August 2023 Patch Tuesday

tankerkiller125

It's yet again, another patch tuesday.

We have the following count of vulnerabilities this time:

• 23 Remote Code Execution
• 18 Elevation of Privilege
• 12 Spoofing
• 10 Information Disclosure
• 8 Denial of Service
• 3 Security Feature Bypass

Of those, 4 are listed as "Critical":

• CVE-2023-36910 - Message Queue Service RCE
• CVE-2023-36911 - Message Queue Service RCE
• CVE-2023-35385 - Message Queue Service RCE
• CVE-2023-21709 - Exchange Server Elevation of Privilege

Additionally there are two actively exploited vulnerabilities:

• CVE-20223-38180 - .NET and VS DoS
• ADV230003 - MS Office (CVE-2023-36884)

We'd also like to mention
CVE-2023-38170 as it's an HVEC codec remote code execution vulnerability for those with the HVEC extensions installed.

For the full list of vulnerabilities patched you can go to the release notes