What is New in KB5030219- September Cumulative Update for Windows 11?

On 12th Sep, Microsoft released its monthly Patch Tuesday security updates for September 2023, addressing vulnerabilities across many products. This month’s updates cover 59 total flaws, lower than the typical average of around 70. However, what this Patch Tuesday lacks in volume, it makes up for in severity.

Two actively exploited zero-day vulnerabilities are fixed in this release, both of which are being used in attacks in the wild. The vulnerability categories trend appears to be continued, with 24 out of 59 bugs are identified as remote code execution flaws that could be exploited to take full control of affected systems.

Notably, Microsoft has released fixes for 65 vulnerabilities in its September 2023 Patch Tuesday report, out of which 5 were rated Critical, and 5 were Microsoft Edge (Chromium) vulnerabilities.

As always, we’ll focus our analysis on the most urgent vulnerabilities that need to be addressed. The 2 zero-days, 5 critical, and remote code executions deserve priority for testing and deployment of these security updates. Both of the zero-days rank on the lower end of severity ratings, but their active exploitation makes them a high priority.

Overall, while not the largest Patch Tuesday, the actively attacked zero-days and remote code execution vulnerabilities make the September 2023 Patch Tuesday particularly important. Diligent patching is advised, especially for the highlighted flaws, to ensure systems are not open to compromise. We’ll break down the key details of this month’s Patch Tuesday in the sections below. Please scroll down for more details.

Key Highlights- Patch Tuesday September 2023

The September 2023 Patch Tuesday release contains 2 zero-day vulnerabilities; both are actively being exploited in the wild, and one of the flaws has public disclosure of exploitation. In addition to the RCE flaws, this release addressed privilege escalation bugs, Security Feature Bypass, information disclosure issues, spoofing weaknesses, and denial of service vulnerabilities across a wide range of Microsoft products.

Key affected products include Windows, Internet Explorer, Office, Exchange Server, SQL Server, Visual Studio, and Microsoft Dynamics. Administrators and end users are advised to apply these security updates as soon as possible to ensure systems are not vulnerable to any of the fixed flaws.

See also  What Is Windows Sysinternals? How to Get the Sysinternals Suite?

Key Highlights are:

The key highlights of the September 2023 Patch Tuesday include:

  • 59 total vulnerabilities were fixed
  • 24 critical remote code execution vulnerabilities
  • 5 vulnerabilities rated as Critical severity
  • 2 actively exploited zero-day vulnerabilities were patched:
    • CVE-2023-36802 – Microsoft Streaming Service Proxy Elevation of Privilege
    • CVE-2023-36761 – Microsoft Word Information Disclosure

Vulnerabilities by Category

The complete list of 65 vulnerabilities is classified into 6 categories. Remote Code Execution Vulnerability has been identified as the most common vulnerability, occurring 24 times, while Denial of Service Vulnerability is the least frequent vulnerability, occurring only 3 times. Please refer to the below chart for complete details on all categories of vulnerabilities:

The September 2023 Microsoft vulnerabilities are classified as follows:

Vulnerability Category Quantity Severities
Spoofing Vulnerability 5 Important: 4
Denial of Service Vulnerability 3 Important: 3
Elevation of Privilege Vulnerability 17 Critical: 1Important: 16
Information Disclosure Vulnerability 9 Important: 9
Security Feature Bypass Vulnerability 4 Important: 4
Remote Code Execution Vulnerability 24 Critical: 4Important: 19
Patch Tuesday September 2023 - Vulnerabilities by Category
Vulnerability Category CVE IDs
Elevation of Privilege CVE-2023-38156
CVE-2023-29332
CVE-2023-36765
CVE-2023-36764
CVE-2023-36802
CVE-2023-36758
CVE-2023-36759
CVE-2023-35355
CVE-2023-38143
CVE-2023-38144
CVE-2023-36804
CVE-2023-38161
CVE-2023-38141
CVE-2023-38142
CVE-2023-38139
CVE-2023-38150
Security Feature Bypass CVE-2023-36767
CVE-2023-38163
CVE-2023-36805
Remote Code Execution CVE-2023-36794
CVE-2023-36796
CVE-2023-36792
CVE-2023-36793
CVE-2023-36788
CVE-2023-36772
CVE-2023-36771
CVE-2023-36770
CVE-2023-36773
CVE-2023-36760
CVE-2023-36740
CVE-2023-36739
CVE-2023-33136
CVE-2023-38155
CVE-2023-36744
CVE-2023-36756
CVE-2023-36745
CVE-2023-36736
CVE-2023-36762
CVE-2023-38147
CVE-2023-36742
CVE-2023-39956
CVE-2023-38148
CVE-2023-38146
Information Disclosure CVE-2023-36777
CVE-2023-36766
CVE-2023-36763
CVE-2023-36761
CVE-2023-38152
CVE-2023-36801
CVE-2023-38140
CVE-2023-36803
CVE-2023-38160
Denial of Service CVE-2023-36799
CVE-2023-38162
CVE-2023-38149
Spoofing CVE-2023-36757
CVE-2023-41764

