Microsoft September 2023 Patch Tuesday fixed 2 actively exploited zero-day flaws

Microsoft September 2023 Patch Tuesday addressed 59 new flaws, including two vulnerabilities under active attack.

Microsoft September 2023 Patch Tuesday security updates addressed 59 vulnerabilities, including two actively exploited zero-day.

The flaws addressed by the company impact Microsoft Windows and Windows Components; Exchange Server; Office and Office Components; .NET and Visual Studio; Azure; Microsoft Dynamics; and Windows Defender.

The company also addressed two external bugs and four Chromium bugs.

Five of the vulnerabilities fixed by the IT giant are rated Critical, 55 are rated Important, and one is rated Moderate in severity.

“Two of the CVEs released today are listed as being under active attack at the time of release while only one is listed as publicly known.” reported ZDI.

The two actively exploited zero-day vulnerabilities are:

• CVE-2023-36802 – Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability – An attacker can trigger the vulnerability to gain SYSTEM privileges.
• CVE-2023-36761 – Microsoft Word Information Disclosure Vulnerability – An attacker can exploit this vulnerability to lead the disclosure of NTLM hashes

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Microsoft September 2023 Patch Tuesday)