Windows 10: Microsoft September 2023 Security Updates

September 2023 Security UpdatesThis release consists of the following 59 Microsoft CVEs:Tag CVE Base Score CVSS Vector Exploitability FAQs? Workarounds? Mitigations?Microsoft Azure Kubernetes Service CVE-2023-29332 Azure DevOps CVE-2023-33136 Windows Cloud Files Mini Filter Driver CVE-2023-35355 Microsoft Identity Linux Broker CVE-2023-36736 3D Viewer CVE-2023-36739 3D Viewer CVE-2023-36740 Visual Studio Code CVE-2023-36742 Microsoft Exchange Server CVE-2023-367

:)

 

Microsoft Security Bulletin for September 2007

Microsoft released yesterday the September Security Bulletin for Windows operating system, as part of its monthly security cycle. This bulletin summary lists one critical and three important updates. For more information, see Microsoft Security Bulletin Summary for September 2007.

Source: Microsoft

 

Microsoft April 2023 Security Updates

April 2023 Security Updates
Updates this Month
This release consists of security updates for the following products, features and roles.

.NET Core
Azure Machine Learning
Azure Service Connector
Microsoft Bluetooth Driver
Microsoft Defender for Endpoint
Microsoft Dynamics
Microsoft Dynamics 365 Customer Voice
Microsoft Edge (Chromium-based)
Microsoft Graphics Component
Microsoft Message Queuing
Microsoft Office
Microsoft Office Publisher
Microsoft Office SharePoint
Microsoft Office Word
Microsoft PostScript Printer Driver
Microsoft Printer Drivers
Microsoft WDAC OLE DB provider for SQL
Microsoft Windows DNS
Visual Studio
Visual Studio Code
Windows Active Directory
Windows ALPC
Windows Ancillary Function Driver for WinSock
Windows Boot Manager
Windows Clip Service
Windows CNG Key Isolation Service
Windows Common Log File System Driver
Windows DHCP Server
Windows Enroll Engine
Windows Error Reporting
Windows Group Policy
Windows Internet Key Exchange (IKE) Protocol
Windows Kerberos
Windows Kernel
Windows Layer 2 Tunneling Protocol
Windows Lock Screen
Windows Netlogon
Windows Network Address Translation (NAT)
Windows Network File System
Windows Network Load Balancing
Windows NTLM
Windows PGM
Windows Point-to-Point Protocol over Ethernet (PPPoE)
Windows Point-to-Point Tunneling Protocol
Windows Raw Image Extension
Windows RDP Client
Windows Registry
Windows RPC API
Windows Secure Boot
Windows Secure Channel
Windows Secure Socket Tunneling Protocol (SSTP)
Windows Transport Security Layer (TLS)
Windows Win32K
Please note the following information regarding the security updates:

Security Update Guide Blog Posts
Date Blog Post
January 11, 2022 Coming Soon: New Security Update Guide Notification System
February 9, 2021 Continuing to Listen: Good News about the Security Update Guide API
January 13, 2021 Security Update Guide Supports CVEs Assigned by Industry Partners
December 8, 2020 Security Update Guide: Let’s keep the conversation going
November 9, 2020 Vulnerability Descriptions in the New Version of the Security Update Guide
Relevant Information
The new Hotpatching feature is now generally available. Please see Hotpatching feature for Windows Server Azure Edition virtual machines (VMs) for more information.
Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.
A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.
FAQs, Mitigations, and Workarounds
The following CVEs have FAQs, Mitigations, or Workarounds. You can see these in more detail from the Vulnerabilities tab by selecting FAQs, Mitigations and Workarounds columns in the Edit Columns panel.

