Microsoft Patch Tuesday

In today’s SensCy Cyber Brief, your SensCy team reviewed Microsoft’s latest series of patches released on Tuesday, September 12, 2023. Today’s Patch Tuesday comes with fixes for TWO Zero-Day vulnerability and and 59 flaws.

What is Patch Tuesday?
Patch Tuesday is Microsoft’s initiative to release new security fixes for the Windows operating system and any other Microsoft software on a monthly basis. Your SensCy team will monitor such releases and provide you with our observations and recommendations.

Why is it important?
This month’s patch Tuesday is critical because it fixes TWO zero-day vulnerabilities (a vulnerability in a system or device that has been disclosed but is not yet patched). The SensCy team recommends Microsoft users install those patches immediately.

CVE-2023-36806 is an elevation of privilege vulnerability in Microsoft Streaming Service Proxy. CVE-2023-36761 is a Microsoft Word Information Disclosure vulnerability.

In addition to the zero-day fix, Microsoft is also fixing 59 vulnerabilities, with Five classified as “Critical” as they allow remote code execution.
Here is a breakdown of each vulnerability category:

• 3 Security Feature Bypass Vulnerabilities
• 24 Remote Code Execution Vulnerabilities
• 9 Information Disclosure Vulnerabilities
• 3 Denial of Service Vulnerabilities
• 5 Spoofing Vulnerabilities
• 5 Edge – Chromium Vulnerabilities

For more information on vulnerabilities and the system that it affects, please refer to the full report from Microsoft linked here.

If you have any questions or concerns regarding Patch Tuesday and are unsure of the implication of the new updates on your company, please reach out to SensCy.