[Zero-day] Microsoft release updates for 3 zero-days on October 2023's Patch Tuesday

[Zero-day] Microsoft release updates for 3 zero-days on October 2023's Patch Tuesday

Hey everyone, 


Microsoft has published updates for a total of 104 vulnerabilities in this Patch Tuesday. Of the total, 3 of these have been classified as  zero-days. 


Here are the details of the zero days:


CVE ID
Description
CVE-2023-44487
HTTP/2 Rapid Reset Attack
CVE-2023-36563
Microsoft WordPad Information Disclosure Vulnerability
CVE-2023-41763
Skype for Business Elevation of Privilege Vulnerability


These patches can be deployed to your endpoints seamlessly, using one of the following methods:


Note: Kindly ensure that a Vulnerability DB sync has been initiated and completed successfully before proceeding.


Method 1:


a. On the console, navigate to Patches > Missing Patches and create a filter.

b. The criterion for the filter should be: CVE ID - equal - <CVE ID of the respective vulnerability>

c. Once done, the missing patches in your network, corresponding to the particular CVE ID will be listed below. 


Method 2: 


a. Navigate to Patches > Top-Priority Patches

b. Select the required patches via the Patch ID

c. Click on Install/Publish Patches to deploy them


Here is a list of the patch IDs corresponding to the vulnerabilities: 

Patch IDBulletin IDDescription
37345MS23-OCT22023-10 Security Only Quality Update for Windows Server 2008 for x64-based Systems (KB5031411) (ESU) (CVE-2023-36563)
37344MS23-OCT22023-10 Security Only Quality Update for Windows Server 2008 for x86-based Systems (KB5031411) (ESU) (CVE-2023-36563)
37342MS23-OCT22023-10 Security Only Quality Update for Windows Server 2008 R2 for x64-based Systems (KB5031441) (ESU) (CVE-2023-36563)
37341MS23-OCT22023-10 Security Only Quality Update for Windows Embedded Standard 7 for x64-based Systems (KB5031441) (ESU) (CVE-2023-36563)
37343MS23-OCT22023-10 Security Only Quality Update for Windows Embedded Standard 7 for x86-based Systems (KB5031441) (ESU) (CVE-2023-36563)
37339MS23-OCT22023-10 Security Only Quality Update for Windows Server 2012 for x64-based Systems (KB5031427) (CVE-2023-36563)
37340MS23-OCT22023-10 Security Only Quality Update for Windows Server 2012 R2 for x64-based Systems (KB5031407) (CVE-2023-36563)
37359MS23-OCT32023-10 Cumulative Update for Windows 10 Version 21H2 for x64-based Systems (KB5031356) (CVE-2023-36563) (CVE-2023-44487)
37357MS23-OCT32023-10 Cumulative Update for Windows 10 Version 22H2 for x64-based Systems (KB5031356) (CVE-2023-36563) (CVE-2023-44487)
37356MS23-OCT32023-10 Cumulative Update for Windows 10 Version 21H2 for x86-based Systems (KB5031356) (CVE-2023-36563) (CVE-2023-44487)
37358MS23-OCT32023-10 Cumulative Update for Windows 10 Version 22H2 for x86-based Systems (KB5031356) (CVE-2023-36563) (CVE-2023-44487)
37363MS23-OCT32023-10 Cumulative Update for Windows 11 for ARM64-based Systems (KB5031358) (CVE-2023-36563) (CVE-2023-44487)
37362MS23-OCT32023-10 Cumulative Update for Windows 11 for x64-based Systems (KB5031358) (CVE-2023-36563) (CVE-2023-44487)
37367MS23-OCT32023-10 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB5031361) (CVE-2023-36563) (CVE-2023-44487)
37365MS23-OCT32023-10 Cumulative Update for Windows Server 2019 for x64-based Systems (KB5031361) (CVE-2023-36563) (CVE-2023-44487)
37366MS23-OCT32023-10 Cumulative Update for Windows 10 Version 1809 for x86-based Systems (KB5031361) (CVE-2023-36563) (CVE-2023-44487)
37354MS23-OCT32023-10 Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB5031362) (CVE-2023-36563) (CVE-2023-44487)
37355MS23-OCT32023-10 Cumulative Update for Windows Server 2016 for x64-based Systems (KB5031362) (CVE-2023-36563) (CVE-2023-44487)
37353MS23-OCT32023-10 Cumulative Update for Windows 10 Version 1607 for x86-based Systems (KB5031362) (CVE-2023-36563) (CVE-2023-44487)
37364MS23-OCT32023-10 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5031364) (CVE-2023-36563) (CVE-2023-44487)
37368MS23-OCT32023-10 Cumulative Update for Windows 10 Version 1507 for x64-based Systems (KB5031377) (CVE-2023-36563)
37369MS23-OCT32023-10 Cumulative Update for Windows 10 Version 1507 for x86-based Systems (KB5031377) (CVE-2023-36563)
37360MS23-OCT32023-10 Cumulative Update for Windows 11 Version 22H2 for arm64-based Systems (KB5031354) (CVE-2023-36563) (CVE-2023-44487)
37361MS23-OCT32023-10 Cumulative Update for Windows 11 Version 22H2 for x64-based Systems (KB5031354) (CVE-2023-36563) (CVE-2023-44487)
37351MS23-OCT62023-10 Security Monthly Quality Rollup for Windows Server 2008 for x64-based Systems (KB5031416) (ESU) (CVE-2023-36563)
37352MS23-OCT62023-10 Security Monthly Quality Rollup for Windows Server 2008 for x86-based Systems (KB5031416) (ESU) (CVE-2023-36563)
37348MS23-OCT62023-10 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems (KB5031408) (ESU) (CVE-2023-36563)
37350MS23-OCT62023-10 Security Monthly Quality Rollup for Windows Embedded Standard 7 for x64-based Systems (KB5031408) (ESU) (CVE-2023-36563)
37349MS23-OCT62023-10 Security Monthly Quality Rollup for Windows Embedded Standard 7 for x86-based Systems (KB5031408) (ESU) (CVE-2023-36563)
37346MS23-OCT62023-10 Security Monthly Quality Rollup for Windows Server 2012 for x64-based Systems (KB5031442) (CVE-2023-36563)
37347MS23-OCT62023-10 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems (KB5031419) (CVE-2023-36563)

Note: 

Microsoft has stated that updates for Skype for Business Server 2015 and 2019 will no longer be auto-installed. Hence users are requested to download and install the updates manually. 


Regards,

The ManageEngine Team


        New to M365 Manager Plus?
        New to M365 Manager Plus?
          New to RecoveryManager Plus?
          New to RecoveryManager Plus?
            New to Exchange Reporter Plus?
            New to Exchange Reporter Plus?
              New to SharePoint Manager Plus?
              New to SharePoint Manager Plus?
                See all integrations
                New to ADManager Plus?
                See all integrations
                New to ADManager Plus?

                  New to ADSelfService Plus?

                  Start your free trial
                  Start your free trial

                        Related Products