[Zero-day] Microsoft release updates for 3 zero-days on October 2023's Patch Tuesday

[Zero-day] Microsoft release updates for 3 zero-days on October 2023's Patch Tuesday

Hey everyone, 


Microsoft has published updates for a total of 104 vulnerabilities in this Patch Tuesday. Of the total, 3 of these have been classified as  zero-days. 


Here are the details of the zero days:


CVE ID
Description
CVE-2023-44487
HTTP/2 Rapid Reset Attack
CVE-2023-36563
Microsoft WordPad Information Disclosure Vulnerability
CVE-2023-41763
Skype for Business Elevation of Privilege Vulnerability


These patches can be deployed to your endpoints seamlessly, using one of the following methods:


Note: Kindly ensure that a Vulnerability DB sync has been initiated and completed successfully before proceeding.


Method 1:


a. On the console, navigate to Patches > Missing Patches and create a filter.

b. The criterion for the filter should be: CVE ID - equal - <CVE ID of the respective vulnerability>

c. Once done, the missing patches in your network, corresponding to the particular CVE ID will be listed below. 


Method 2: 


a. Navigate to Patches > Top-Priority Patches

b. Select the required patches via the Patch ID

c. Click on Install/Publish Patches to deploy them


Here is a list of the patch IDs corresponding to the vulnerabilities: 

Patch IDBulletin IDDescription
37345MS23-OCT22023-10 Security Only Quality Update for Windows Server 2008 for x64-based Systems (KB5031411) (ESU) (CVE-2023-36563)
37344MS23-OCT22023-10 Security Only Quality Update for Windows Server 2008 for x86-based Systems (KB5031411) (ESU) (CVE-2023-36563)
37342MS23-OCT22023-10 Security Only Quality Update for Windows Server 2008 R2 for x64-based Systems (KB5031441) (ESU) (CVE-2023-36563)
37341MS23-OCT22023-10 Security Only Quality Update for Windows Embedded Standard 7 for x64-based Systems (KB5031441) (ESU) (CVE-2023-36563)
37343MS23-OCT22023-10 Security Only Quality Update for Windows Embedded Standard 7 for x86-based Systems (KB5031441) (ESU) (CVE-2023-36563)
37339MS23-OCT22023-10 Security Only Quality Update for Windows Server 2012 for x64-based Systems (KB5031427) (CVE-2023-36563)
37340MS23-OCT22023-10 Security Only Quality Update for Windows Server 2012 R2 for x64-based Systems (KB5031407) (CVE-2023-36563)
37359MS23-OCT32023-10 Cumulative Update for Windows 10 Version 21H2 for x64-based Systems (KB5031356) (CVE-2023-36563) (CVE-2023-44487)
37357MS23-OCT32023-10 Cumulative Update for Windows 10 Version 22H2 for x64-based Systems (KB5031356) (CVE-2023-36563) (CVE-2023-44487)
37356MS23-OCT32023-10 Cumulative Update for Windows 10 Version 21H2 for x86-based Systems (KB5031356) (CVE-2023-36563) (CVE-2023-44487)
37358MS23-OCT32023-10 Cumulative Update for Windows 10 Version 22H2 for x86-based Systems (KB5031356) (CVE-2023-36563) (CVE-2023-44487)
37363MS23-OCT32023-10 Cumulative Update for Windows 11 for ARM64-based Systems (KB5031358) (CVE-2023-36563) (CVE-2023-44487)
37362MS23-OCT32023-10 Cumulative Update for Windows 11 for x64-based Systems (KB5031358) (CVE-2023-36563) (CVE-2023-44487)
37367MS23-OCT32023-10 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB5031361) (CVE-2023-36563) (CVE-2023-44487)
37365MS23-OCT32023-10 Cumulative Update for Windows Server 2019 for x64-based Systems (KB5031361) (CVE-2023-36563) (CVE-2023-44487)
37366MS23-OCT32023-10 Cumulative Update for Windows 10 Version 1809 for x86-based Systems (KB5031361) (CVE-2023-36563) (CVE-2023-44487)
37354MS23-OCT32023-10 Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB5031362) (CVE-2023-36563) (CVE-2023-44487)
37355MS23-OCT32023-10 Cumulative Update for Windows Server 2016 for x64-based Systems (KB5031362) (CVE-2023-36563) (CVE-2023-44487)
37353MS23-OCT32023-10 Cumulative Update for Windows 10 Version 1607 for x86-based Systems (KB5031362) (CVE-2023-36563) (CVE-2023-44487)
37364MS23-OCT32023-10 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5031364) (CVE-2023-36563) (CVE-2023-44487)
37368MS23-OCT32023-10 Cumulative Update for Windows 10 Version 1507 for x64-based Systems (KB5031377) (CVE-2023-36563)
37369MS23-OCT32023-10 Cumulative Update for Windows 10 Version 1507 for x86-based Systems (KB5031377) (CVE-2023-36563)
37360MS23-OCT32023-10 Cumulative Update for Windows 11 Version 22H2 for arm64-based Systems (KB5031354) (CVE-2023-36563) (CVE-2023-44487)
37361MS23-OCT32023-10 Cumulative Update for Windows 11 Version 22H2 for x64-based Systems (KB5031354) (CVE-2023-36563) (CVE-2023-44487)
37351MS23-OCT62023-10 Security Monthly Quality Rollup for Windows Server 2008 for x64-based Systems (KB5031416) (ESU) (CVE-2023-36563)
37352MS23-OCT62023-10 Security Monthly Quality Rollup for Windows Server 2008 for x86-based Systems (KB5031416) (ESU) (CVE-2023-36563)
37348MS23-OCT62023-10 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems (KB5031408) (ESU) (CVE-2023-36563)
37350MS23-OCT62023-10 Security Monthly Quality Rollup for Windows Embedded Standard 7 for x64-based Systems (KB5031408) (ESU) (CVE-2023-36563)
37349MS23-OCT62023-10 Security Monthly Quality Rollup for Windows Embedded Standard 7 for x86-based Systems (KB5031408) (ESU) (CVE-2023-36563)
37346MS23-OCT62023-10 Security Monthly Quality Rollup for Windows Server 2012 for x64-based Systems (KB5031442) (CVE-2023-36563)
37347MS23-OCT62023-10 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems (KB5031419) (CVE-2023-36563)

Note: 

Microsoft has stated that updates for Skype for Business Server 2015 and 2019 will no longer be auto-installed. Hence users are requested to download and install the updates manually. 


Regards,

The ManageEngine Team

                  New to ADSelfService Plus?