Windows 10: CVEs have been published or revised in the Security Update Guide September 29, 2023

CVEs have been published or revised in the Security Update GuideSeptember 29, 2023These common vulnerabilities and exposures CVEs were recently published or revised in the Microsoft Security Update Guide:CVE-2023-1999· Title: Chromium: CVE-2023-1999 Use after free in libwebp· Version: 1.0· Reason for revision: Information published.· Originally released: September 29, 2023· Last updated: September 29, 2023· Aggregate CVE Severity Rating:CVE-2023-36788· &n

:)

 

Microsoft September 2023 Security Updates

September 2023 Security Updates

This release consists of the following 59 Microsoft CVEs:

Tag CVE Base Score CVSS Vector Exploitability FAQs? Workarounds? Mitigations?

Microsoft Azure Kubernetes Service CVE-2023-29332

Azure DevOps CVE-2023-33136

Windows Cloud Files Mini Filter Driver CVE-2023-35355

Microsoft Identity Linux Broker CVE-2023-36736

3D Viewer CVE-2023-36739

3D Viewer CVE-2023-36740

Visual Studio Code CVE-2023-36742

Microsoft Exchange Server CVE-2023-36744

Microsoft Exchange Server CVE-2023-36745

Microsoft Exchange Server CVE-2023-36756

Microsoft Exchange Server CVE-2023-36757

Visual Studio CVE-2023-36758

Visual Studio CVE-2023-36759

3D Viewer CVE-2023-36760

Microsoft Office Word CVE-2023-36761

Microsoft Office Word CVE-2023-36762

Microsoft Office Outlook CVE-2023-36763

Microsoft Office SharePoint CVE-2023-36764

Microsoft Office CVE-2023-36765

Microsoft Office Excel CVE-2023-36766

Microsoft Office CVE-2023-36767

3D Builder CVE-2023-36770

3D Builder CVE-2023-36771

3D Builder CVE-2023-36772

3D Builder CVE-2023-36773

Microsoft Exchange Server CVE-2023-36777

.NET Framework CVE-2023-36788

.NET and Visual Studio CVE-2023-36792

.NET and Visual Studio CVE-2023-36793

.NET and Visual Studio CVE-2023-36794

.NET and Visual Studio CVE-2023-36796

.NET Core & Visual Studio CVE-2023-36799

Microsoft Dynamics Finance & Operations CVE-2023-36800

Windows DHCP Server CVE-2023-36801

Microsoft Streaming Service CVE-2023-36802

Windows Kernel CVE-2023-36803

Windows GDI CVE-2023-36804

Windows Scripting CVE-2023-36805

Microsoft Dynamics CVE-2023-36886

Windows Kernel CVE-2023-38139

Windows Kernel CVE-2023-38140

Windows Kernel CVE-2023-38141

Windows Kernel CVE-2023-38142

Windows Common Log File System Driver CVE-2023-38143

Windows Common Log File System Driver CVE-2023-38144

Windows Themes CVE-2023-38146

Microsoft Windows Codecs Library CVE-2023-38147

Windows Internet Connection Sharing (ICS) CVE-2023-38148

Windows TCP/IP CVE-2023-38149

Windows Kernel CVE-2023-38150

Windows DHCP Server CVE-2023-38152

Azure DevOps CVE-2023-38155

Azure HDInsights CVE-2023-38156

Windows TCP/IP CVE-2023-38160

Windows GDI CVE-2023-38161

Windows DHCP Server CVE-2023-38162

Windows Defender CVE-2023-38163

Microsoft Dynamics CVE-2023-38164

Microsoft Office CVE-2023-41764

We are republising 6 non-Microsoft CVEs:

CNA Tag CVE FAQs? Workarounds? Mitigations?

Autodesk 3D Viewer CVE-2022-41303 Yes No No

Electron Visual Studio Code CVE-2023-39956 Yes No No

Chrome Microsoft Edge (Chromium-based) CVE-2023-4761 Yes No No

Chrome Microsoft Edge (Chromium-based) CVE-2023-4762 Yes No No

Chrome Microsoft Edge (Chromium-based) CVE-2023-4763 Yes No No

Chrome Microsoft Edge (Chromium-based) CVE-2023-4764 Yes No No

Security Update Guide Blog Posts

Date Blog Post

January 11, 2022 Coming Soon: New Security Update Guide Notification System

February 9, 2021 Continuing to Listen: Good News about the Security Update Guide API

January 13, 2021 Security Update Guide Supports CVEs Assigned by Industry Partners

December 8, 2020 Security Update Guide: Let’s keep the conversation going

November 9, 2020 Vulnerability Descriptions in the New Version of the Security Update Guide

Relevant Resources

• The new Hotpatching feature is now generally available. Please see Hotpatching feature for Windows Server Azure Edition virtual machines (VMs) for more information.
  
• Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
  
• Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.
  
• A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
  
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
  
• Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.
  

Known Issues

You can see these in more detail from the Deployments tab by selecting Known Issues column in the Edit Columns panel.

For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).

KB Article Applies To

5002472 SharePoint Server 2019 Core

5002474 SharePoint Server Subscription Edition

5002494 SharePoint Enterprise Server 2016

5002501 SharePoint Enterprise Server 2016

5030216 Windows Server 2022

5030261 Windows Server 2008 R2 (Security-only update)

5030265 Windows Server 2008 R2 (Monthly Rollup)

5030271 Windows Server 2008 (Monthly Rollup)

5030286 Windows Server 2008 (Security-only update)

Released: Sep 12, 2023

September 2023 Security Updates - Release Notes - Security Update Guide - Microsoft

 

microsoft January 2023 Security Updates

January 2023 Security Updates

Updates this Month

This release consists of security updates for the following products, features and roles.

• .NET Core
  
• 3D Builder
  
• Azure Service Fabric Container
  
• Microsoft Bluetooth Driver
  
• Microsoft Exchange Server
  
• Microsoft Graphics Component
  
• Microsoft Local Security Authority Server (lsasrv)
  
• Microsoft Message Queuing
  
• Microsoft Office
  
• Microsoft Office SharePoint
  
• Microsoft Office Visio
  
• Microsoft WDAC OLE DB provider for SQL
  
• Visual Studio Code
  
• Windows ALPC
  
• Windows Ancillary Function Driver for WinSock
  
• Windows Authentication Methods
  
• Windows Backup Engine
  
• Windows Bind Filter Driver
  
• Windows BitLocker
  
• Windows Boot Manager
  
• Windows Credential Manager
  
• Windows Cryptographic Services
  
• Windows DWM Core Library
  
• Windows Error Reporting
  
• Windows Event Tracing
  
• Windows IKE Extension
  
• Windows Installer
  
• Windows Internet Key Exchange (IKE) Protocol
  
• Windows iSCSI
  
• Windows Kernel
  
• Windows Layer 2 Tunneling Protocol
  
• Windows LDAP - Lightweight Directory Access Protocol
  
• Windows Local Security Authority (LSA)
  
• Windows Local Session Manager (LSM)
  
• Windows Malicious Software Removal Tool
  
• Windows Management Instrumentation
  
• Windows MSCryptDImportKey
  
• Windows NTLM
  
• Windows ODBC Driver
  
• Windows Overlay Filter
  
• Windows Point-to-Point Tunneling Protocol
  
• Windows Print Spooler Components
  
• Windows Remote Access Service L2TP Driver
  
• Windows RPC API
  
• Windows Secure Socket Tunneling Protocol (SSTP)
  
• Windows Smart Card
  
• Windows Task Scheduler
  
• Windows Virtual Registry Provider
  
• Windows Workstation Service
  

Please note the following information regarding the security updates:

Security Update Guide Blog Posts

[table][tr]DateBlog Post[/tr][tr][td]January 6, 2023[/td][td]Publishing CBL-Mariner CVEs on the Security Update Guide CVRF API[/td][/tr][tr][td]December 29, 2022[/td][td]Security Update Guide Improvement – Representing Hotpatch Updates[/td][/tr][tr][td]August 9, 2022[/td][td]Security Update Guide Notification System News: Create your profile now[/td][/tr][tr][td]January 11, 2022[/td][td]Coming Soon: New Security Update Guide Notification System[/td][/tr][tr][td]February 9, 2021[/td][td]Continuing to Listen: Good News about the Security Update Guide API[/td][/tr][tr][td]January 13, 2021[/td][td]Security Update Guide Supports CVEs Assigned by Industry Partners[/td][/tr][tr][td]December 8, 2020[/td][td]Security Update Guide: Let’s keep the conversation going[/td][/tr][tr][td]November 9, 2020[/td][td]Vulnerability Descriptions in the New Version of the Security Update Guide[/td][/tr][/table]
Relevant Information

• The new Hotpatching feature is now generally available. Please see Hotpatching feature for Windows Server Azure Edition virtual machines (VMs) for more information.
  
• Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
  
• Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.
  
• A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
  
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
  
• Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.
  

FAQs, Mitigations, and Workarounds

The following CVEs have FAQs, Mitigations, or Workarounds. You can see these in more detail from the Vulnerabilities tab by selecting FAQs, Mitigations and Workarounds columns in the Edit Columns panel.