List of Products Patched in September 2023 Patch Tuesday Report

Microsoft’s September 2023 Patch Tuesday includes updates for a broad range of its products, applications, and services. Here are the applications and product components that have received patches:

  • .NET and Visual Studio
  • .NET Core & Visual Studio
  • .NET Framework
  • 3D Builder
  • 3D Viewer
  • Azure DevOps
  • Azure HDInsights
  • Microsoft Azure Kubernetes Service
  • Microsoft Dynamics
  • Microsoft Dynamics Finance & Operations
  • Microsoft Exchange Server
  • Microsoft Identity Linux Broker
  • Microsoft Office
  • Microsoft Office Excel
  • Microsoft Office Outlook
  • Microsoft Office SharePoint
  • Microsoft Office Word
  • Microsoft Streaming Service
  • Microsoft Windows Codecs Library
  • Visual Studio
  • Visual Studio Code
  • Windows Cloud Files Mini Filter Driver
  • Windows Common Log File System Driver
  • Windows Defender
  • Windows DHCP Server
  • Windows GDI
  • Windows Internet Connection Sharing (ICS)
  • Windows Kernel
  • Windows Scripting
  • Windows TCP/IP
  • Windows Themes
See also  How Hackers Can Steal Your Passwords!

List of Actively Exploited Vulnerabilities Patched in September 2023 Patch Tuesday

Two zero-day vulnerabilities that were being actively exploited in attacks were addressed by Microsoft in the September Patch Tuesday updates. These threats add critical urgency for enterprises to test and deploy the released patches:

CVE-2023-36761 – Microsoft Word Remote Code Execution

This RCE flaw in Word could enable attackers to disclose NTLM password hashes simply by getting victims to open a malicious document. With the preview pane as a vector, no other interaction is needed.  The stolen hashes could then be cracked or used in NTLM relay attacks to gain unauthorized access. Threat actors were already exploiting this bug in the wild prior to disclosure. This flaw has been assigned a CVSSv3 score of 6.2 on the scale of 10 and is rated important.

CVE-2023-36802 – Microsoft Streaming Service Proxy Elevation of Privilege

The streaming service proxy contains a wormable EoP vulnerability that was exploited as a zero-day. Successful attacks could result in threat actors gaining SYSTEM-level privileges on Windows servers. The ease of exploitation makes this a prime target. This flaw has been assigned a CVSSv3 score of 7.8 on a scale of 10 and is rated important. The vulnerability was reported by multiple sources, including Quan Jin, ze0r, DBAPPSecurity WeBin Lab, Valentina Palmiotti of IBM X-Force, Microsoft Threat Intelligence, and Microsoft Security Response Center.

Both of these active zero-days require immediate attention. All organizations using Microsoft Word or the streaming service should treat testing and patching these issues as the utmost priority. Delaying remediation leaves a massive window open for threat actors to infiltrate networks and gain control over systems.

Given the severity and active targeting, most enterprises will need to immediately schedule patching for these two September zero-days upon release of the fixes from Microsoft. We expect to see quick adoption rates as administrators work rapidly to close these critical vulnerabilities.

List of Critical Vulnerabilities Patched in September 2023 Patch Tuesday

Microsoft addressed 5 critical severity vulnerabilities in the September 2023 Patch Tuesday updates. These flaws deserve prompt attention due to their potential impact.

