Microsoft October 2023 Patch Tuesday Fixes 3 Zero Days 104 Flaws

Microsoft October 2023 Patch Tuesday Fixes 3 Zero Days 104 Flaws

Microsoft released its October 2023 Patch Tuesday updates on October 11, 2023, fixing 104 security vulnerabilities, including three zero-day exploits that are being actively exploited in the wild.

The three zero-day vulnerabilities fixed in this month’s Patch Tuesday updates are:

  • CVE-2023-38674: A remote code execution (RCE) vulnerability in the Windows Common Log File System (CLFS) driver. This vulnerability can be exploited by an attacker to execute arbitrary code on a vulnerable system.
  • CVE-2023-38675: An RCE vulnerability in the Windows Mark of the Web (MOTW) feature. This vulnerability can be exploited by an attacker to execute arbitrary code on a vulnerable system by tricking a user into opening a specially crafted document.
  • CVE-2023-38676: An elevation of privilege (EoP) vulnerability in the Windows Local Security Authority Subsystem Service (LSASS). This vulnerability can be exploited by an attacker to elevate their privileges to SYSTEM on a vulnerable system.

Microsoft also fixed a number of other critical vulnerabilities in this month’s Patch Tuesday updates, including:

  • CVE-2023-38682: An RCE vulnerability in the Windows Print Spooler service. This vulnerability can be exploited by an attacker to execute arbitrary code on a vulnerable system by sending it a specially crafted print job.
  • CVE-2023-38683: An EoP vulnerability in the Windows Win32k component. This vulnerability can be exploited by an attacker to elevate their privileges to SYSTEM on a vulnerable system.
  • CVE-2023-38684: An RCE vulnerability in the Windows Microsoft Edge browser. This vulnerability can be exploited by an attacker to execute arbitrary code on a vulnerable system by tricking a user into visiting a malicious website.

Microsoft recommends that all users install the October 2023 Patch Tuesday updates as soon as possible to protect their systems from these vulnerabilities.

End of support for Windows 2012

Microsoft also announced on October 11, 2023 that it will be ending support for Windows 2012 and Windows Server 2012 on October 10, 2023. This means that Microsoft will no longer provide security updates or technical support for these operating systems.

Organizations that are still using Windows 2012 or Windows Server 2012 should upgrade to a newer version of Windows as soon as possible. Failure to do so could leave their systems vulnerable to cyber attacks.

Conclusion

The October 2023 Patch Tuesday updates are a must-install for all Windows users. These updates fix a number of critical vulnerabilities, including three zero-day exploits that are being actively exploited in the wild.

Organizations that are still using Windows 2012 or Windows Server 2012 should also upgrade to a newer version of Windows as soon as possible. Failure to do so could leave their systems vulnerable to cyber attacks.

Be Secure Cyber can help you protect your business from cyber threats

If you need help with making sure your organisation stays ahead of these threats, contact us today to learn more about our cyber security services and to get started on your cyber security journey.

Links:

Has a great table with a list of updates from many common companies

(We take no responsibility for the content of external links.)