• CVE-2023-21524
  
• CVE-2023-21525
  
• CVE-2023-21531
  
• CVE-2023-21532
  
• CVE-2023-21535
  
• CVE-2023-21536
  
• CVE-2023-21537
  
• CVE-2023-21539
  
• CVE-2023-21540
  
• CVE-2023-21541
  
• CVE-2023-21542
  
• CVE-2023-21543
  
• CVE-2023-21546
  
• CVE-2023-21548
  
• CVE-2023-21549
  
• CVE-2023-21550
  
• CVE-2023-21551
  
• CVE-2023-21552
  
• CVE-2023-21555
  
• CVE-2023-21556
  
• CVE-2023-21557
  
• CVE-2023-21558
  
• CVE-2023-21559
  
• CVE-2023-21560
  
• CVE-2023-21561
  
• CVE-2023-21563
  
• CVE-2023-21674
  
• CVE-2023-21675
  
• CVE-2023-21676
  
• CVE-2023-21678
  
• CVE-2023-21679
  
• CVE-2023-21680
  
• CVE-2023-21681
  
• CVE-2023-21682
  
• CVE-2023-21724
  
• CVE-2023-21725
  
• CVE-2023-21726
  
• CVE-2023-21730
  
• CVE-2023-21732
  
• CVE-2023-21733
  
• CVE-2023-21734
  
• CVE-2023-21735
  
• CVE-2023-21736
  
• CVE-2023-21737
  
• CVE-2023-21738
  
• CVE-2023-21739
  
• CVE-2023-21741
  
• CVE-2023-21742
  
• CVE-2023-21743
  
• CVE-2023-21744
  
• CVE-2023-21745
  
• CVE-2023-21746
  
• CVE-2023-21747
  
• CVE-2023-21748
  
• CVE-2023-21749
  
• CVE-2023-21750
  
• CVE-2023-21752
  
• CVE-2023-21753
  
• CVE-2023-21754
  
• CVE-2023-21755
  
• CVE-2023-21759
  
• CVE-2023-21760
  
• CVE-2023-21761
  
• CVE-2023-21762
  
• CVE-2023-21763
  
• CVE-2023-21764
  
• CVE-2023-21765
  
• CVE-2023-21766
  
• CVE-2023-21767
  
• CVE-2023-21768
  
• CVE-2023-21771
  
• CVE-2023-21772
  
• CVE-2023-21773
  
• CVE-2023-21774
  
• CVE-2023-21776
  
• CVE-2023-21779
  
• CVE-2023-21780
  
• CVE-2023-21781
  
• CVE-2023-21782
  
• CVE-2023-21783
  
• CVE-2023-21784
  
• CVE-2023-21785
  
• CVE-2023-21786
  
• CVE-2023-21787
  
• CVE-2023-21788
  
• CVE-2023-21789
  
• CVE-2023-21790
  
• CVE-2023-21791
  
• CVE-2023-21792
  
• CVE-2023-21793
  

Known Issues

You can see these in more detail from the Deployments tab by selecting Known Issues column in the Edit Columns panel.

For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).

[table][tr]KB ArticleApplies To[/tr][tr][td]5022143[/td][td]Microsoft Exchange Server 2016[/td][/tr][tr][td]5022188[/td][td]Microsoft Exchange Server 2013[/td][/tr][tr][td]5022193[/td][td]Microsoft Exchange Server 2019[/td][/tr][tr][td]5022286[/td][td]Windows 10, version 1809, Windows Server 2019[/td][/tr][tr][td]5022303[/td][td]Windows 11 version 22H2[/td][/tr][tr][td]5022338[/td][td]Windows 7, Windows Server 2008 R2 (Monthly Rollup)[/td][/tr][tr][td]5022339[/td][td]Windows 7, Windows Server 2008 R2 (Security-only update)[/td][/tr][tr][td]5022340[/td][td]Windows Server 2008 (Monthly Rollup)[/td][/tr][tr][td]5022343[/td][td]Windows Server 2012 (Security-only update)[/td][/tr][tr][td]5022346[/td][td]Windows 8.1, Windows Server 2012 R2 (Security-only update)[/td][/tr][tr][td]5022348[/td][td]Windows Server 2012 (Monthly Rollup)[/td][/tr][tr][td]5022352[/td][td]Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)[/td][/tr][tr][td]5022353[/td][td]Windows Server 2008 (Security-only update)[/td][/tr][/table]
Released: Jan 10, 2023

January 2023 Security Updates - Release Notes - Security Update Guide - Microsoft

 

