Microsoft has released its August 2023 Patch Tuesday security updates to fix multiple vulnerabilities across its products, including two reported vulnerabilities that are currently being exploited in the wild.
Based on the official release notes from Microsoft, there are a total of 74 Microsoft CVEs and 12 non-Microsoft CVEs.
_____________________________
A. List of the Vulnerabilities
Microsoft CVEs
CVE Title | CVE | Base Score | Exploitability |
Microsoft Office | ADV230003 | Exploitation Detected | |
Memory Integrity System Readiness Scan Tool | ADV230004 | Exploitation Detected | |
Microsoft Exchange Server | CVE-2023-21709 | 9.8 | Exploitation Less Likely |
Microsoft Teams | CVE-2023-29328 | 8.8 | Exploitation Less Likely |
Microsoft Teams | CVE-2023-29330 | 8.8 | Exploitation Less Likely |
Windows Kernel | CVE-2023-35359 | 7.8 | Exploitation More Likely |
Microsoft Exchange Server | CVE-2023-35368 | 8.8 | Exploitation Less Likely |
Microsoft Office Excel | CVE-2023-35371 | 7.8 | Exploitation Less Likely |
Microsoft Office Visio | CVE-2023-35372 | 7.8 | Exploitation Less Likely |
Windows Message Queuing | CVE-2023-35376 | 6.5 | Exploitation Less Likely |
Windows Message Queuing | CVE-2023-35377 | 6.5 | Exploitation Less Likely |
Windows Projected File System | CVE-2023-35378 | 7 | Exploitation Less Likely |
Windows Reliability Analysis Metrics Calculation Engine | CVE-2023-35379 | 7.8 | Exploitation Less Likely |
Windows Kernel | CVE-2023-35380 | 7.8 | Exploitation More Likely |
Windows Fax and Scan Service | CVE-2023-35381 | 8.8 | Exploitation Less Likely |
Windows Kernel | CVE-2023-35382 | 7.8 | Exploitation More Likely |
Windows Message Queuing | CVE-2023-35383 | 7.5 | Exploitation Less Likely |
Windows HTML Platform | CVE-2023-35384 | 5.4 | Exploitation More Likely |
Windows Message Queuing | CVE-2023-35385 | 9.8 | Exploitation Less Likely |
Windows Kernel | CVE-2023-35386 | 7.8 | Exploitation More Likely |
Windows Bluetooth A2DP driver | CVE-2023-35387 | 8.8 | Exploitation Less Likely |
Microsoft Exchange Server | CVE-2023-35388 | 8 | Exploitation More Likely |
Microsoft Dynamics | CVE-2023-35389 | 6.5 | Exploitation Less Likely |
.NET Core | CVE-2023-35390 | 7.8 | Exploitation Less Likely |
ASP.NET and Visual Studio | CVE-2023-35391 | 7.1 | Exploitation Less Likely |
Azure HDInsights | CVE-2023-35393 | 4.5 | Exploitation Less Likely |
Azure HDInsights | CVE-2023-35394 | 4.6 | Exploitation Less Likely |
Microsoft Office Visio | CVE-2023-36865 | 7.8 | Exploitation Less Likely |
Microsoft Office Visio | CVE-2023-36866 | 7.8 | Exploitation Less Likely |
Azure DevOps | CVE-2023-36869 | 6.3 | Exploitation Less Likely |
.NET Framework | CVE-2023-36873 | 7.4 | Exploitation Less Likely |
Reliability Analysis Metrics Calculation Engine | CVE-2023-36876 | 7.1 | Exploitation Less Likely |
Azure HDInsights | CVE-2023-36877 | 4.5 | Exploitation Less Likely |
Azure HDInsights | CVE-2023-36881 | 4.5 | Exploitation Less Likely |
Microsoft WDAC OLE DB provider for SQL | CVE-2023-36882 | 8.8 | Exploitation Less Likely |
Windows Group Policy | CVE-2023-36889 | 5.5 | Exploitation Less Likely |
Microsoft Office SharePoint | CVE-2023-36890 | 6.5 | Exploitation Less Likely |
Microsoft Office SharePoint | CVE-2023-36891 | 8 | Exploitation Less Likely |
Microsoft Office SharePoint | CVE-2023-36892 | 8 | Exploitation Less Likely |
Microsoft Office Outlook | CVE-2023-36893 | 6.5 | Exploitation Less Likely |
Microsoft Office SharePoint | CVE-2023-36894 | 6.5 | Exploitation Less Likely |
Microsoft Office Outlook | CVE-2023-36895 | 7.8 | Exploitation Less Likely |
Microsoft Office Excel | CVE-2023-36896 | 7.8 | Exploitation Less Likely |
