My next class:

October 2023 Microsoft Patch Tuesday Summary

Published: 2023-10-10. Last Updated: 2023-10-10 18:03:47 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)

For October, Microsoft released patches for 105 different vulnerabilities. This count includes one Chromium vulnerability that was patched earlier this month.

There are a total of three already exploited vulnerabilities:

CVE-2023-44487 HTTP/2 Rapid Reset Attack: This vulnerability was disclosed by Cloudflare in a blog post earlier today [1]. Cloudflare started to see these attacks late in August. This issue led to unprecedented DoS attacks. An attacker will set an HTTP/2 stream and immediately "cancel" it with a reset stream. This avoids limits on the number of streams accepted and can lead to CPU exhaustion on the server attempting to clean up the canceled streams. This is not a TCP RST but an application layer (HTTP/2) feature. On the other hand, it does look a bit like a SYN flood attack, maybe? HTTP/2 often appears to re-implement some of the features found in TCP, so it is no surprise to see similar vulnerabilities.

CVE-2023-36563 Wordpad Information Disclosure: Yet another problem with linked resources that may cause the client (Wordpad in this case) to initiate an SMB connection and in the process, automatically pass along weakly hashed credentials. See this blog post for details: https://support.microsoft.com/en-us/topic/kb5032314-how-to-manage-the-ole-object-conversion-vulnerability-in-wordpad-associated-with-cve-2023-36563-98d95ae9-2f9e-4f65-9231-46363c31cf07

CVE-2023-41763: Skype for Business elevation of privileges. This is a vulnerability in the Skype for Business server product. IP addresses and port numbers may be disclosed.

Noteworthy are the nine critical vulnerabilities in the Layer 2 Tunneling protocol and the vulnerabilities in the Microsoft Message Queue (one with a CVSS score of 9.8). These two components received numerous patches for the last couple of months. 

Overall, I would rate this patch Tuesday as "average." There are no "outrageously important" vulnerabilities to patch.

