Today’s Microsoft Security Update includes Microsoft Patch Tuesday checks in the NIRV 4.28.0 and Frontline Agent 1.64.0 releases.
- Microsoft addressed 59 vulnerabilities in this release, including five rated as Critical.
- This release also includes three republished non-Microsoft CVEs to address issues in Microsoft Edge (Chromium-based), Visual Studio Code, and 3D Viewer.
- Two of the CVEs fixed in this month's release are also being exploited in the wild.
- CVE-2023-36802
- A privilege escalation vulnerability in the Microsoft Streaming Service Proxy could allow an attacker to gain SYSTEM privileges on the affected system.
- CVE-2023-36761
- This information disclosure vulnerability in Microsoft Word could result in the disclosure of NTLM hashes.
- CVE-2023-36802
| CVE/Advisory | Title | Tag | Microsoft Severity Rating | Base Score | Microsoft Impact | Exploited | Publicly Disclosed |
| CVE-2023-35355 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | Windows Cloud Files Mini Filter Driver | Important | 7.8 | Elevation of Privilege | No | No |
| CVE-2023-38162 | DHCP Server Service Denial of Service Vulnerability | Windows DHCP Server | Important | 7.5 | Denial of Service | No | No |
| CVE-2023-38161 | Windows GDI Elevation of Privilege Vulnerability | Windows GDI | Important | 7.8 | Elevation of Privilege | No | No |
| CVE-2023-38156 | Azure HDInsight Apache Ambari Elevation of Privilege Vulnerability | Azure HDInsights | Important | 7.2 | Elevation of Privilege | No | No |
| CVE-2023-38152 | DHCP Server Service Information Disclosure Vulnerability | Windows DHCP Server | Important | 5.3 | Information Disclosure | No | No |
| CVE-2023-38150 | Windows Kernel Elevation of Privilege Vulnerability | Windows Kernel | Important | 7.8 | Elevation of Privilege | No | No |
| CVE-2023-38149 | Windows TCP/IP Denial of Service Vulnerability | Windows TCP/IP | Important | 7.5 | Denial of Service | No | No |
| CVE-2023-38148 | Internet Connection Sharing (ICS) Remote Code Execution Vulnerability | Windows Internet Connection Sharing (ICS) | Critical | 8.8 | Remote Code Execution | No | No |
| CVE-2023-38147 | Windows Miracast Wireless Display Remote Code Execution Vulnerability | Microsoft Windows Codecs Library | Important | 8.8 | Remote Code Execution | No | No |
| CVE-2023-38146 | Windows Themes Remote Code Execution Vulnerability | Windows Themes | Important | 8.8 | Remote Code Execution | No | No |
| CVE-2023-38144 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Windows Common Log File System Driver | Important | 7.8 | Elevation of Privilege | No | No |
| CVE-2023-38143 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Windows Common Log File System Driver | Important | 7.8 | Elevation of Privilege | No | No |
| CVE-2023-38142 | Windows Kernel Elevation of Privilege Vulnerability | Windows Kernel | Important | 7.8 | Elevation of Privilege | No | No |
| CVE-2023-38141 | Windows Kernel Elevation of Privilege Vulnerability | Windows Kernel | Important | 7.8 | Elevation of Privilege | No | No |
| CVE-2023-38140 | Windows Kernel Information Disclosure Vulnerability | Windows Kernel | Important | 5.5 | Information Disclosure | No | No |
| CVE-2023-38139 | Windows Kernel Elevation of Privilege Vulnerability | Windows Kernel | Important | 7.8 | Elevation of Privilege | No | No |
| CVE-2023-36805 | Windows MSHTML Platform Security Feature Bypass Vulnerability | Windows Scripting | Important | 7 | Security Feature Bypass | No | No |
| CVE-2023-36804 | Windows GDI Elevation of Privilege Vulnerability | Windows GDI | Important | 7.8 | Elevation of Privilege | No | No |
| CVE-2023-36803 | Windows Kernel Information Disclosure Vulnerability | Windows Kernel | Important | 5.5 | Information Disclosure | No | No |
| CVE-2023-36802 | Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability | Microsoft Streaming Service | Important | 7.8 | Elevation of Privilege | Yes | No |
| CVE-2023-36801 | DHCP Server Service Information Disclosure Vulnerability | Windows DHCP Server | Important | 5.3 | Information Disclosure | No | No |
| CVE-2023-36767 | Microsoft Office Security Feature Bypass Vulnerability | Microsoft Office | Important | 4.3 | Security Feature Bypass | No | No |
| CVE-2023-36766 | Microsoft Excel Information Disclosure Vulnerability | Microsoft Office Excel | Important | 7.8 | Information Disclosure | No | No |
| CVE-2023-36765 | Microsoft Office Elevation of Privilege Vulnerability | Microsoft Office | Important | 7.8 | Elevation of Privilege | No | No |
| CVE-2023-36759 | Visual Studio Elevation of Privilege Vulnerability | Visual Studio | Important | 6.7 | Elevation of Privilege | No | No |
| CVE-2023-36758 | Visual Studio Elevation of Privilege Vulnerability | Visual Studio | Important | 7.8 | Elevation of Privilege | No | No |
| CVE-2023-36757 | Microsoft Exchange Server Spoofing Vulnerability | Microsoft Exchange Server | Important | 8 | Spoofing | No | No |
| CVE-2023-36756 | Microsoft Exchange Server Remote Code Execution Vulnerability | Microsoft Exchange Server | Important | 8 | Remote Code Execution | No | No |
