[Zero-day] Microsoft release updates for 3 zero-days on October 2023's Patch Tuesday

Hey everyone,

Microsoft has published updates for a total of 104 vulnerabilities in this Patch Tuesday. Of the total, 3 of these have been classified as zero-days.

Here are the details of the zero days:

CVE ID	Description
CVE-2023-44487	HTTP/2 Rapid Reset Attack
CVE-2023-36563	Microsoft WordPad Information Disclosure Vulnerability
CVE-2023-41763	Skype for Business Elevation of Privilege Vulnerability

These patches can be deployed to your endpoints seamlessly, using one of the following methods:

Note: Kindly ensure that a Vulnerability DB sync has been initiated and completed successfully before proceeding.

Method 1:

a. On the console, navigate to Patches > Missing Patches and create a filter.

b. The criterion for the filter should be: CVE ID - equal - <CVE ID of the respective vulnerability>

c. Once done, the missing patches in your network, corresponding to the particular CVE ID will be listed below.

Method 2:

a. Navigate to Patches > Top-Priority Patches

b. Select the required patches via the Patch ID

c. Click on Install/Publish Patches to deploy them

Here is a list of the patch IDs corresponding to the vulnerabilities:

Patch ID	Bulletin ID	Description
37345	MS23-OCT2	2023-10 Security Only Quality Update for Windows Server 2008 for x64-based Systems (KB5031411) (ESU) (CVE-2023-36563)
37344	MS23-OCT2	2023-10 Security Only Quality Update for Windows Server 2008 for x86-based Systems (KB5031411) (ESU) (CVE-2023-36563)
37342	MS23-OCT2	2023-10 Security Only Quality Update for Windows Server 2008 R2 for x64-based Systems (KB5031441) (ESU) (CVE-2023-36563)
37341	MS23-OCT2	2023-10 Security Only Quality Update for Windows Embedded Standard 7 for x64-based Systems (KB5031441) (ESU) (CVE-2023-36563)
37343	MS23-OCT2	2023-10 Security Only Quality Update for Windows Embedded Standard 7 for x86-based Systems (KB5031441) (ESU) (CVE-2023-36563)
37339	MS23-OCT2	2023-10 Security Only Quality Update for Windows Server 2012 for x64-based Systems (KB5031427) (CVE-2023-36563)
37340	MS23-OCT2	2023-10 Security Only Quality Update for Windows Server 2012 R2 for x64-based Systems (KB5031407) (CVE-2023-36563)
37359	MS23-OCT3	2023-10 Cumulative Update for Windows 10 Version 21H2 for x64-based Systems (KB5031356) (CVE-2023-36563) (CVE-2023-44487)
37357	MS23-OCT3	2023-10 Cumulative Update for Windows 10 Version 22H2 for x64-based Systems (KB5031356) (CVE-2023-36563) (CVE-2023-44487)
37356	MS23-OCT3	2023-10 Cumulative Update for Windows 10 Version 21H2 for x86-based Systems (KB5031356) (CVE-2023-36563) (CVE-2023-44487)
37358	MS23-OCT3	2023-10 Cumulative Update for Windows 10 Version 22H2 for x86-based Systems (KB5031356) (CVE-2023-36563) (CVE-2023-44487)
37363	MS23-OCT3	2023-10 Cumulative Update for Windows 11 for ARM64-based Systems (KB5031358) (CVE-2023-36563) (CVE-2023-44487)
37362	MS23-OCT3	2023-10 Cumulative Update for Windows 11 for x64-based Systems (KB5031358) (CVE-2023-36563) (CVE-2023-44487)
37367	MS23-OCT3	2023-10 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB5031361) (CVE-2023-36563) (CVE-2023-44487)
37365	MS23-OCT3	2023-10 Cumulative Update for Windows Server 2019 for x64-based Systems (KB5031361) (CVE-2023-36563) (CVE-2023-44487)
37366	MS23-OCT3	2023-10 Cumulative Update for Windows 10 Version 1809 for x86-based Systems (KB5031361) (CVE-2023-36563) (CVE-2023-44487)
37354	MS23-OCT3	2023-10 Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB5031362) (CVE-2023-36563) (CVE-2023-44487)
37355	MS23-OCT3	2023-10 Cumulative Update for Windows Server 2016 for x64-based Systems (KB5031362) (CVE-2023-36563) (CVE-2023-44487)
37353	MS23-OCT3	2023-10 Cumulative Update for Windows 10 Version 1607 for x86-based Systems (KB5031362) (CVE-2023-36563) (CVE-2023-44487)
37364	MS23-OCT3	2023-10 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5031364) (CVE-2023-36563) (CVE-2023-44487)
37368	MS23-OCT3	2023-10 Cumulative Update for Windows 10 Version 1507 for x64-based Systems (KB5031377) (CVE-2023-36563)
37369	MS23-OCT3	2023-10 Cumulative Update for Windows 10 Version 1507 for x86-based Systems (KB5031377) (CVE-2023-36563)
37360	MS23-OCT3	2023-10 Cumulative Update for Windows 11 Version 22H2 for arm64-based Systems (KB5031354) (CVE-2023-36563) (CVE-2023-44487)
37361	MS23-OCT3	2023-10 Cumulative Update for Windows 11 Version 22H2 for x64-based Systems (KB5031354) (CVE-2023-36563) (CVE-2023-44487)
37351	MS23-OCT6	2023-10 Security Monthly Quality Rollup for Windows Server 2008 for x64-based Systems (KB5031416) (ESU) (CVE-2023-36563)
37352	MS23-OCT6	2023-10 Security Monthly Quality Rollup for Windows Server 2008 for x86-based Systems (KB5031416) (ESU) (CVE-2023-36563)
37348	MS23-OCT6	2023-10 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems (KB5031408) (ESU) (CVE-2023-36563)
37350	MS23-OCT6	2023-10 Security Monthly Quality Rollup for Windows Embedded Standard 7 for x64-based Systems (KB5031408) (ESU) (CVE-2023-36563)
37349	MS23-OCT6	2023-10 Security Monthly Quality Rollup for Windows Embedded Standard 7 for x86-based Systems (KB5031408) (ESU) (CVE-2023-36563)
37346	MS23-OCT6	2023-10 Security Monthly Quality Rollup for Windows Server 2012 for x64-based Systems (KB5031442) (CVE-2023-36563)
37347	MS23-OCT6	2023-10 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems (KB5031419) (CVE-2023-36563)

Note:

Microsoft has stated that updates for Skype for Business Server 2015 and 2019 will no longer be auto-installed. Hence users are requested to download and install the updates manually.

Regards,

The ManageEngine Team