Patch Tuesday Update - October 2023

By Vulnerability Research Team

Fortra VM will include the Microsoft Patch Tuesday checks in the NIRV 4.29.0 and Agent 2.0 releases.

Microsoft addressed 104 vulnerabilities in this October 2023 release, including 12 rated as Critical and 45 Remote Code Execution vulnerabilities.

  • Three of the CVEs included in this month's release are also being exploited in the wild.
CVE/Advisory Title Tag Microsoft Severity Rating Base Score Microsoft Impact Exploited Publicly Disclosed
CVE-2023-35349 Microsoft Message Queuing Remote Code Execution Vulnerability Windows Message Queuing Critical 9.8 Remote Code Execution No No
CVE-2023-36902 Windows Runtime Remote Code Execution Vulnerability Windows Client/Server Runtime Subsystem Important 7 Remote Code Execution No No
CVE-2023-38171 Microsoft QUIC Denial of Service Vulnerability Microsoft QUIC Important 7.5 Denial of Service No No
CVE-2023-36737 Azure Network Watcher VM Agent Elevation of Privilege Vulnerability Azure Important 7.8 Elevation of Privilege No No
CVE-2023-41763 Skype for Business Elevation of Privilege Vulnerability Skype for Business Important 5.3 Elevation of Privilege Yes Yes
CVE-2023-41765 Layer 2 Tunneling Protocol Remote Code Execution Vulnerability Windows Layer 2 Tunneling Protocol Critical 8.1 Remote Code Execution No No
CVE-2023-41766 Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability Client Server Run-time Subsystem (CSRSS) Important 7.8 Elevation of Privilege No No
CVE-2023-41767 Layer 2 Tunneling Protocol Remote Code Execution Vulnerability Windows Layer 2 Tunneling Protocol Critical 8.1 Remote Code Execution No No
CVE-2023-41768 Layer 2 Tunneling Protocol Remote Code Execution Vulnerability Windows Layer 2 Tunneling Protocol Critical 8.1 Remote Code Execution No No
CVE-2023-41769 Layer 2 Tunneling Protocol Remote Code Execution Vulnerability Windows Layer 2 Tunneling Protocol Critical 8.1 Remote Code Execution No No
CVE-2023-41770 Layer 2 Tunneling Protocol Remote Code Execution Vulnerability Windows Layer 2 Tunneling Protocol Critical 8.1 Remote Code Execution No No
CVE-2023-41771 Layer 2 Tunneling Protocol Remote Code Execution Vulnerability Windows Layer 2 Tunneling Protocol Critical 8.1 Remote Code Execution No No
CVE-2023-41772 Win32k Elevation of Privilege Vulnerability Windows Win32K Important 7.8 Elevation of Privilege No No
CVE-2023-41773 Layer 2 Tunneling Protocol Remote Code Execution Vulnerability Windows Layer 2 Tunneling Protocol Critical 8.1 Remote Code Execution No No
CVE-2023-41774 Layer 2 Tunneling Protocol Remote Code Execution Vulnerability Windows Layer 2 Tunneling Protocol Critical 8.1 Remote Code Execution No No
CVE-2023-36732 Win32k Elevation of Privilege Vulnerability Windows Win32K Important 7.8 Elevation of Privilege No No
CVE-2023-36731 Win32k Elevation of Privilege Vulnerability Windows Win32K Important 7.8 Elevation of Privilege No No
CVE-2023-36730 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability SQL Server Important 7.8 Remote Code Execution No No
CVE-2023-36729 Named Pipe File System Elevation of Privilege Vulnerability Windows Named Pipe File System Important 7.8 Elevation of Privilege No No
CVE-2023-36728 Microsoft SQL Server Denial of Service Vulnerability SQL Server Important 5.5 Denial of Service No No
CVE-2023-36726 Windows Internet Key Exchange (IKE) Extension Elevation of Privilege  Vulnerability Windows IKE Extension Important 7.8 Elevation of Privilege No No
CVE-2023-36725 Windows Kernel Elevation of Privilege Vulnerability Windows NT OS Kernel Important 7.8 Elevation of Privilege No No
CVE-2023-36724 Windows Power Management Service Information Disclosure Vulnerability Windows Power Management Service Important 5.5 Information Disclosure No No
