Microsoft August 2023 Patch Tuesday warns of 2 zero-days, 87 flaws

Gandalf_The_Grey

Level 78
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,749
Today is Microsoft's August 2023 Patch Tuesday, with security updates for 87 flaws, including two actively exploited and twenty-three remote code execution vulnerabilities.

While twenty-three RCE bugs were fixed, Microsoft only rated six as 'Critical.'

The number of bugs in each vulnerability category is listed below:
  • 18 Elevation of Privilege vulnerabilities
  • 3 Security Feature Bypass vulnerabilities
  • 23 Remote Code Execution vulnerabilities
  • 10 Information Disclosure vulnerabilities
  • 8 Denial of Service vulnerabilities
  • 12 Spoofing vulnerabilities
These counts do not include twelve Microsoft Edge (Chromium) vulnerabilities fixed earlier this month.
 

Gandalf_The_Grey

Level 78
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,749
The August 2023 Security Update Review
Greetings from hacker summer camp! Black Hat and DEFCON start this week, but let’s kick everything off with Patch Tuesday and the latest security offerings from Adobe and Microsoft. Take a break from your regularly scheduled activities and join us as we review the details of their latest advisories. If you’d rather watch the video recap, you can check out the Patch Report webcast on our YouTube channel. It should be posted within a couple of hours after the release.

Adobe Patches for August 2023

For August, Adobe released four patches addressing 37 CVEs in Adobe Acrobat and Reader, Commerce, Dimension, and the Adobe XMP Toolkit SDK. A total of 28 of these CVEs came through the ZDI program. The update for Reader is the largest, clocking in with 30 CVEs. The most severe of these are rated Critical and would allow code execution when opening a specially crafted PDF. The update for Commerce fixes three CVEs, including an OS command injection bug rated at a CVSS 9.1. The update for Dimension also fixes three CVEs. Similar to reader, and attacker could gain code execution if an affected system opened a specially crafted file. The final patch for the Adobe XMP Toolkit SDK corrects a single Denial-of-Service (DoS) bug.

None of the bugs fixed by Adobe this month are listed as publicly known or under active attack at the time of release. Adobe categorizes these updates as a deployment priority rating of 3.

Microsoft Patches for August 2023

This month, Microsoft released 74 new patches and two new advisories addressing CVES in Microsoft Windows and Windows Components; Edge (Chromium-Based); Exchange Server; Office and Office Components; .NET and Visual Studio; ASP.NET; Azure DevOps and HDInsights; Teams; and Windows Defender. Three of these CVEs were reported through the ZDI program and based on our upcoming page, many others are coming in the near future. Once you include the 11 fixes from the Chromium group for Edge (Chromium-Based) and the fix for AMD, it brings the total number of CVEs to 86.

Of the new patches released today, six are rated Critical and 67 are rated Important in severity. This is on the lower side for an August release, but perhaps Microsoft was distracted by other security problems.

This volume of fixes is the highest we’ve seen in the last few years, although it’s not unusual to see Microsoft ship a large number of patches right before the Black Hat USA conference. It will be interesting to see if the August release, which comes the day before the Black Hat briefings, will also be a large release.

None of the CVEs released today are listed as being publicly known or under active attack at the time of release.
The next Patch Tuesday will be on September 12, and I’ll return with details and patch analysis then. Until then, stay safe, happy patching, and may all your reboots be smooth and clean!
 

Gandalf_The_Grey

Level 78
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,749
The Windows August 2023 security updates fix critical vulnerabilities and Internet Explorer
It is the second Tuesday of the month, and that means it is Microsoft Patch Tuesday. The company has released security updates for all supported client and server operating systems as well as other company products, including Microsoft Office.

The security updates are available already and may be downloaded and installed via Windows Updates or update management systems. Standalone downloads are also provided.

Our monthly patch day overview guide provides system administrators and home users with essential information about the released updates. It offers links to support articles, lists important patches, including all released security updates, links to downloads and informs you about new and fixed known issues as reported by Microsoft.
You can download the following Excel spreadsheet. It lists the released security updates of the August 2023 Microsoft Patch Day. Click on the following link to download it:

Executive Summary​

  • The August 2023 security updates consist of 74 Microsoft CVEs, 12 non-Microsoft CVEs and 2 advisories.
  • All client and server versions of Windows that Microsoft supports are affected by three critical security issues.
  • The following Windows client version have known issues: Windows 10 version 1809, Windows 10 version 21H2 and 22H2, Windows 11 version 22H2
  • The following Windows server versions have known issues: Windows Server 2008, Windows Server 2008 R2, Windows Server 2019 and 2022, Exchange Server 2016 and 2019, SharePoint Server 2019 and SharePoint Enterprise Server 2016.
  • Other company products with updates include Microsoft Office, Microsoft Edge, SQL Server, ASP.NET and Microsoft Exchange Server.
Click on the following link to download it => that link is missing from the original article at the moment.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top