Microsoft Office | CVE-2023-36897 | 8.1 | Exploitation Less Likely |
Tablet Windows User Interface | CVE-2023-36898 | 7.8 | Exploitation Less Likely |
ASP.NET | CVE-2023-36899 | 7.5 | Exploitation Less Likely |
Windows Common Log File System Driver | CVE-2023-36900 | 7.8 | Exploitation More Likely |
Windows System Assessment Tool | CVE-2023-36903 | 7.8 | Exploitation Less Likely |
Windows Cloud Files Mini Filter Driver | CVE-2023-36904 | 7.8 | Exploitation Less Likely |
Windows Wireless Wide Area Network Service | CVE-2023-36905 | 5.5 | Exploitation Less Likely |
Windows Cryptographic Services | CVE-2023-36906 | 5.5 | Exploitation Less Likely |
Windows Cryptographic Services | CVE-2023-36907 | 5.5 | Exploitation Less Likely |
Role: Windows Hyper-V | CVE-2023-36908 | 5.7 | Exploitation Less Likely |
Windows Message Queuing | CVE-2023-36909 | 6.5 | Exploitation Less Likely |
Windows Message Queuing | CVE-2023-36910 | 9.8 | Exploitation Less Likely |
Windows Message Queuing | CVE-2023-36911 | 9.8 | Exploitation Less Likely |
Windows Message Queuing | CVE-2023-36912 | 7.5 | Exploitation Less Likely |
Windows Message Queuing | CVE-2023-36913 | 6.5 | Exploitation Less Likely |
Windows Smart Card | CVE-2023-36914 | 5.5 | Exploitation Less Likely |
Windows Kernel | CVE-2023-38154 | 7.8 | Exploitation Unlikely |
Microsoft Edge (Chromium-based) | CVE-2023-38157 | 6.5 | Exploitation Less Likely |
Dynamics Business Central Control | CVE-2023-38167 | 7.2 | Exploitation Less Likely |
SQL Server | CVE-2023-38169 | 8.8 | Exploitation Less Likely |
Microsoft Windows Codecs Library | CVE-2023-38170 | 7.8 | Exploitation Less Likely |
Windows Message Queuing | CVE-2023-38172 | 7.5 | Exploitation Less Likely |
Windows Defender | CVE-2023-38175 | 7.8 | Exploitation Less Likely |
Azure Arc | CVE-2023-38176 | 7 | Exploitation Less Likely |
.NET Core | CVE-2023-38178 | 7.5 | Exploitation Less Likely |
ASP .NET | CVE-2023-38180 | 7.5 | Exploitation More Likely |
Microsoft Exchange Server | CVE-2023-38181 | 8.8 | Exploitation Less Likely |
Microsoft Exchange Server | CVE-2023-38182 | 8 | Exploitation More Likely |
Windows LDAP – Lightweight Directory Access Protocol | CVE-2023-38184 | 7.5 | Exploitation Less Likely |
Microsoft Exchange Server | CVE-2023-38185 | 8.8 | Exploitation Less Likely |
Windows Mobile Device Management | CVE-2023-38186 | 7.8 | Exploitation Less Likely |
Azure HDInsights | CVE-2023-38188 | 4.5 | Exploitation Less Likely |
Windows Message Queuing | CVE-2023-38254 | 6.5 | Exploitation Less Likely |
Non-Microsoft CVEs
CNA | Tag | CVE |
Advanced Micro Devices Inc. | Microsoft Windows | CVE-2023-20569 |
Chrome | Microsoft Edge (Chromium-based) | CVE-2023-4068 |
Chrome | Microsoft Edge (Chromium-based) | CVE-2023-4069 |
Chrome | Microsoft Edge (Chromium-based) | CVE-2023-4070 |
Chrome | Microsoft Edge (Chromium-based) | CVE-2023-4071 |
Chrome | Microsoft Edge (Chromium-based) | CVE-2023-4072 |
Chrome | Microsoft Edge (Chromium-based) | CVE-2023-4073 |
Chrome | Microsoft Edge (Chromium-based) | CVE-2023-4074 |
Chrome | Microsoft Edge (Chromium-based) | CVE-2023-4075 |
Chrome | Microsoft Edge (Chromium-based) | CVE-2023-4076 |
Chrome | Microsoft Edge (Chromium-based) | CVE-2023-4077 |
Chrome | Microsoft Edge (Chromium-based) | CVE-2023-4078 |
B. Actions to be taken
CERT-PH recommends the following actions be taken:
- Kindly review and apply the necessary updates to mitigate future threats.
- For additional information, kindly refer to the official report
- https://msrc.microsoft.com/update-guide/releaseNote/2023-Aug
- https://msrc.microsoft.com/update-guide/vulnerability