August 16, 2023
Microsoft announced fixes for 86 new CVEs this month, including 6 Microsoft-rated critical vulnerabilities. This month there were 2 new zero-day vulnerabilities disclosed; also, there were 2 updates to previously reported exploitable vulnerabilities (ADV230001 and CVE-2023-36884). Additionally, there were 2 new advisories and 5 other updates to previously released CVEs and advisories.
Of the 88 new vulnerabilities, the fix sources break down as follows:
This month’s headline issues are the two (2) zero-day vulnerabilities released. The first zero-day vulnerability (ADV230003) impacts a transitive path to a previously released MS Office vulnerability. According to Microsoft
Yes, this defense-in-depth update is not a vulnerability update, but installing this update stops the attack chain leading to the Windows Search Remote Code Execution Vulnerability (CVE-2023-36884). Microsoft recommends installing the Office updates discussed in this advisory as well as installing the Windows updates from August 2023.
The second zero-day vulnerability (CVE-2023-38180) relates to a Denial of Service (DoS) attack through the .NET framework and the Visual Studio product.
As these zero days show, we are under constant attack with an ever more varied approach to these attacks. We must continue our in-depth defense efforts if we are to thwart these adversaries. The zero-day vulnerabilities are as follows:
Breaking down the 88 vulnerabilities further by impact type, we can see that remote code execution again leads the way this month, with elevation of privilege following closely behind it.
Furthermore, as seen below, these vulnerabilities vary in how likely they are to be exploited, with 12% of the vulnerabilities this month either already exploited or highly likely to be exploited, as ranked by the Microsoft Exploitability Index.
As always, Balbix can identify all affected assets within hours of release. There are no scans to run. Balbix customers simply search for the CVE name in their Balbix dashboard to view the list of affected assets. Filtered search functionality can also be used to search for the CVE by site, subnet, location, or other distinguishing factors.