CVE-2023-21554
CVE-2023-21727
CVE-2023-21729
CVE-2023-23375
CVE-2023-23384
CVE-2023-24860
CVE-2023-24883
CVE-2023-24884
CVE-2023-24885
CVE-2023-24886
CVE-2023-24887
CVE-2023-24893
CVE-2023-24912
CVE-2023-24914
CVE-2023-24924
CVE-2023-24925
CVE-2023-24926
CVE-2023-24927
CVE-2023-24928
CVE-2023-24929
CVE-2023-24935
CVE-2023-28216
CVE-2023-28218
CVE-2023-28219
CVE-2023-28220
CVE-2023-28221
CVE-2023-28222
CVE-2023-28223
CVE-2023-28224
CVE-2023-28225
CVE-2023-28226
CVE-2023-28227
CVE-2023-28228
CVE-2023-28229
CVE-2023-28231
CVE-2023-28232
CVE-2023-28233
CVE-2023-28234
CVE-2023-28235
CVE-2023-28236
CVE-2023-28237
CVE-2023-28238
CVE-2023-28240
CVE-2023-28243
CVE-2023-28244
CVE-2023-28246
CVE-2023-28247
CVE-2023-28248
CVE-2023-28249
CVE-2023-28250
CVE-2023-28251
CVE-2023-28252
CVE-2023-28253
CVE-2023-28254
CVE-2023-28255
CVE-2023-28256
CVE-2023-28260
CVE-2023-28262
CVE-2023-28263
CVE-2023-28266
CVE-2023-28267
CVE-2023-28268
CVE-2023-28269
CVE-2023-28270
CVE-2023-28271
CVE-2023-28272
CVE-2023-28273
CVE-2023-28274
CVE-2023-28275
CVE-2023-28276
CVE-2023-28277
CVE-2023-28278
CVE-2023-28284
CVE-2023-28285
CVE-2023-28287
CVE-2023-28288
CVE-2023-28291
CVE-2023-28292
CVE-2023-28295
CVE-2023-28296
CVE-2023-28297
CVE-2023-28300
CVE-2023-28301
CVE-2023-28304
CVE-2023-28305
CVE-2023-28306
CVE-2023-28307
CVE-2023-28308
CVE-2023-28309
CVE-2023-28311
CVE-2023-28312
CVE-2023-28313
CVE-2023-28314
Known Issues
You can see these in more detail from the Deployments tab by selecting Known Issues column in the Edit Columns panel.

For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).

KB Article Applies To
5002375 SharePoint Server Subscription Edition
5025221 Windows 10, version 20H2, Windows 10, version 21H2, Windows 10, version 22H2
5025224 Windows 11 version 21H2
5025229 Windows 10, Version 1809, Windows Server 2019
5025230 Windows Server 2022
5025239 Windows 11 version 22H2
5025271 Windows Server 2008 (Monthly Rollup)
5025273 Windows Server 2008 (Security-only update)
5025277 Windows Server 2008 R2 (Security-only update)
5025279 Windows Server 2008 R2 (Monthly Rollup)Released: Apr 11, 2023

https://msrc.microsoft.com/update-gu...eNote/2023-Apr

 

Microsoft February 2023 Security Updates

February 2023 Security Updates

Updates this Month

This release consists of security updates for the following products, features and roles.

• .NET and Visual Studio
• .NET Framework
• 3D Builder
• Azure App Service
• Azure Data Box Gateway
• Azure DevOps
• Azure Machine Learning
• HoloLens
• Internet Storage Name Service
• Microsoft Defender for Endpoint
• Microsoft Defender for IoT
• Microsoft Dynamics
• Microsoft Edge (Chromium-based)
• Microsoft Exchange Server
• Microsoft Graphics Component
• Microsoft Office
• Microsoft Office OneNote
• Microsoft Office Publisher
• Microsoft Office SharePoint
• Microsoft Office Word
• Microsoft PostScript Printer Driver
• Microsoft WDAC OLE DB provider for SQL
• Microsoft Windows Codecs Library
• Power BI
• SQL Server
• Visual Studio
• Windows Active Directory
• Windows ALPC
• Windows Common Log File System Driver
• Windows Cryptographic Services
• Windows Distributed File System (DFS)
• Windows Fax and Scan Service
• Windows HTTP.sys
• Windows Installer
• Windows iSCSI
• Windows Kerberos
• Windows MSHTML Platform
• Windows ODBC Driver
• Windows Protected EAP (PEAP)
• Windows SChannel
• Windows Win32K

Please note the following information regarding the security updates:
Security Update Guide Blog Posts

[table][tr]Date Blog Post [/tr] [tr][td]January 6, 2023[/td] [td]Publishing CBL-Mariner CVEs on the Security Update Guide CVRF API[/td] [/tr] [tr][td]December 29, 2022[/td] [td]Security Update Guide Improvement – Representing Hotpatch Updates[/td] [/tr] [tr][td]August 9, 2022[/td] [td]Security Update Guide Notification System News: Create your profile now[/td] [/tr] [tr][td]January 11, 2022[/td] [td]Coming Soon: New Security Update Guide Notification System[/td] [/tr] [tr][td]February 9, 2021[/td] [td]Continuing to Listen: Good News about the Security Update Guide API[/td] [/tr] [tr][td]January 13, 2021[/td] [td]Security Update Guide Supports CVEs Assigned by Industry Partners[/td] [/tr] [tr][td]December 8, 2020[/td] [td]Security Update Guide: Let’s keep the conversation going[/td] [/tr] [tr][td]November 9, 2020[/td] [td]Vulnerability Descriptions in the New Version of the Security Update Guide[/td] [/tr] [/table]
Relevant Information

• The new Hotpatching feature is now generally available. Please see Hotpatching feature for Windows Server Azure Edition virtual machines (VMs) for more information.
• Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
• Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.
• A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
• Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.