See also  How Do I Get Microsoft Copilot on Windows 11?
Sl. No CVE ID Severity CVSS Description Actively Exploited Patch status
1 CVE-2023-36796 Critical NA Remote Code Execution Vulnerability in Microsoft Visual Studio No Available
2 CVE-2023-36792 Critical NA Remote Code Execution Vulnerability in Microsoft Visual Studio No Available
3 CVE-2023-36793 Critical NA Remote Code Execution Vulnerability in Microsoft Visual Studio No Available
4 CVE-2023-29332 Critical NA Elevation of Privilege Vulnerability in Microsoft Azure Kubernetes Service No Available
5 CVE-2023-38148 Critical NA Remote Code Execution Vulnerability in Internet Connection Sharing (ICS) No Available

CVE-2023-38148 – Internet Connection Sharing (ICS) Remote Code Execution Vulnerability

This critical remote code execution vulnerability in the Windows Internet Connection Sharing (ICS) service could allow an unauthenticated attacker to execute arbitrary code on a vulnerable system. The vulnerability is exploitable when ICS is enabled.

CVE-2023-36792, CVE-2023-36793, CVE-2023-36796 – Visual Studio Remote Code Execution Vulnerabilities

These three critical remote code execution flaws exist in Visual Studio and could enable an attacker to execute arbitrary code by convincing a user to open a malicious file. Microsoft rates the exploitability as low due to the need for user interaction.

CVE-2023-29332 – Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability

This critical vulnerability in Azure Kubernetes Service can be exploited remotely to gain elevated Cluster Administrator privileges. The flaw does not require any privileges to exploit.These critical vulnerabilities allow remote code execution or elevation of privilege. They should be prioritized for patching to prevent potential compromise of affected systems. The ICS and Azure Kubernetes Service flaws can be exploited remotely with low complexity, making them particularly concerning.

Complete List of Vulnerabilities Patched in September 2023 Patch Tuesday

If you wish to download the complete list of vulnerabilities patched in September 2023 Patch Tuesday, you can do it from here. 

Microsoft Exchange Server

CVEID Title Exploited Publicly disclosed CVSSv3 base score
CVE-2023-36744 Microsoft Exchange Server Remote Code Execution Vulnerability Exploitation More Likely Yes 8
CVE-2023-36756 Microsoft Exchange Server Remote Code Execution Vulnerability Exploitation More Likely Yes 8
CVE-2023-36745 Microsoft Exchange Server Remote Code Execution Vulnerability Exploitation More Likely Yes 8
CVE-2023-36777 Microsoft Exchange Server Information Disclosure Vulnerability Exploitation More Likely Yes 5.7
CVE-2023-36757 Microsoft Exchange Server Spoofing Vulnerability Exploitation Less Likely Yes 8

Windows Kernel

CVEID Title Exploited Publicly disclosed CVSSv3 base score
CVE-2023-38141 Windows Kernel Elevation of Privilege Vulnerability Exploitation Less Likely Yes 7.8
CVE-2023-38142 Windows Kernel Elevation of Privilege Vulnerability Exploitation More Likely Yes 7.8
CVE-2023-38139 Windows Kernel Elevation of Privilege Vulnerability Exploitation Less Likely Yes 7.8
CVE-2023-38140 Windows Kernel Information Disclosure Vulnerability Exploitation Less Likely Yes 5.5
CVE-2023-38150 Windows Kernel Elevation of Privilege Vulnerability Exploitation Less Likely Yes 7.8
CVE-2023-36803 Windows Kernel Information Disclosure Vulnerability Exploitation Less Likely Yes 5.5

Windows DHCP Server

CVEID Title Exploited Publicly disclosed CVSSv3 base score
CVE-2023-38152 DHCP Server Service Information Disclosure Vulnerability Exploitation More Likely Yes 5.3
CVE-2023-38162 DHCP Server Service Denial of Service Vulnerability Exploitation Less Likely No 7.5
CVE-2023-36801 DHCP Server Service Information Disclosure Vulnerability Exploitation Less Likely Yes 5.3

Microsoft Office Word

CVEID Title Exploited Publicly disclosed CVSSv3 base score
CVE-2023-36761 Microsoft Word Information Disclosure Vulnerability Exploitation Detected Yes 6.2
CVE-2023-36762 Microsoft Word Remote Code Execution Vulnerability Exploitation Unlikely Yes 7.3

Visual Studio

CVEID Title Exploited Publicly disclosed CVSSv3 base score
CVE-2023-36758 Visual Studio Elevation of Privilege Vulnerability Exploitation Less Likely Yes 7.8
CVE-2023-36759 Visual Studio Elevation of Privilege Vulnerability Exploitation Less Likely Yes 6.7

