Microsoft Patch Tuesday – October 2023

For October, Microsoft released patches for 103 CVEs, including 3 zero-days and 13 criticals. Let’s briefly review them!

CVE-2023-44487 – HTTP/2 Rapid Reset Attack

The first zero-day was reported as being under active attack across Google systems in August 2023, but Microsoft released a patch for their products right now. This vulnerability allows attackers to abuse the Layer 7 stream cancellation feature within HTTP/2 to create a DoS across a service. The problem is shared across many services, You can find more details in this article.

CVE-2023-36563 – Microsoft WordPad Information Disclosure Vulnerability

This bug looks very similar to CVE-2023-36761 described in the previous month. Successful exploitation could lead to the disclosure of NTLM hashes, but this time the Preview Pane is not an attack vector, so user interaction is required. The exploitation has been detected in the wild.

CVE-2023-41763 – Skype for Business Elevation of Privilege Vulnerability

The last zero-day is more like information disclosure than the elevation of privilege. An attacker could make a specially crafted network call to the target Skype for Business server, which could cause the parsing of an http request made to an arbitrary address. This could disclose IP addresses or port numbers or both to the attacker. Recommendation – get rid of Skype for Business as soon as possible, but patch earlier if needed.

CVE-2023-35349 / CVE-2023-36697 – Microsoft Message Queuing Remote Code Execution Vulnerability

Here we go again… This year we already observed a lot of Message Queuing bugs, but this month Microsoft released 20 patches for it! These 2 mentioned in the header are rated as critical, and the rest 18 are important. The first bug could allow a remote, unauthenticated attacker to run their code with elevated privileges on affected servers with the Message Queuing service enabled. Again… you can block TCP port 1801 as mitigation, but the better choice is to test and deploy the update quickly. You can also check on which server the Message Queuing service is enabled using a script from June.

CVE-2023-38166 / CVE-2023-41765 / CVE-2023-41767 / CVE-2023-41768 / CVE-2023-41769 / CVE-2023-41770 / CVE-2023-41771 / CVE-2023-41773 / CVE-2023-41774 – Layer 2 Tunneling Protocol Remote Code Execution Vulnerability

A remote, unauthenticated attacker could send malicious packets to a Routing and Remote Access Service (RRAS) server to get arbitrary code execution. All of these bugs require to win a race condition, but if you are using RAS in your environment, take it seriously.

CVE-2023-36718 – Microsoft Virtual Trusted Platform Module Remote Code Execution Vulnerability

This one is related to the virtual TPM module on VMs and could lead to a contained execution environment escape.

Summary

Below you can see the most important CVEs released by Microsoft in October 2023. Besides the vulnerabilities already mentioned, you can find also info about bugs in Microsoft Common Data Model SDK, Azure Identity SDK, IIS Server, Azure HDInsight Apache Oozie Workflow Scheduler, WDAC OLE DB provider for SQL Server, Microsoft Office, and Microsoft Exchange Server.