FAQs, Mitigations, and Workarounds

The following CVEs have FAQs, Mitigations, or Workarounds. You can see these in more detail from the Vulnerabilities tab by selecting FAQs, Mitigations and Workarounds columns in the Edit Columns panel.

• CVE-2019-15126
• CVE-2023-21528
• CVE-2023-21529
• CVE-2023-21553
• CVE-2023-21564
• CVE-2023-21566
• CVE-2023-21567
• CVE-2023-21568
• CVE-2023-21570
• CVE-2023-21571
• CVE-2023-21572
• CVE-2023-21573
• CVE-2023-21684
• CVE-2023-21685
• CVE-2023-21686
• CVE-2023-21687
• CVE-2023-21688
• CVE-2023-21689
• CVE-2023-21690
• CVE-2023-21691
• CVE-2023-21692
• CVE-2023-21693
• CVE-2023-21694
• CVE-2023-21695
• CVE-2023-21697
• CVE-2023-21699
• CVE-2023-21700
• CVE-2023-21703
• CVE-2023-21704
• CVE-2023-21705
• CVE-2023-21706
• CVE-2023-21707
• CVE-2023-21710
• CVE-2023-21713
• CVE-2023-21714
• CVE-2023-21715
• CVE-2023-21716
• CVE-2023-21717
• CVE-2023-21718
• CVE-2023-21720
• CVE-2023-21721
• CVE-2023-21722
• CVE-2023-21777
• CVE-2023-21778
• CVE-2023-21794
• CVE-2023-21797
• CVE-2023-21798
• CVE-2023-21799
• CVE-2023-21800
• CVE-2023-21801
• CVE-2023-21802
• CVE-2023-21803
• CVE-2023-21804
• CVE-2023-21805
• CVE-2023-21806
• CVE-2023-21807
• CVE-2023-21808
• CVE-2023-21809
• CVE-2023-21812
• CVE-2023-21815
• CVE-2023-21817
• CVE-2023-21820
• CVE-2023-21822
• CVE-2023-21823
• CVE-2023-23374
• CVE-2023-23376
• CVE-2023-23377
• CVE-2023-23378
• CVE-2023-23379
• CVE-2023-23381
• CVE-2023-23382
• CVE-2023-23390

Known Issues

You can see these in more detail from the Deployments tab by selecting Known Issues column in the Edit Columns panel.
For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).
[table][tr]KB Article Applies To [/tr] [tr][td]5022083[/td] [td]Change in how WPF-based applications render XPS documents[/td] [/tr] [tr][td]5022834[/td] [td]Windows 10, version 20H2, Windows 10, version 21H2, Windows 10, version 22H2[/td] [/tr] [tr][td]5022840[/td] [td]Windows 10, version 1809, Windows Server 2019[/td] [/tr] [tr][td]5022845[/td] [td]Windows 11 version 22H2[/td] [/tr] [tr][td]5022872[/td] [td]Windows Server 2008 R2 (Monthly Rollup)[/td] [/tr] [tr][td]5022874[/td] [td]Windows Server 2008 R2 (Security-only update)[/td] [/tr] [tr][td]5022890[/td] [td]Windows Server 2008 (Monthly Rollup)[/td] [/tr] [tr][td]5022893[/td] [td]Windows Server 2008 (Security-only update)[/td] [/tr] [tr][td]5022894[/td] [td]Windows Server 2012 R2 (Security-only update)[/td] [/tr] [tr][td]5022895[/td] [td]Windows Server 2012 (Security-only update)[/td] [/tr] [tr][td]5022899[/td] [td]Windows Server 2012 R2 (Monthly Rollup)[/td] [/tr] [tr][td]5022903[/td] [td]Windows Server 2012 (Monthly Rollup)[/td] [/tr] [/table]

Released: Feb 14, 2023