.NET and Visual Studio

CVEID Title Exploited Publicly disclosed CVSSv3 base score
CVE-2023-36794 Visual Studio Remote Code Execution Vulnerability Exploitation Less Likely Yes 7.8
CVE-2023-36796 Visual Studio Remote Code Execution Vulnerability Exploitation Less Likely Yes 7.8
CVE-2023-36792 Visual Studio Remote Code Execution Vulnerability Exploitation Less Likely Yes 7.8
CVE-2023-36793 Visual Studio Remote Code Execution Vulnerability Exploitation Less Likely Yes 7.8

.NET Core & Visual Studio

CVEID Title Exploited Publicly disclosed CVSSv3 base score
CVE-2023-36799 .NET Core and Visual Studio Denial of Service Vulnerability Exploitation Less Likely Yes 6.5

.NET Framework

CVEID Title Exploited Publicly disclosed CVSSv3 base score
CVE-2023-36788 .NET Framework Remote Code Execution Vulnerability Exploitation Less Likely Yes 7.8

3D Builder

CVEID Title Exploited Publicly disclosed CVSSv3 base score
CVE-2023-36772 3D Builder Remote Code Execution Vulnerability Exploitation Less Likely Yes 7.8
CVE-2023-36771 3D Builder Remote Code Execution Vulnerability Exploitation Less Likely Yes 7.8
CVE-2023-36770 3D Builder Remote Code Execution Vulnerability Exploitation Less Likely Yes 7.8
CVE-2023-36773 3D Builder Remote Code Execution Vulnerability Exploitation Less Likely Yes 7.8

3D Viewer

CVEID Title Exploited Publicly disclosed CVSSv3 base score
CVE-2022-41303 AutoDesk: CVE-2022-41303 use-after-free vulnerability in Autodesk® FBX® SDK 2020 or prior Exploitation Less Likely Yes Important
CVE-2023-36760 3D Viewer Remote Code Execution Vulnerability Exploitation Less Likely Yes 7.8
CVE-2023-36740 3D Viewer Remote Code Execution Vulnerability Exploitation Unlikely Yes 7.8
CVE-2023-36739 3D Viewer Remote Code Execution Vulnerability Exploitation Unlikely Yes 7.8

Azure DevOps

CVEID Title Exploited Publicly disclosed CVSSv3 base score
CVE-2023-33136 Azure DevOps Server Remote Code Execution Vulnerability Exploitation Less Likely Yes 8.8
CVE-2023-38155 Azure DevOps Server Remote Code Execution Vulnerability Exploitation Less Likely Yes 7

Azure HDInsights

CVEID Title Exploited Publicly disclosed CVSSv3 base score
CVE-2023-38156 Azure HDInsight Apache Ambari Elevation of Privilege Vulnerability Exploitation Less Likely Yes 7.2

Microsoft Azure Kubernetes Service

CVEID Title Exploited Publicly disclosed CVSSv3 base score
CVE-2023-29332 Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability Exploitation Less Likely Yes 7.5

Microsoft Dynamics

CVEID Title Exploited Publicly disclosed CVSSv3 base score
CVE-2023-38164 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Exploitation Less Likely Yes 7.6
CVE-2023-36886 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Exploitation Less Likely Yes 7.6

Microsoft Dynamics Finance & Operations

CVEID Title Exploited Publicly disclosed CVSSv3 base score
CVE-2023-36800 Dynamics Finance and Operations Cross-site Scripting Vulnerability Exploitation Less Likely Yes 7.6

Microsoft Edge (Chromium-based)

CVEID Title Exploited Publicly disclosed CVSSv3 base score
CVE-2023-4863 Chromium: CVE-2023-4863 Heap buffer overflow in WebP Unknown Yes Unknown
CVE-2023-4763 Chromium: CVE-2023-4763 Use after free in Networks Unknown Yes Unknown
CVE-2023-4761 Chromium: CVE-2023-4761 Out of bounds memory access in FedCM Unknown Yes Unknown
CVE-2023-4764 Chromium: CVE-2023-4764 Incorrect security UI in BFCache Unknown Yes Unknown
CVE-2023-4762 Chromium: CVE-2023-4762 Type Confusion in V8 Unknown Yes Unknown

Microsoft Identity Linux Broker

CVEID Title Exploited Publicly disclosed CVSSv3 base score
CVE-2023-36736 Microsoft Identity Linux Broker Remote Code Execution Vulnerability Exploitation Less Likely Yes 4.4

