August 2023 Patch Tuesday
-
It's yet again, another patch tuesday.
We have the following count of vulnerabilities this time:
- 23 Remote Code Execution
- 18 Elevation of Privilege
- 12 Spoofing
- 10 Information Disclosure
- 8 Denial of Service
- 3 Security Feature Bypass
Of those, 4 are listed as "Critical":
- CVE-2023-36910 - Message Queue Service RCE
- CVE-2023-36911 - Message Queue Service RCE
- CVE-2023-35385 - Message Queue Service RCE
- CVE-2023-21709 - Exchange Server Elevation of Privilege
Additionally there are two actively exploited vulnerabilities:
- CVE-20223-38180 - .NET and VS DoS
- ADV230003 - MS Office (CVE-2023-36884)
We'd also like to mention
CVE-2023-38170 as it's an HVEC codec remote code execution vulnerability for those with the HVEC extensions installed.For the full list of vulnerabilities patched you can go to the release notes