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
Active Directory Domain Services Information Disclosure Vulnerability
CVE-2023-36722 No No - - Important 4.4 3.9
Active Template Library Denial of Service Vulnerability
CVE-2023-36585 No No - - Important 7.5 6.5
Azure DevOps Server Elevation of Privilege Vulnerability
CVE-2023-36561 No No - - Important 7.3 6.4
Azure HDInsight Apache Oozie Workflow Scheduler Elevation of Privilege Vulnerability
CVE-2023-36419 No No - - Important 8.8 7.7
Azure Identity SDK Remote Code Execution Vulnerability
CVE-2023-36415 No No - - Important 8.8 7.7
CVE-2023-36414 No No - - Important 8.8 7.8
Azure Network Watcher VM Agent Elevation of Privilege Vulnerability
CVE-2023-36737 No No - - Important 7.8 7.2
Azure RTOS GUIX Studio Remote Code Execution Vulnerability
CVE-2023-36418 No No - - Important 7.8 6.8
Chromium: CVE-2023-5346 Type Confusion in V8
CVE-2023-5346 No No - - -    
DHCP Server Service Denial of Service Vulnerability
CVE-2023-36703 No No - - Important 7.5 6.5
Layer 2 Tunneling Protocol Remote Code Execution Vulnerability
CVE-2023-41765 No No - - Critical 8.1 7.1
CVE-2023-41767 No No - - Critical 8.1 7.1
CVE-2023-41768 No No - - Critical 8.1 7.1
CVE-2023-41769 No No - - Critical 8.1 7.1
CVE-2023-41770 No No - - Critical 8.1 7.1
CVE-2023-41771 No No - - Critical 8.1 7.1
CVE-2023-41773 No No - - Critical 8.1 7.1
CVE-2023-41774 No No - - Critical 8.1 7.1
CVE-2023-38166 No No - - Critical 8.1 7.1
MITRE: CVE-2023-44487 HTTP/2 Rapid Reset Attack
CVE-2023-44487 No Yes - - Important    
Microsoft AllJoyn API Denial of Service Vulnerability
CVE-2023-36709 No No - - Important 7.5 6.5
Microsoft Common Data Model SDK Denial of Service Vulnerability
CVE-2023-36566 No No - - Important 6.5 5.7
Microsoft DirectMusic Remote Code Execution Vulnerability
CVE-2023-36702 No No - - Important 7.8 6.8
Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability
CVE-2023-36433 No No - - Important 6.5 5.7
CVE-2023-36429 No No - - Important 6.5 5.7
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2023-36416 No No - - Important 6.1 5.3
Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2023-36778 No No - - Important 8.0 7.0
Microsoft Message Queuing Denial of Service Vulnerability
CVE-2023-36606 No No - - Important 7.5 6.5
CVE-2023-36581 No No - - Important 7.5 6.5
CVE-2023-36579 No No - - Important 7.5 6.5
CVE-2023-36431 No No - - Important 7.5 6.5
Microsoft Message Queuing Remote Code Execution Vulnerability
CVE-2023-35349 No No - - Critical 9.8 8.5
CVE-2023-36697 No No - - Critical 6.8 5.9
CVE-2023-36593 No No - - Important 7.8 6.8
CVE-2023-36592 No No - - Important 7.3 6.4
CVE-2023-36591 No No - - Important 7.3 6.4
CVE-2023-36590 No No - - Important 7.3 6.4
CVE-2023-36589 No No - - Important 7.3 6.4
CVE-2023-36583 No No - - Important 7.3 6.4
CVE-2023-36582 No No - - Important 7.3 6.4
CVE-2023-36578 No No - - Important 7.3 6.4
CVE-2023-36575 No No - - Important 7.3 6.4
CVE-2023-36574 No No - - Important 7.3 6.4
CVE-2023-36573 No No - - Important 7.3 6.4
CVE-2023-36572 No No - - Important 7.3 6.4
CVE-2023-36571 No No - - Important 7.3 6.4
CVE-2023-36570 No No - - Important 7.3 6.4
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
CVE-2023-36730 No No - - Important 7.8 6.8
CVE-2023-36420 No No - - Important 7.3 6.4
CVE-2023-36785 No No - - Important 7.8 6.8
Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
CVE-2023-36568 No No - - Important 7.0 6.1
Microsoft Office Elevation of Privilege Vulnerability
CVE-2023-36569 No No - - Important 8.4 7.3
Microsoft Office Graphics Elevation of Privilege Vulnerability
CVE-2023-36565 No No - - Important 7.0 6.1
Microsoft QUIC Denial of Service Vulnerability
CVE-2023-38171 No No - - Important 7.5 6.5
CVE-2023-36435 No No - - Important 7.5 6.5
Microsoft Resilient File System (ReFS) Elevation of Privilege Vulnerability
CVE-2023-36701 No No - - Important 7.8 6.8
Microsoft SQL ODBC Driver Remote Code Execution Vulnerability
CVE-2023-36417 No No - - Important 7.8 6.8
Microsoft SQL Server Denial of Service Vulnerability
CVE-2023-36728 No No - - Important 5.5 4.8
Microsoft Virtual Trusted Platform Module Remote Code Execution Vulnerability
CVE-2023-36718 No No - - Critical 7.8 6.8
Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability
CVE-2023-36598 No No - - Important 7.8 6.8
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2023-36577 No No - - Important 8.8 7.7
Microsoft WordPad Information Disclosure Vulnerability
CVE-2023-36563 Yes Yes - - Important 6.5 5.9
Named Pipe File System Elevation of Privilege Vulnerability
CVE-2023-36729 No No - - Important 7.8 6.8
PrintHTML API Remote Code Execution Vulnerability
CVE-2023-36557 No No - - Important 7.8 6.8
Remote Procedure Call Information Disclosure Vulnerability
CVE-2023-36596 No No - - Important 6.5 5.7
Skype for Business Elevation of Privilege Vulnerability
CVE-2023-41763 Yes Yes - - Important 5.3 4.8
Skype for Business Remote Code Execution Vulnerability
CVE-2023-36789 No No - - Important 7.2 6.3
CVE-2023-36786 No No - - Important 7.2 6.3
CVE-2023-36780 No No - - Important 7.2 6.3
Win32k Elevation of Privilege Vulnerability
CVE-2023-41772 No No - - Important 7.8 6.8
CVE-2023-36732 No No - - Important 7.8 6.8
CVE-2023-36731 No No - - Important 7.8 6.8
CVE-2023-36776 No No - - Important 7.0 6.1
CVE-2023-36743 No No - - Important 7.8 6.8
Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability
CVE-2023-41766 No No - - Important 7.8 6.8
Windows Common Log File System Driver Information Disclosure Vulnerability
CVE-2023-36713 No No - - Important 5.5 4.8
Windows Container Manager Service Elevation of Privilege Vulnerability
CVE-2023-36723 No No - - Important 7.8 6.8
Windows Deployment Services Denial of Service Vulnerability
CVE-2023-36707 No No - - Important 6.5 5.7
Windows Deployment Services Information Disclosure Vulnerability
CVE-2023-36706 No No - - Important 6.5 5.7
CVE-2023-36567 No No - - Important 7.5 6.5
Windows Error Reporting Service Elevation of Privilege Vulnerability
CVE-2023-36721 No No - - Important 7.0 6.1
Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2023-36594 No No - - Important 7.8 6.8
CVE-2023-38159 No No - - Important 7.0 6.1
Windows IIS Server Elevation of Privilege Vulnerability
CVE-2023-36434 No No - - Important 9.8 8.5
Windows Internet Key Exchange (IKE) Extension Elevation of Privilege Vulnerability
CVE-2023-36726 No No - - Important 7.8 6.8
Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-36725 No No - - Important 7.8 6.8
CVE-2023-36712 No No - - Important 7.8 6.8
Windows Kernel Information Disclosure Vulnerability
CVE-2023-36576 No No - - Important 5.5 4.8
Windows Kernel Security Feature Bypass Vulnerability
CVE-2023-36698 No No - - Important 3.6 3.2
Windows MSHTML Platform Remote Code Execution Vulnerability
CVE-2023-36436 No No - - Important 7.8 6.8
Windows Mark of the Web Security Feature Bypass Vulnerability
CVE-2023-36584 No No - - Important 5.4 5.0
Windows Media Foundation Core Remote Code Execution Vulnerability
CVE-2023-36710 No No - - Important 7.8 6.8
Windows Mixed Reality Developer Tools Denial of Service Vulnerability
CVE-2023-36720 No No - - Important 7.5 6.5
Windows Named Pipe Filesystem Elevation of Privilege Vulnerability
CVE-2023-36605 No No - - Important 7.4 6.4
Windows Power Management Service Information Disclosure Vulnerability
CVE-2023-36724 No No - - Important 5.5 4.8
Windows RDP Encoder Mirror Driver Elevation of Privilege Vulnerability
CVE-2023-36790 No No - - Important 7.8 6.8
Windows Remote Desktop Gateway (RD Gateway) Information Disclosure Vulnerability
CVE-2023-29348 No No - - Important 6.5 5.7
Windows Runtime C++ Template Library Elevation of Privilege Vulnerability
CVE-2023-36711 No No - - Important 7.8 6.8
Windows Runtime Remote Code Execution Vulnerability
CVE-2023-36902 No No - - Important 7.0 6.1
Windows Search Security Feature Bypass Vulnerability
CVE-2023-36564 No No - - Important 6.5 5.7
Windows Setup Files Cleanup Remote Code Execution Vulnerability
CVE-2023-36704 No No - - Important 7.8 6.8
Windows TCP/IP Denial of Service Vulnerability
CVE-2023-36603 No No - - Important 7.5 6.5
CVE-2023-36602 No No - - Important 7.5 6.5
Windows TCP/IP Information Disclosure Vulnerability
CVE-2023-36438 No No - - Important 7.5 6.5
Windows Virtual Trusted Platform Module Denial of Service Vulnerability
CVE-2023-36717 No No - - Important 6.5 5.7

[1] https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/

---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|

0 comment(s)
My next class:

Comments


Diary Archives