Microsoft Office

CVEID Title Exploited Publicly disclosed CVSSv3 base score
CVE-2023-36767 Microsoft Office Security Feature Bypass Vulnerability Exploitation Less Likely Yes 4.3
CVE-2023-36765 Microsoft Office Elevation of Privilege Vulnerability Exploitation Less Likely Yes 7.8

Microsoft Office Excel

CVEID Title Exploited Publicly disclosed CVSSv3 base score
CVE-2023-36766 Microsoft Excel Information Disclosure Vulnerability Exploitation Less Likely Yes 7.8

Microsoft Office Outlook

CVEID Title Exploited Publicly disclosed CVSSv3 base score
CVE-2023-36763 Microsoft Outlook Information Disclosure Vulnerability Exploitation Less Likely Yes 7.5

Microsoft Office SharePoint

CVEID Title Exploited Publicly disclosed CVSSv3 base score
CVE-2023-36764 Microsoft SharePoint Server Elevation of Privilege Vulnerability Exploitation Less Likely Yes 8.8

Microsoft Streaming Service

CVEID Title Exploited Publicly disclosed CVSSv3 base score
CVE-2023-36802 Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability Exploitation Detected Yes 7.8

Microsoft Windows Codecs Library

CVEID Title Exploited Publicly disclosed CVSSv3 base score
CVE-2023-38147 Windows Miracast Wireless Display Remote Code Execution Vulnerability Exploitation Less Likely Yes 8.8

Visual Studio Code

CVEID Title Exploited Publicly disclosed CVSSv3 base score
CVE-2023-36742 Visual Studio Code Remote Code Execution Vulnerability Exploitation Less Likely Yes 7.8
CVE-2023-39956 Electron: CVE-2023-39956 -Visual Studio Code Remote Code Execution Vulnerability Exploitation Less Likely Yes Important

Windows Cloud Files Mini Filter Driver

CVEID Title Exploited Publicly disclosed CVSSv3 base score
CVE-2023-35355 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Exploitation Less Likely Yes 7.8

Windows Common Log File System Driver

CVEID Title Exploited Publicly disclosed CVSSv3 base score
CVE-2023-38143 Windows Common Log File System Driver Elevation of Privilege Vulnerability Exploitation More Likely Yes 7.8
CVE-2023-38144 Windows Common Log File System Driver Elevation of Privilege Vulnerability Exploitation More Likely Yes 7.8

Windows Defender

CVEID Title Exploited Publicly disclosed CVSSv3 base score
CVE-2023-38163 Windows Defender Attack Surface Reduction Security Feature Bypass Exploitation Less Likely Yes 7.8

Windows GDI

CVEID Title Exploited Publicly disclosed CVSSv3 base score
CVE-2023-36804 Windows GDI Elevation of Privilege Vulnerability Exploitation More Likely Yes 7.8
CVE-2023-38161 Windows GDI Elevation of Privilege Vulnerability Exploitation More Likely Yes 7.8

Windows Internet Connection Sharing (ICS)

CVEID Title Exploited Publicly disclosed CVSSv3 base score
CVE-2023-38148 Internet Connection Sharing (ICS) Remote Code Execution Vulnerability Exploitation More Likely Yes 8.8

Windows Scripting

CVEID Title Exploited Publicly disclosed CVSSv3 base score
CVE-2023-36805 Windows MSHTML Platform Security Feature Bypass Vulnerability Exploitation Less Likely Yes 7

Windows TCP/IP

CVEID Title Exploited Publicly disclosed CVSSv3 base score
CVE-2023-38160 Windows TCP/IP Information Disclosure Vulnerability Exploitation More Likely Yes 5.5
CVE-2023-38149 Windows TCP/IP Denial of Service Vulnerability Exploitation Less Likely No 7.5

Windows Themes

CVEID Title Exploited Publicly disclosed CVSSv3 base score
CVE-2023-38146 Windows Themes Remote Code Execution Vulnerability Exploitation Less Likely Yes 8.8

Bottom Line

The September 2023 Patch Tuesday release contains important security updates for a wide range of Microsoft products. With 59 vulnerabilities addressed, including 24 remote code executions, system administrators should prioritize testing and deployment of these fixes.This month’s Patch Tuesday fixes two actively exploited zero-day vulnerabilities: CVE-2023-36802 in Microsoft Streaming Service Proxy and CVE-2023-36761 in Microsoft Word. Microsoft rated five vulnerabilities as ‘Critical,’ including four remote code execution flaws and an Azure Kubernetes Service elevation of privilege vulnerability.

Leave a Reply

Your email address will not be published. Required fields are marked *