streaming Service
Revisions on September 2023 CVEs 59 flaws announced and 2 Zero-Day Vulnerabilities Fig. 2
Revisions on September 2023 CVEs 59 flaws announced and 2 Zero-Day Vulnerabilities Fig. 2

Revisions on September 2023 CVEs

Let’s now look at the 62 CVE details released by Microsoft as part of the 12th Sep 2023 patch Tuesday. The following table gives you end-to-end details of all the released vulnerabilities, including the revised ones.

Adaptiva

The following is one of the first Revisions on September 2023 CVEs. CVE-2023-24936 – NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability. You can check out the Aggregate CVE Severity Rating: Moderate.

Revisions on September 2023 CVEs: CVE -2023-27909 – AutoDesk: CVE-2023-27909 Out-Of-Bounds Write Vulnerability in Autodesk® FBX® SDK 2020 or prior. The Aggregate CVE Severity Rating is set to Important.

CVE -2023-27911: AutoDesk: CVE-2023-27911 Heap buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior. You can check out the Aggregate CVE Severity Rating, and it’s set to Important.

NOTE! – The vulnerability assigned to this CVE is in AutoDesk software which is consumed by the Microsoft products listed in the Security Updates table. It is being documented in the Security Update Guide to announce that the latest builds of these products are no longer vulnerable.