CVE-2023-36723 Windows Container Manager Service Elevation of Privilege Vulnerability Windows Container Manager Service Important 7.8 Elevation of Privilege No No
CVE-2023-36722 Active Directory Domain Services Information Disclosure Vulnerability Active Directory Domain Services Important 4.4 Information Disclosure No No
CVE-2023-36721 Windows Error Reporting Service Elevation of Privilege Vulnerability Windows Error Reporting Important 7 Elevation of Privilege No No
CVE-2023-36720 Windows Mixed Reality Developer Tools Denial of Service Vulnerability Windows Mixed Reality Developer Tools Important 7.5 Denial of Service No No
CVE-2023-36718 Microsoft Virtual Trusted Platform Module Remote Code Execution Vulnerability Windows Virtual Trusted Platform Module Critical 7.8 Remote Code Execution No No
CVE-2023-36717 Windows Virtual Trusted Platform Module Denial of Service Vulnerability Windows TPM Important 6.5 Denial of Service No No
CVE-2023-36713 Windows Common Log File System Driver Information Disclosure Vulnerability Windows Common Log File System Driver Important 5.5 Information Disclosure No No
CVE-2023-36712 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Important 7.8 Elevation of Privilege No No
CVE-2023-36711 Windows Runtime C++ Template Library Elevation of Privilege Vulnerability Windows Runtime C++ Template Library Important 7.8 Elevation of Privilege No No
CVE-2023-36710 Windows Media Foundation Core Remote Code Execution Vulnerability Microsoft Windows Media Foundation Important 7.8 Remote Code Execution No No
CVE-2023-36709 Microsoft AllJoyn API Denial of Service Vulnerability Windows AllJoyn API Important 7.5 Denial of Service No No
CVE-2023-36707 Windows Deployment Services Denial of Service Vulnerability Windows Deployment Services Important 6.5 Denial of Service No No
CVE-2023-36706 Windows Deployment Services Information Disclosure Vulnerability Windows Deployment Services Important 6.5 Information Disclosure No No
CVE-2023-36704 Windows Setup Files Cleanup Remote Code Execution Vulnerability Windows Setup Files Cleanup Important 7.8 Remote Code Execution No No
CVE-2023-36703 DHCP Server Service Denial of Service Vulnerability Windows DHCP Server Important 7.5 Denial of Service No No
CVE-2023-36702 Microsoft DirectMusic Remote Code Execution Vulnerability Windows Microsoft DirectMusic Important 7.8 Remote Code Execution No No
CVE-2023-36701 Microsoft Resilient File System (ReFS) Elevation of Privilege Vulnerability Windows Resilient File System (ReFS) Important 7.8 Elevation of Privilege No No
CVE-2023-36698 Windows Kernel Security Feature Bypass Vulnerability Windows Kernel Important 3.6 Security Feature Bypass No No
CVE-2023-36697 Microsoft Message Queuing Remote Code Execution Vulnerability Windows Message Queuing Critical 6.8 Remote Code Execution No No
CVE-2023-36606 Microsoft Message Queuing Denial of Service Vulnerability Windows Message Queuing Important 7.5 Denial of Service No No
CVE-2023-36605 Windows Named Pipe Filesystem Elevation of Privilege Vulnerability Windows Named Pipe File System Important 7.4 Elevation of Privilege No No
CVE-2023-36603 Windows TCP/IP Denial of Service Vulnerability Windows TCP/IP Important 7.5 Denial of Service No No
CVE-2023-36602 Windows TCP/IP Denial of Service Vulnerability Windows TCP/IP Important 7.5 Denial of Service No No
CVE-2023-36598 Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability SQL Server Important 7.8 Remote Code Execution No No
CVE-2023-36596 Remote Procedure Call Information Disclosure Vulnerability Windows Remote Procedure Call Important 6.5 Information Disclosure No No
CVE-2023-36594 Windows Graphics Component Elevation of Privilege Vulnerability Microsoft Graphics Component Important 7.8 Elevation of Privilege No No
