Windows 10: Microsoft's Patch Tuesday August update fixes 74 flaws

Microsoft has patched 74 flaws in its software as part of the company's Patch Tuesday upgrades for August 2023. Last month's update included 132 vulnerabilities, which seems like progress.

On August Patch Tuesday, Microsoft published 74 new CVEs, six of which were classified critical, and one zero-day vulnerability affecting.NET and Visual Studio. CVE-2023-20593 is a vulnerability that exists outside of the Microsoft product line and is related to the Zenbleed hole in specific AMD processors, requiring administrators to apply a microcode patch or BIOS update on vulnerable computers.


Microsoft Windows
30 Edge flaws have been fixed


In addition, Microsoft fixed 30 bugs in its Chromium-based Edge browser since last month's Patch Tuesday edition, as well as one side-channel weakness affecting certain AMD processor types (CVE-2023-20569 or Inception). According to Microsoft, downloading the new version "stops the attack chain," which led to the remote code execution flaw.

ADV230003 refers to a previously reported security flaw known as CVE-2023-36884, a remote code execution vulnerability in Office and Windows HTML that has been actively exploited by the Russia-linked RomCom threat actor in attacks against Ukraine as well as pro-Ukraine targets in Eastern Europe and North America.

Windows 11 KB5029263: What's new​

CVE-2023-38180, a.NET and Visual Studio denial-of-service vulnerability with a CVSS score of 7.5, is the August Patch Tuesday zero-day. Microsoft's CVE notes suggested the existence of proof-of-concept code. Because an attacker does not require privileges to activate the vulnerability, a threat actor with a presence in the organization's infrastructure can start an assault more easily.

Administrators must patch Microsoft Visual Studio 2022, .NET 7.0, .NET 6.0, and ASP.NET Core 2.1, which might take considerable time if a thorough patch management system is not in place.

Patches are also included for five privilege escalation flaws in the Windows Kernel (CVE-2023-35359, CVE-2023-35380, CVE-2023-35382, CVE-2023-35386, and CVE-2023-38154, CVSS scores: 7.8) that could be exploited by a threat actor with local access to the target machine to gain SYSTEM privileges.

Thank you for being a Ghacks reader. The post Microsoft's Patch Tuesday August update fixes 74 flaws appeared first on gHacks Technology News.

read more...

 

Microsoft's infamous 'Patch Tuesday' addresses seven flaws

Yesterday, Microsoft patched seven problems with Windows XP SP2. The three updates that were marked "critical"-

• An update to Windows Internet Explorer 7
• Windows Media Player patch
• Visual Studio 2005 fix

The last four updates marked "important" fix flaws in Outlook Express, the SNMP network management protocol, fix privelage problems, and patch a problem with remote installation services. You can read a full rundown of December's Patch Tuesday here. A recent flaw discovered in Microsoft Word remains unpatched.

Source: The Register

 

Microsoft delays Patch Tuesday as world awaits fix for SMB flaw

"Yesterday was the second Tuesday of February, and that means it should be Microsoft's Patch Tuesday. It should be a big Patch Tuesday, too. First, there's an in-the-wild zero-day flaw in SMB, Microsoft's file sharing protocol, that at the very least allows systems to be crashed, and the patch should be released today.

Second, Microsoft is continuing to tune the way updates are delivered to Windows 7, 8.1, Server 2008 R2, Server 2012, and Server 2012 R2. The company started moving to a Windows 10-like cumulative model last year in a bid to ensure that the configurations the company tested (all patches applied, all the time) matched the end-user experience. Each operating system is getting two packages a month: a "Monthly Rollup" and a "Security Only" update.

The "Monthly Rollup" contains both security fixes and general reliability improvements, and it's a cumulative update, incorporating both the current month's fixes and historic updates. The intent is to make it easier to get a freshly installed system up to date; instead of installing hundreds of individual fixes, the latest Monthly Rollup should do the job.

The "Security Only" package isn't cumulative, and it skips the general reliability improvements.

Starting this month, the Security Only package is changing a little. Previously, it contained both operating system and Internet Explorer fixes. Going forward, however, the Security Only package will only contain non-Internet Explorer fixes. A second package, the Cumulative Security Update for Internet Explorer, will apply browser fixes. Like the Monthly Rollup—and unlike the Security Only patch—the Internet Explorer package will be cumulative, containing both new and historic patches. Microsoft says this change is being made to reduce the size of the Security Only package.

The deployment system is also being refined to ensure that neither the Security Only patch nor the Internet Explorer patch will be installed on machines that have a current Monthly Rollup.

This is all well and good, except it's not happening. Due to a "last-minute issue," Microsoft has delayed this month's updates, and currently, there's no expected time of arrival. This delay may hint at one of the downsides of the combined patching: in the past, an individual fix might be held back due to a late-breaking problem, but other fixes could still be delivered on time as expected. With everything bundled—and, critically, tested—together, the company may be more reluctant to punt an individual fix to next month.

Still, if the delay means that Microsoft is avoiding shipping a fix that breaks people's computers, it's probably for the best."

https://arstechnica.com/information...tch-tuesday-as-world-awaits-fix-for-smb-flaw/

 

August Patch Tuesday updates for Windows 10

Microsoft has released Patch Tuesday updates to all of their products.

Windows 10 1803

KB4343909 is released for version 1803. The build number is 17134.228 after the update.

• 32 bit download
• 64 bit download

Windows 10 1709

KB4343897 is released for version 1709. The build number is 16299.611 after the update.

32 bit download

64 bit download

More details:

August Patch Tuesday updates now available - Your Windows Guide