Skip to main content

Microsoft Releases August 2023 Security Updates

Scheduled updates for Microsoft products, including security updates for 2 zero-day vulnerabilities

Threat ID:
CC-4366
Threat Severity:
Medium
Published:
9 August 2023 11:57 AM
Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Scheduled updates for Microsoft products, including security updates for 2 zero-day vulnerabilities

Affected platforms

The following platforms are known to be affected:

Microsoft Office

Microsoft Edge

Microsoft Outlook

The following platforms are also known to be affected:

  • .NET Core
  • .NET Framework
  • ASP.NET
  • Visual Studio
  • Azure Arc
  • Azure DevOps
  • Azure HDInsights
  • Dynamics Business Central Control
  • Mariner
  • Memory Integrity System Readiness Scan Tool
  • Microsoft Dynamics
  • Microsoft Exchange Server
  • Microsoft Teams
  • Microsoft WDAC OLE DB provider for SQL
  • Microsoft Windows
  • Microsoft Windows Codecs Library
  • Reliability Analysis Metrics Calculation Engine
  • Role: Windows Hyper-V
  • SQL Server
  • Tablet Windows User Interface
  • Windows Bluetooth A2DP driver
  • Windows Cloud Files Mini Filter Driver
  • Windows Common Log File System Driver
  • Windows Cryptographic Services
  • Windows Defender
  • Windows Fax and Scan Service
  • Windows Group Policy
  • Windows HTML Platform
  • Windows Kernel
  • Windows LDAP - Lightweight Directory Access Protocol
  • Windows Message Queuing
  • Windows Mobile Device Management
  • Windows Projected File System
  • Windows Reliability Analysis Metrics Calculation Engine
  • Windows Smart Card
  • Windows System Assessment Tool
  • Windows Wireless Wide Area Network Service

Threat details

Introduction

Microsoft has released security updates to address 74 vulnerabilities and 2 advisories across multiple product lines, including 2 zero-day vulnerabilities. An unauthenticated, remote attacker could exploit some of these vulnerabilities to take control of an affected system.

Exploitation of multiple vulnerabilities

In the advisory designated ADV230003 Microsoft has issued a defense in depth update which is not a vulnerability, but installing the update stops the attack chain leading to the Windows Search Remote Code Execution Vulnerability (CVE-2023-36884). This vulnerability is being actively exploited in the wild.

CVE-2023-38180 is a denial-of-service (DoS) vulnerability in Microsoft .NET and Visual Studio that Microsoft has reported as being exploited in the wild.

Remediation advice

Affected organisations are encouraged to review Microsoft’s August 2023 Security Update Summary and Deployment Information apply the relevant updates.

Last edited: 9 August 2023 3:10 pm