Microsoft September 2023 Security Updates

September 2023 Security Updates This release consists of the following 59 Microsoft CVEs: Tag CVE Base Score CVSS Vector Exploitability FAQs? Workarounds? Mitigations? Microsoft Azure Kubernetes Service CVE-2023-29332 Azure DevOps CVE-2023-33136 Windows Cloud Files Mini Filter Driver CVE-2023-35355 Microsoft Identity Linux Broker CVE-2023-36736 3D Viewer CVE-2023-36739 3D Viewer CVE-2023-36740 Visual Studio Code CVE-2023-36742 Microsoft Exchange Server CVE-2023-36744 Microsoft Exchange Server CVE-2023-36745 Microsoft Exchange Server CVE-2023-36756 Microsoft Exchange Server CVE-2023-36757 Visual Studio CVE-2023-36758 Visual Studio CVE-2023-36759 3D Viewer CVE-2023-36760 Microsoft Office Word CVE-2023-36761 Microsoft Office Word CVE-2023-36762 Microsoft Office Outlook CVE-2023-36763 Microsoft Office SharePoint CVE-2023-36764 Microsoft Office CVE-2023-36765 Microsoft Office Excel CVE-2023-36766 Microsoft Office CVE-2023-36767 3D Builder CVE-2023-36770 3D Builder CVE-2023-36771 3D Builder CVE-2023-36772 3D Builder CVE-2023-36773 Microsoft Exchange Server CVE-2023-36777 .NET Framework CVE-2023-36788 .NET and Visual Studio CVE-2023-36792 .NET and Visual Studio CVE-2023-36793 .NET and Visual Studio CVE-2023-36794 .NET and Visual Studio CVE-2023-36796 .NET Core & Visual Studio CVE-2023-36799 Microsoft Dynamics Finance & Operations CVE-2023-36800 Windows DHCP Server CVE-2023-36801 Microsoft Streaming Service CVE-2023-36802 Windows Kernel CVE-2023-36803 Windows GDI CVE-2023-36804 Windows Scripting CVE-2023-36805 Microsoft Dynamics CVE-2023-36886 Windows Kernel CVE-2023-38139 Windows Kernel CVE-2023-38140 Windows Kernel CVE-2023-38141 Windows Kernel CVE-2023-38142 Windows Common Log File System Driver CVE-2023-38143 Windows Common Log File System Driver CVE-2023-38144 Windows Themes CVE-2023-38146 Microsoft Windows Codecs Library CVE-2023-38147 Windows Internet Connection Sharing (ICS) CVE-2023-38148 Windows TCP/IP CVE-2023-38149 Windows Kernel CVE-2023-38150 Windows DHCP Server CVE-2023-38152 Azure DevOps CVE-2023-38155 Azure HDInsights CVE-2023-38156 Windows TCP/IP CVE-2023-38160 Windows GDI CVE-2023-38161 Windows DHCP Server CVE-2023-38162 Windows Defender CVE-2023-38163 Microsoft Dynamics CVE-2023-38164 Microsoft Office CVE-2023-41764 We are republising 6 non-Microsoft CVEs: CNA Tag CVE FAQs? Workarounds? Mitigations? Autodesk 3D Viewer CVE-2022-41303 Yes No No Electron Visual Studio Code CVE-2023-39956 Yes No No Chrome Microsoft Edge (Chromium-based) CVE-2023-4761 Yes No No Chrome Microsoft Edge (Chromium-based) CVE-2023-4762 Yes No No Chrome Microsoft Edge (Chromium-based) CVE-2023-4763 Yes No No Chrome Microsoft Edge (Chromium-based) CVE-2023-4764 Yes No No Security Update Guide Blog Posts Date Blog Post January 11, 2022 Coming Soon: New Security Update Guide Notification System February 9, 2021 Continuing to Listen: Good News about the Security Update Guide API January 13, 2021 Security Update Guide Supports CVEs Assigned by Industry Partners December 8, 2020 Security Update Guide: Let’s keep the conversation going November 9, 2020 Vulnerability Descriptions in the New Version of the Security Update Guide Relevant Resources

• The new Hotpatching feature is now generally available. Please see Hotpatching feature for Windows Server Azure Edition virtual machines (VMs) for more information.
• Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
• Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.
• A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
• Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.

Known Issues You can see these in more detail from the Deployments tab by selecting Known Issues column in the Edit Columns panel. For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane). KB Article Applies To 5002472 SharePoint Server 2019 Core 5002474 SharePoint Server Subscription Edition 5002494 SharePoint Enterprise Server 2016 5002501 SharePoint Enterprise Server 2016 5030216 Windows Server 2022 5030261 Windows Server 2008 R2 (Security-only update) 5030265 Windows Server 2008 R2 (Monthly Rollup) 5030271 Windows Server 2008 (Monthly Rollup) 5030286 Windows Server 2008 (Security-only update) Released: Sep 12, 2023 September 2023 Security Updates - Release Notes - Security Update Guide - Microsoft