| CVE-2023-36745 | Microsoft Exchange Server Remote Code Execution Vulnerability | Microsoft Exchange Server | Important | 8 | Remote Code Execution | No | No |
| CVE-2023-36744 | Microsoft Exchange Server Remote Code Execution Vulnerability | Microsoft Exchange Server | Important | 8 | Remote Code Execution | No | No |
| CVE-2023-36742 | Visual Studio Code Remote Code Execution Vulnerability | Visual Studio Code | Important | 7.8 | Remote Code Execution | No | No |
| CVE-2023-36736 | Microsoft Identity Linux Broker Remote Code Execution Vulnerability | Microsoft Identity Linux Broker | Important | 4.4 | Remote Code Execution | No | No |
| CVE-2023-41764 | Microsoft Office Spoofing Vulnerability | Microsoft Office | Moderate | 5.5 | Spoofing | No | No |
| CVE-2022-41303 | AutoDesk: CVE-2022-41303 use-after-free vulnerability in Autodesk® FBX® SDK 2020 or prior | 3D Viewer | Important | N/A | Remote Code Execution | No | No |
| CVE-2023-29332 | Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability | Microsoft Azure Kubernetes Service | Critical | 7.5 | Elevation of Privilege | No | No |
| CVE-2023-33136 | Azure DevOps Server Remote Code Execution Vulnerability | Azure DevOps | Important | 8.8 | Remote Code Execution | No | No |
| CVE-2023-36886 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Microsoft Dynamics | Important | 7.6 | Spoofing | No | No |
| CVE-2023-38164 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Microsoft Dynamics | Important | 7.6 | Spoofing | No | No |
| CVE-2023-38163 | Windows Defender Attack Surface Reduction Security Feature Bypass | Windows Defender | Important | 7.8 | Security Feature Bypass | No | No |
| CVE-2023-38160 | Windows TCP/IP Information Disclosure Vulnerability | Windows TCP/IP | Important | 5.5 | Information Disclosure | No | No |
| CVE-2023-38155 | Azure DevOps Server Remote Code Execution Vulnerability | Azure DevOps | Important | 7 | Elevation of Privilege | No | No |
| CVE-2023-36800 | Dynamics Finance and Operations Cross-site Scripting Vulnerability | Microsoft Dynamics Finance & Operations | Important | 7.6 | Spoofing | No | No |
| CVE-2023-36799 | .NET Core and Visual Studio Denial of Service Vulnerability | .NET Core & Visual Studio | Important | 6.5 | Denial of Service | No | No |
| CVE-2023-36796 | Visual Studio Remote Code Execution Vulnerability | .NET and Visual Studio | Important/Critical | 7.8 | Remote Code Execution | No | No |
| CVE-2023-36794 | Visual Studio Remote Code Execution Vulnerability | .NET and Visual Studio | Important | 7.8 | Remote Code Execution | No | No |
| CVE-2023-36793 | Visual Studio Remote Code Execution Vulnerability | .NET and Visual Studio | Important/Critical | 7.8 | Remote Code Execution | No | No |
| CVE-2023-36792 | Visual Studio Remote Code Execution Vulnerability | .NET and Visual Studio | Important/Critical | 7.8 | Remote Code Execution | No | No |
| CVE-2023-36788 | .NET Framework Remote Code Execution Vulnerability | .NET Framework | Important | 7.8 | Remote Code Execution | No | No |
| CVE-2023-36777 | Microsoft Exchange Server Information Disclosure Vulnerability | Microsoft Exchange Server | Important | 5.7 | Information Disclosure | No | No |
| CVE-2023-36773 | 3D Builder Remote Code Execution Vulnerability | 3D Builder | Important | 7.8 | Remote Code Execution | No | No |
| CVE-2023-36772 | 3D Builder Remote Code Execution Vulnerability | 3D Builder | Important | 7.8 | Remote Code Execution | No | No |
| CVE-2023-36771 | 3D Builder Remote Code Execution Vulnerability | 3D Builder | Important | 7.8 | Remote Code Execution | No | No |
| CVE-2023-36770 | 3D Builder Remote Code Execution Vulnerability | 3D Builder | Important | 7.8 | Remote Code Execution | No | No |
| CVE-2023-36764 | Microsoft SharePoint Server Elevation of Privilege Vulnerability | Microsoft Office SharePoint | Important | 8.8 | Elevation of Privilege | No | No |
| CVE-2023-36763 | Microsoft Outlook Information Disclosure Vulnerability | Microsoft Office Outlook | Important | 7.5 | Information Disclosure | No | No |
| CVE-2023-36762 | Microsoft Word Remote Code Execution Vulnerability | Microsoft Office Word | Important | 7.3 | Remote Code Execution | No | No |
| CVE-2023-36761 | Microsoft Word Information Disclosure Vulnerability | Microsoft Office Word | Important | 6.2 | Information Disclosure | Yes | Yes |
| CVE-2023-36760 | 3D Viewer Remote Code Execution Vulnerability | 3D Viewer | Important | 7.8 | Remote Code Execution | No | No |
| CVE-2023-39956 | Electron: CVE-2023-39956 -Visual Studio Code Remote Code Execution Vulnerability | Visual Studio Code | Important | N/A | Remote Code Execution | No | No |
| CVE-2023-36740 | 3D Viewer Remote Code Execution Vulnerability | 3D Viewer | Important | 7.8 | Remote Code Execution | No | No |
| CVE-2023-36739 | 3D Viewer Remote Code Execution Vulnerability | 3D Viewer | Important | 7.8 | Remote Code Execution | No | No |
| CVE-2023-4863 | Chromium: CVE-2023-4863 Heap buffer overflow in WebP | Microsoft Edge (Chromium-based) | N/A |
Prioritize the right vulnerabilities and accelerate your time-to-remediation
Watch this 3-minute video to see what Frontline VM can do for you.