October 11, 2023 at 03:12AM
Microsoft has released its October 2023 Patch Tuesday updates, addressing 103 flaws, two of which are actively being exploited. Among the vulnerabilities are information disclosure in Microsoft WordPad and privilege escalation in Skype for Business. Microsoft also fixed flaws in Microsoft Message Queuing and Layer 2 Tunneling Protocol. Additionally, Microsoft has announced the deprecation of Visual Basic Script in future releases of Windows. Other vendors have also released security updates to address vulnerabilities.
Meeting Takeaways:
– Microsoft has released its Patch Tuesday updates for October 2023, addressing a total of 103 flaws in its software.
– Two of these vulnerabilities have been actively exploited in the wild.
– The vulnerabilities are CVE-2023-36563 (information disclosure in Microsoft WordPad) and CVE-2023-41763 (privilege escalation in Skype for Business).
– An attacker would need to log on to the system and run a specially crafted application to exploit these vulnerabilities.
– Microsoft has also fixed flaws in Microsoft Message Queuing (MSMQ) and Layer 2 Tunneling Protocol, which could lead to remote code execution and denial-of-service attacks.
– A severe privilege escalation bug in Windows IIS Server (CVE-2023-36434) has been resolved.
– An update has been released for CVE-2023-44487, also known as the HTTP/2 Rapid Reset attack, which has been exploited for DDoS attacks.
– Microsoft has announced the deprecation of Visual Basic Script (VBScript) in future releases of Windows.
Please let me know if you need any further information or assistance.