Microsoft Responds to Threat Landscape: August 2023 Patch Insights

Reading Time: ( Word Count: )

August 9, 2023
Nextdoorsec-course

In its August 2023 Patch Tuesday release, Microsoft addressed 74 software vulnerabilities, a decline from the previous month’s 132 fixes. The update covers six critical and 67 important security vulnerabilities.

Two significant defense-in-depth updates were released, including one for Microsoft Office (ADV230003) and another for the Memory Integrity System Readiness Scan Tool (ADV230004).

Since the last update, Microsoft resolved 31 issues in its Chromium-based Edge browser and a notable side-channel vulnerability in certain AMD processor models (CVE-2023-20569, dubbed “Inception”).

Also Read: Allies or Adversaries? North Korea’s Cyber Espionage on Russian Soil

Noteworthy Details:

  • The ADV230003 update pertains to a previously identified vulnerability, CVE-2023-36884. This security flaw, associated with remote code execution in both Office and Windows HTML, was exploited by the RomCom threat actor linked to Russia. The attacks were primarily against Ukraine and pro-Ukraine targets in Eastern Europe and North America. Microsoft assures that this new patch effectively disrupts the threat.
  • ADV230004, the update for the Memory Integrity System Readiness scan tool, addresses a public bug. This tool initially lacked an RSRC section, which is essential for a module’s resource information.
  • Issues involving six denial-of-service (DoS) and two information disclosure vulnerabilities in MSMQ have also been addressed.
Microsoft Responds to Threat Landscape
  • Three significant vulnerabilities (CVE-2023-35388, CVE-2023-38182, and CVE-2023-38185) in the Exchange Server were resolved. Notably, the first two come with an “Exploitation More Likely” tag. Natalie Silva, Immersive Labs’ lead content engineer, commented on the need for adjacent attack vectors and valid exchange credentials for potential exploitation.
  • A proof-of-concept (PoC) exploit concerning a DoS vulnerability in .NET and Visual Studio (CVE-2023-38180) was acknowledged by Microsoft. However, the tech giant clarified its limited functionality.
  • Lastly, Microsoft released patches for five privilege escalation flaws in the Windows Kernel. These vulnerabilities can be exploited by local threat actors aiming for SYSTEM privileges.

This release further emphasizes Microsoft’s commitment to ensuring software security for its users and responding promptly to identified threats.

Saher

Saher

Author

Saher is a cybersecurity researcher with a passion for innovative technology and AI. She explores the intersection of AI and cybersecurity to stay ahead of evolving threats.

Other interesting articles

Amazon Mistakenly Sends Out Gift Card Confirmations

Amazon Mistakenly Sends Out Gift Card Confirmations

Amazon unintentionally dispatched purchase confirmation emails regarding Hotels.com, Google Play, and Mastercard ...
FBI Flags Escalating Trend of Paired Ransomware Threats

FBI Flags Escalating Trend of Paired Ransomware Threats

The U.S. Federal Bureau of Investigation (FBI) has issued an alert regarding a rising trend of dual ransomware ...
Unraveling the Mystery Behind Discord’s Recent Block Message

Unraveling the Mystery Behind Discord’s Recent Block Message

Users of the renowned communication tool Discord were taken aback today when they were greeted with an alarming ...
Best Phishing Tools for Ethical Hacking in 2023

Best Phishing Tools for Ethical Hacking in 2023

Phishing is one of the most prevalent cyber threats today, seeking to exploit human vulnerabilities rather than ...
0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *