The latest Microsoft Patch Tuesday provides fixes for two active exploits and five other security vulnerabilities. A total of 59 fixes for various Microsoft products have been implemented.
The most recent Patch Tuesday for September 2023 addressed two actively abused exploits, according to Microsoft. The first, CVE-2023-36761, is in Microsoft Word and allows hackers to disclose NLTM hashes. Conducting an attack via this method would not require interaction with users. The hashes obtained could then be used in NLTM Relay attacks to gain access to the Microsoft account being used.
The second vulnerability already exploited, CVE-2023-36802, is in Microsoft Windows. More specifically, this vulnerability affects the streaming service proxy Microsoft Stream, once Office 365 Video. Hackers must use a special program that allows them to escalate privileges to admin or system privileges for this to be successfully exploited.
Five other critical patches
In addition to these two very important fixes, five other critical security vulnerabilities have also been addressed. The most important of these is CVE-2023-29332 in Microsoft’s Azure Kubernetes Service (AKS). This vulnerability allows an unauthorized remote hacker to obtain Kubernetes Cluster admin privileges.
Other three critical security patches address RCE issues for Visual Studio, among others. Finally, the tech giant fixed an unauthenticated remote code execution via the Internet Connection Sharing (ICS) functionality in Windows.
A total of 65 patches
A total of 59 new patches were implemented for various Microsoft products. These include patches for the products Microsoft Windows, Exchange Server, Office, .NET and Visual Studio, Azure, Microsoft Dynamics and Windows Defender.
A number of fixes have also been implemented for applications and solutions from other vendors, including an actively exploited zeroday in Chromium. Among other things, this bug affects the search engine Microsoft Edge that works based on Chromium. This brings the total number of fixes to 65 for this Patch Tuesday.
Also read: Microsoft discontinues Visual Studio for Mac