CVE NumberCVE TitlePublicly DisclosedExploitability assessmentExploitedImpact
CVE-2023-367393D Viewer Remote Code Execution Vulnerability CVEsNoExploitation UnlikelyNoRemote Code Execution
CVE-2023-367403D Viewer Remote Code Execution Vulnerability CVEsNoExploitation UnlikelyNoRemote Code Execution
CVE-2023-39956Electron: CVE-2023-39956 -Visual Studio Code Remote Code Execution VulnerabilityNoExploitation Less LikelyNoRemote Code Execution
CVE-2023-367603D Viewer Remote Code Execution VulnerabilityNoExploitation Less LikelyNoRemote Code Execution
CVE-2023-36761Microsoft Word Information Disclosure VulnerabilityYesExploitation DetectedYesInformation Disclosure
CVE-2023-36762Microsoft Word Remote Code Execution VulnerabilityNoExploitation UnlikelyNoRemote Code Execution
CVE-2023-36763Microsoft Outlook Information Disclosure VulnerabilityNoExploitation Less LikelyNoInformation Disclosure
CVE-2023-36764Microsoft SharePoint Server Elevation of Privilege VulnerabilityNoExploitation Less LikelyNoElevation of Privilege
CVE-2023-367703D Builder Remote Code Execution VulnerabilityNoExploitation Less LikelyNoRemote Code Execution
CVE-2023-367713D Builder Remote Code Execution VulnerabilityNoExploitation Less LikelyNoRemote Code Execution
CVE-2023-367723D Builder Remote Code Execution VulnerabilityNoExploitation Less LikelyNoRemote Code Execution
CVE-2023-367733D Builder Remote Code Execution VulnerabilityNoExploitation Less LikelyNoRemote Code Execution
CVE-2023-36777Microsoft Exchange Server Information Disclosure VulnerabilityNoExploitation More LikelyNoInformation Disclosure
CVE-2023-36788.NET Framework Remote Code Execution VulnerabilityNoExploitation Less LikelyNoRemote Code Execution
CVE-2023-36792Visual Studio Remote Code Execution VulnerabilityNoExploitation Less LikelyNoRemote Code Execution
CVE-2023-36793Visual Studio Remote Code Execution VulnerabilityNoExploitation Less LikelyNoRemote Code Execution
CVE-2023-36794Visual Studio Remote Code Execution VulnerabilityNoExploitation Less LikelyNoRemote Code Execution
CVE-2023-36796Visual Studio Remote Code Execution VulnerabilityNoExploitation Less LikelyNoRemote Code Execution
CVE-2023-36799.NET Core and Visual Studio Denial of Service VulnerabilityNoExploitation Less LikelyNoDenial of Service
CVE-2023-36800Dynamics Finance and Operations Cross-site Scripting VulnerabilityNoExploitation Less LikelyNoSpoofing
CVE-2023-38155Azure DevOps Server and Team Foundation Server Elevation of Privilege VulnerabilityNoExploitation Less LikelyNoElevation of Privilege
CVE-2023-38160Windows TCP/IP Information Disclosure VulnerabilityNoExploitation More LikelyNoInformation Disclosure
CVE-2023-38163Windows Defender Attack Surface Reduction Security Feature BypassNoExploitation Less LikelyNoSecurity Feature Bypass
CVE-2023-38164Microsoft Dynamics 365 (on-premises) Cross-site Scripting VulnerabilityNoExploitation Less LikelyNoSpoofing
CVE-2023-36886Microsoft Dynamics 365 (on-premises) Cross-site Scripting VulnerabilityNoExploitation Less LikelyNoSpoofing
CVE-2023-33136Azure DevOps Server Remote Code Execution VulnerabilityNoExploitation Less LikelyNoRemote Code Execution
CVE-2023-29332Microsoft Azure Kubernetes Service Elevation of Privilege VulnerabilityNoExploitation Less LikelyNoElevation of Privilege
CVE-2022-41303AutoDesk: CVE-2022-41303 use-after-free vulnerability in Autodesk® FBX® SDK 2020 or priorNoExploitation Less LikelyNoRemote Code Execution
CVE-2023-41764Microsoft Office Spoofing VulnerabilityNoExploitation Less LikelyNoSpoofing
CVE-2023-36736Microsoft Identity Linux Broker Arbitrary Code Execution VulnerabilityNoExploitation Less LikelyNoRemote Code Execution
CVE-2023-36742Visual Studio Code Remote Code Execution VulnerabilityNoExploitation Less LikelyNoRemote Code Execution
CVE-2023-36744Microsoft Exchange Server Remote Code Execution VulnerabilityNoExploitation More LikelyNoRemote Code Execution
CVE-2023-36745Microsoft Exchange Server Remote Code Execution VulnerabilityNoExploitation More LikelyNoRemote Code Execution
CVE-2023-36756Microsoft Exchange Server Remote Code Execution VulnerabilityNoExploitation More LikelyNoRemote Code Execution
CVE-2023-36757Microsoft Exchange Server Spoofing VulnerabilityNoExploitation Less LikelyNoSpoofing
CVE-2023-36758Visual Studio Elevation of Privilege VulnerabilityNoExploitation Less LikelyNoElevation of Privilege
CVE-2023-36759Visual Studio Elevation of Privilege VulnerabilityNoExploitation Less LikelyNoElevation of Privilege
CVE-2023-36765Microsoft Office Elevation of Privilege Vulnerability CVEsNoExploitation Less LikelyNoElevation of Privilege
CVE-2023-36766Microsoft Excel Information Disclosure VulnerabilityNoExploitation Less LikelyNoInformation Disclosure
CVE-2023-36767Microsoft Office Security Feature Bypass VulnerabilityNoExploitation Less LikelyNoSecurity Feature Bypass
CVE-2023-36801DHCP Server Service Information Disclosure VulnerabilityNoExploitation Less LikelyNoInformation Disclosure
CVE-2023-36802Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability CVEsNoExploitation DetectedYesElevation of Privilege
CVE-2023-36803Windows Kernel Information Disclosure VulnerabilityNoExploitation Less LikelyNoInformation Disclosure
CVE-2023-36804Windows GDI Elevation of Privilege VulnerabilityNoExploitation More LikelyNoElevation of Privilege
CVE-2023-36805Windows MSHTML Platform Security Feature Bypass VulnerabilityNoExploitation Less LikelyNoRemote Code Execution
CVE-2023-38139Windows Kernel Elevation of Privilege VulnerabilityNoExploitation Less LikelyNoElevation of Privilege
CVE-2023-38140Windows Kernel Information Disclosure VulnerabilityNoExploitation Less LikelyNoInformation Disclosure
CVE-2023-38141Windows Kernel Elevation of Privilege VulnerabilityNoExploitation Less LikelyNoElevation of Privilege
CVE-2023-38142Windows Kernel Elevation of Privilege VulnerabilityNoExploitation More LikelyNoElevation of Privilege
CVE-2023-38143Windows Common Log File System Driver Elevation of Privilege VulnerabilityNoExploitation More LikelyNoElevation of Privilege
CVE-2023-38144Windows Common Log File System Driver Elevation of Privilege VulnerabilityNoExploitation More LikelyNoElevation of Privilege
CVE-2023-38146Windows Themes Remote Code Execution VulnerabilityNoExploitation Less LikelyNoRemote Code Execution
CVE-2023-38147Windows Miracast Wireless Display Remote Code Execution VulnerabilityNoExploitation Less LikelyNoRemote Code Execution
CVE-2023-38148Internet Connection Sharing (ICS) Remote Code Execution VulnerabilityNoExploitation More LikelyNoRemote Code Execution
CVE-2023-38149Windows TCP/IP Denial of Service VulnerabilityNoExploitation Less LikelyNoDenial of Service
CVE-2023-38150Windows Kernel Elevation of Privilege VulnerabilityNoExploitation Less LikelyNoElevation of Privilege
CVE-2023-38152DHCP Server Service Information Disclosure VulnerabilityNoExploitation More LikelyNoInformation Disclosure
CVE-2023-38156Azure HDInsight Apache Ambari Elevation of Privilege VulnerabilityNoExploitation Less LikelyNoElevation of Privilege
CVE-2023-38161Windows GDI Elevation of Privilege VulnerabilityNoExploitation More LikelyNoElevation of Privilege
CVE-2023-38162DHCP Server Service Denial of Service VulnerabilityNoExploitation Less LikelyNoDenial of Service
CVE-2023-35355Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityNoExploitation Less LikelyNoElevation of Privilege
Revisions on September 2023 CVEs 59 flaws announced and 2 Zero-Day Vulnerabilities – Table 1

Author

Sumitha was introduced to the world of computers when she was very young. She loves to help users with their Windows 11 and related queries. She is here to share quick tips and tricks with Windows security.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.