Microsoft Monthly Security Update – 11 October 2023

In Cyber Security by Matsco Engineering Team

 

Microsoft have released a security advisory on the 11th of October 2023 in line with their regular monthly patch schedule which includes a number of updates to address two (2) Extremely High Risk, One (1) High Risk, five (5) Medium Risk and one (1) Low Risk product vulnerabilities. 

These updates address vulnerabilities which may impact services through Denial of Service, Elevation of Privilege, Remote Code Execution, Security Restriction Bypass, Information Disclosure and Spoofing. 

For more information please see: Microsoft Security Update

This release consists of security updates for the following products, features and roles:

  • Windows RDP
  • Windows Message Queuing
  • Azure SDK
  • Microsoft Dynamics
  • SQL Server
  • Azure Real Time Operating System
  • Azure
  • Windows IIS
  • Microsoft QUIC
  • Windows HTML Platform
  • Windows TCP/IP
  • Azure DevOps
  • Microsoft WordPad
  • Microsoft Windows Search Component
  • Microsoft Office
  • Microsoft Common Data Model SDK
  • Windows Deployment Services
  • Windows Kernel
  • Microsoft WDAC OLE DB provider for SQL
  • Windows Mark of the Web (MOTW)
  • Windows Active Template Library
  • Microsoft Graphics Component
  • Windows Remote Procedure Call
  • Windows Named Pipe File System
  • Windows Resilient File System (ReFS)
  • Windows Microsoft DirectMusic
  • Windows DHCP Server
  • Windows Setup Files Cleanup
  • Windows AllJoyn API
  • Microsoft Windows Media Foundation
  • Windows Runtime C++ Template Library
  • Windows Common Log File System Driver
  • Windows TPM
  • Windows Virtual Trusted Platform Module
  • Windows Mixed Reality Developer Tools
  • Windows Error Reporting
  • Active Directory Domain Services
  • Windows Container Manager Service
  • Windows Power Management Service
  • Windows NT OS Kernel
  • Windows IKE Extension
  • Windows Win32K
  • Microsoft Exchange Server
  • Skype for Business
  • Windows Client/Server Runtime Subsystem
  • Windows Layer 2 Tunneling Protocol
  • Client Server Run-time Subsystem (CSRSS)

 

CVE-2023-36563 – Microsoft WordPad Information Disclosure Vulnerability is being exploited in the wild.

CVE-2023-44487 – MITRE: CVE-2023-44487 HTTP/2 Rapid Reset Attack is being exploited in the wild.

CVE-2023-41763 – Microsoft WordPad Information Disclosure Vulnerability is being exploited in the wild

 

Matsco recommends any affected systems are updated as soon as convenient 

Please contact the Matsco Solutions team on the below if you would like any further information or would like to schedule a maintenance.

support@matscosolutions.com

Beijing  +86 400 120 2782
Hong Kong  +852 8101 8418
London   +44 (0)20 7821 4950
New York  +1 866 446 9226
Singapore  +65 6100 1090

Share this Post