CVE-2023-36593 Microsoft Message Queuing Remote Code Execution Vulnerability Windows Message Queuing Important 7.8 Remote Code Execution No No
CVE-2023-36592 Microsoft Message Queuing Remote Code Execution Vulnerability Windows Message Queuing Important 7.3 Remote Code Execution No No
CVE-2023-36591 Microsoft Message Queuing Remote Code Execution Vulnerability Windows Message Queuing Important 7.3 Remote Code Execution No No
CVE-2023-36590 Microsoft Message Queuing Remote Code Execution Vulnerability Windows Message Queuing Important 7.3 Remote Code Execution No No
CVE-2023-36589 Microsoft Message Queuing Remote Code Execution Vulnerability Windows Message Queuing Important 7.3 Remote Code Execution No No
CVE-2023-36585 Active Template Library Denial of Service Vulnerability Windows Active Template Library Important 7.5 Denial of Service No No
CVE-2023-36584 Windows Mark of the Web Security Feature Bypass Vulnerability Windows Mark of the Web (MOTW) Important 5.4 Security Feature Bypass No No
CVE-2023-36583 Microsoft Message Queuing Remote Code Execution Vulnerability Windows Message Queuing Important 7.3 Remote Code Execution No No
CVE-2023-36582 Microsoft Message Queuing Remote Code Execution Vulnerability Windows Message Queuing Important 7.3 Remote Code Execution No No
CVE-2023-36581 Microsoft Message Queuing Denial of Service Vulnerability Windows Message Queuing Important 7.5 Denial of Service No No
CVE-2023-36579 Microsoft Message Queuing Denial of Service Vulnerability Windows Message Queuing Important 7.5 Denial of Service No No
CVE-2023-36578 Microsoft Message Queuing Remote Code Execution Vulnerability Windows Message Queuing Important 7.3 Remote Code Execution No No
CVE-2023-36577 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Important 8.8 Remote Code Execution No No
CVE-2023-36576 Windows Kernel Information Disclosure Vulnerability Windows Kernel Important 5.5 Information Disclosure No No
CVE-2023-36575 Microsoft Message Queuing Remote Code Execution Vulnerability Windows Message Queuing Important 7.3 Remote Code Execution No No
CVE-2023-36574 Microsoft Message Queuing Remote Code Execution Vulnerability Windows Message Queuing Important 7.3 Remote Code Execution No No
CVE-2023-36573 Microsoft Message Queuing Remote Code Execution Vulnerability Windows Message Queuing Important 7.3 Remote Code Execution No No
CVE-2023-36572 Microsoft Message Queuing Remote Code Execution Vulnerability Windows Message Queuing Important 7.3 Remote Code Execution No No
CVE-2023-36571 Microsoft Message Queuing Remote Code Execution Vulnerability Windows Message Queuing Important 7.3 Remote Code Execution No No
CVE-2023-36570 Microsoft Message Queuing Remote Code Execution Vulnerability Windows Message Queuing Important 7.3 Remote Code Execution No No
CVE-2023-36569 Microsoft Office Elevation of Privilege Vulnerability Microsoft Office Important 8.4 Elevation of Privilege No No
CVE-2023-36568 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability Microsoft Office Important 7 Elevation of Privilege No No
CVE-2023-36567 Windows Deployment Services Information Disclosure Vulnerability Windows Deployment Services Important 7.5 Information Disclosure No No
CVE-2023-36564 Windows Search Security Feature Bypass Vulnerability Microsoft Windows Search Component Important 6.5 Security Feature Bypass No No
CVE-2023-36563 Microsoft WordPad Information Disclosure Vulnerability Microsoft WordPad Important 6.5 Information Disclosure Yes Yes
CVE-2023-36561 Azure DevOps Server Elevation of Privilege Vulnerability Azure DevOps Important 7.3 Elevation of Privilege No No
CVE-2023-36557 PrintHTML API Remote Code Execution Vulnerability Windows HTML Platform Important 7.8 Remote Code Execution No No
CVE-2023-36438 Windows TCP/IP Information Disclosure Vulnerability Windows TCP/IP Important 7.5 Information Disclosure No No