CVE NumberCVE TitleSeverity (CVSS score)Attack VectorAttack ComplexityPrivileges RequiredUser interactionExploit Code MaturityApplicable for
CVE-2023-44487HTTP/2 Rapid Reset AttackImportant (8.8)AdjacentLowNoneNoneExploitedWindows 10+
Windows Server 2016+
ASP.NET Core 6.0 & .NET 6.0
ASP.NET Core 7.0 & .NET 7.0
Microsoft Visual Studio 2022 17.7-
CVE-2023-36563Microsoft WordPad Information Disclosure VulnerabilityImportant (6.5)NetworkLowNoneRequiredExploitedWindows 10+
Windows Server 2008+
CVE-2023-41763Skype for Business Elevation of Privilege VulnerabilityImportant (5.3)NetworkLowNoneNoneExploitedSkype for Business Server 2015 CU13
Skype for Business Server 2019 CU7
CVE-2023-35349Microsoft Message Queuing Remote Code Execution VulnerabilityCritical (9.8)NetworkLowNoneNoneUnprovenWindows 10+
Windows Server 2008+
CVE-2023-36697Microsoft Message Queuing Remote Code Execution VulnerabilityCritical (6.8)NetworkLowHighRequiredUnprovenWindows 10+
Windows Server 2008+
CVE-2023-38166Layer 2 Tunneling Protocol Remote Code Execution VulnerabilityCritical (8.1)NetworkHighNoneNoneUnprovenWindows 10+
Windows Server 2008+
CVE-2023-41765Layer 2 Tunneling Protocol Remote Code Execution VulnerabilityCritical (8.1)NetworkHighNoneNoneUnprovenWindows 10+
Windows Server 2008+
CVE-2023-41767Layer 2 Tunneling Protocol Remote Code Execution VulnerabilityCritical (8.1)NetworkHighNoneNoneUnprovenWindows 10+
Windows Server 2008+
CVE-2023-41768Layer 2 Tunneling Protocol Remote Code Execution VulnerabilityCritical (8.1)NetworkHighNoneNoneUnprovenWindows 10+
Windows Server 2008+
CVE-2023-41769Layer 2 Tunneling Protocol Remote Code Execution VulnerabilityCritical (8.1)NetworkHighNoneNoneUnprovenWindows 10+
Windows Server 2008+
CVE-2023-41770Layer 2 Tunneling Protocol Remote Code Execution VulnerabilityCritical (8.1)NetworkHighNoneNoneUnprovenWindows 10+
Windows Server 2008+
CVE-2023-41771Layer 2 Tunneling Protocol Remote Code Execution VulnerabilityCritical (8.1)NetworkHighNoneNoneUnprovenWindows 10+
Windows Server 2008+
CVE-2023-41773Layer 2 Tunneling Protocol Remote Code Execution VulnerabilityCritical (8.1)NetworkHighNoneNoneUnprovenWindows 10+
Windows Server 2008+
CVE-2023-41774Layer 2 Tunneling Protocol Remote Code Execution VulnerabilityCritical (8.1)NetworkHighNoneNoneUnprovenWindows 10+
Windows Server 2008+
CVE-2023-36718Microsoft Virtual Trusted Platform Module Remote Code Execution VulnerabilityCritical (7.8)LocalHighLowNoneUnprovenWindows 10+
Windows Server 2016+
CVE-2023-36566Microsoft Common Data Model SDK Denial of Service VulnerabilityCritical (6.5)NetworkLowLowNoneUnprovenMicrosoft Common Data Model SDK for C#
Microsoft Common Data Model SDK for Java
Microsoft Common Data Model SDK for Python
Microsoft Common Data Model SDK for TypeScript
CVE-2023-36434Windows IIS Server Elevation of Privilege VulnerabilityImportant (9.8)NetworkLowNoneNoneUnprovenWindows 10+
Windows Server 2008+
CVE-2023-36414Azure Identity SDK Remote Code Execution VulnerabilityImportant (8.8)NetworkLowLowNoneUnprovenAzure Identity SDK for .NET
CVE-2023-36415Azure Identity SDK Remote Code Execution VulnerabilityImportant (8.8)NetworkLowLowNoneUnprovenAzure Identity SDK for .NET
Azure Identity SDK for Java
Azure Identity SDK for JavaScript
Azure Identity SDK for Python
CVE-2023-36419Azure HDInsight Apache Oozie Workflow Scheduler Elevation of Privilege VulnerabilityImportant (8.8)NetworkLowLowNoneUnprovenAzure HDInsight
CVE-2023-36577Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution VulnerabilityImportant (8.8)NetworkLowNoneRequiredUnprovenWindows 10+
Windows Server 2008+
CVE-2023-36569Microsoft Office Elevation of Privilege VulnerabilityImportant (8.4)LocalLowNoneNoneUnprovenOffice 2019
Office LTSC 2021
Microsoft 365 Apps
CVE-2023-36778Microsoft Exchange Server Remote Code Execution VulnerabilityImportant (8.0)AdjacentLowLowNoneUnprovenExchange 2016 CU23
Exchange 2019 CU12+

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to Top