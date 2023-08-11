Recently, Microsoft released security fixes for 87 vulnerabilities. This month’s Patch Tuesday also includes fixes for two vulnerabilities that were being actively exploited by cybercriminals. Redmond’s official bulletin includes safety notices for teams, exchange server, .NET Core, visualstudio, azure, Hyper V and various components of windows.

Six vulnerabilities were classified as “critical”, while 23 flaws could be exploited to execute potentially malicious code from remote locations. Overall, the vulnerabilities fixed by the latest “Patch Tuesday” rank as follows: 18 elevation of privilege vulnerabilities, three security feature bypass vulnerabilities, 23 remote code execution vulnerabilities, 10 information disclosure vulnerabilities , eight denial-of-service vulnerabilities, and 12 spoofing vulnerabilities.

Updates do not include 20 security fixes for the Edge browser based on chromiumthat Microsoft released earlier this month. Bleeping Computer has published a full report on all fixed vulnerabilities and related warnings. Patch Tuesday includes a warning (ADV230003) about a Defense-in-Depth Update for microsoftoffice, designed to provide enhanced security for Redmond’s productivity suite. The update blocks an attack chain that could lead to CVE-2023-36884, a previously mitigated remote code execution vulnerability in the search function. windows. This flaw could bypass the “Mark of the Web” (MoTW) security feature, prompting users to download and open malicious files without displaying a security warning.

The zero-day vulnerability had already been exploited in a ransomware operation by the RomCom hacking group. However, it should now be permanently fixed (and not exploitable). The second zero-day flaw addressed this month is a Denial of Service Vulnerability in .net and visualstudio (CVE-2023-38180), capable of causing a denial of service against .net and the SDI of visualstudio. Microsoft it did not provide additional details about this flaw.

Microsoft implemented its latest series of patches via windows updateupdate management systems such as WSUS, and as direct downloads available from the Update Catalog of Microsoft. Other companies providing security fixes in sync with the August 2023 “Patch Tuesday” include Adobe, AMD, Cisco, Google, SAP and vmware.

Via: techspot

Editor’s note: You always have to keep the equipment up to date, although sometimes it helps not to be one of the first people to install the updates, in most cases they manage to avoid problems. The good news is that these days, problems that can update new software versions are usually fixed in a short time.