CVE-2023-36435 Microsoft QUIC Denial of Service Vulnerability Microsoft QUIC Important 7.5 Denial of Service No No
CVE-2023-36434 Windows IIS Server Elevation of Privilege Vulnerability Windows IIS Important 9.8 Elevation of Privilege No No
CVE-2023-36433 Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability Microsoft Dynamics Important 6.5 Information Disclosure No No
CVE-2023-36431 Microsoft Message Queuing Denial of Service Vulnerability Windows Message Queuing Important 7.5 Denial of Service No No
CVE-2023-36429 Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability Microsoft Dynamics Important 6.5 Information Disclosure No No
CVE-2023-36420 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability SQL Server Important 7.3 Remote Code Execution No No
CVE-2023-36419 Azure HDInsight Apache Oozie Workflow Scheduler Elevation of Privilege Vulnerability Azure Important 8.8 Elevation of Privilege No No
CVE-2023-36417 Microsoft SQL ODBC Driver Remote Code Execution Vulnerability SQL Server Important 7.8 Remote Code Execution No No
CVE-2023-44487 MITRE: CVE-2023-44487 HTTP/2 Rapid Reset Attack HTTP/2 Important N/A Denial of Service Yes No
CVE-2023-29348 Windows Remote Desktop Gateway (RD Gateway) Information Disclosure Vulnerability Windows RDP Important 6.5 Information Disclosure No No
CVE-2023-38166 Layer 2 Tunneling Protocol Remote Code Execution Vulnerability Windows Layer 2 Tunneling Protocol Critical 8.1 Remote Code Execution No No
CVE-2023-38159 Windows Graphics Component Elevation of Privilege Vulnerability Microsoft Graphics Component Important 7 Elevation of Privilege No No
CVE-2023-36790 Windows RDP Encoder Mirror Driver Elevation of Privilege Vulnerability Windows RDP Important 7.8 Elevation of Privilege No No
CVE-2023-36789 Skype for Business Remote Code Execution Vulnerability Skype for Business Important 7.2 Remote Code Execution No No
CVE-2023-36786 Skype for Business Remote Code Execution Vulnerability Skype for Business Important 7.2 Remote Code Execution No No
CVE-2023-36785 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability SQL Server Important 7.8 Remote Code Execution No No
CVE-2023-36780 Skype for Business Remote Code Execution Vulnerability Skype for Business Important 7.2 Remote Code Execution No No
CVE-2023-36778 Microsoft Exchange Server Remote Code Execution Vulnerability Microsoft Exchange Server Important 8 Remote Code Execution No No
CVE-2023-36776 Win32k Elevation of Privilege Vulnerability Windows Win32K Important 7 Elevation of Privilege No No
CVE-2023-36743 Win32k Elevation of Privilege Vulnerability Windows Win32K Important 7.8 Elevation of Privilege No No
CVE-2023-36566 Microsoft Common Data Model SDK Denial of Service Vulnerability Microsoft Common Data Model SDK Important 6.5 Denial of Service No No
CVE-2023-36565 Microsoft Office Graphics Elevation of Privilege Vulnerability Microsoft Office Important 7 Elevation of Privilege No No
CVE-2023-36436 Windows MSHTML Platform Remote Code Execution Vulnerability Windows HTML Platform Important 7.8 Remote Code Execution No No
CVE-2023-36418 Azure RTOS GUIX Studio Remote Code Execution Vulnerability Azure Real Time Operating System Important 7.8 Remote Code Execution No No
CVE-2023-36416 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Microsoft Dynamics Important 6.1 Spoofing No No
CVE-2023-36415 Azure Identity SDK Remote Code Execution Vulnerability Azure SDK Important 8.8 Remote Code Execution No No
CVE-2023-36414 Azure Identity SDK Remote Code Execution Vulnerability Azure SDK Important 8.8 Remote Code Execution No No

Prioritize the right vulnerabilities and accelerate your time-to-remediation

Watch this 3-minute video to see what Fortra VM can do for you.

WATCH THE VIDEO

Share This