Advisories

MA-971.092023: MyCERT Advisory - Microsoft Releases September 2023 Updates
  •   16 Sep 2023
  •   Advisory
  •   microsoft, update

1.0 Introduction

Recently, Microsoft has released updates to address multiple vulnerabilities in Microsoft software.

2.0 Impact
A cyber threat actor can exploit some of these vulnerabilities to take control of an affected system.

3.0 Affected Products
This release consists of the following 59 Microsoft CVEs:

TagCVEBase ScoreCVSS VectorExploitabilityFAQs?Workarounds?Mitigations?
Microsoft Azure Kubernetes ServiceCVE-2023-293327.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Azure DevOpsCVE-2023-331368.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:T/RC:CExploitation Less LikelyYesNoNo
Windows Cloud Files Mini Filter DriverCVE-2023-353557.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Microsoft Identity Linux BrokerCVE-2023-367364.4CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
3D ViewerCVE-2023-367397.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation UnlikelyYesNoNo
3D ViewerCVE-2023-367407.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation UnlikelyYesNoNo
Visual Studio CodeCVE-2023-367427.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Microsoft Exchange ServerCVE-2023-367448.0CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation More LikelyYesNoNo
Microsoft Exchange ServerCVE-2023-367458.0CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation More LikelyYesNoNo
Microsoft Exchange ServerCVE-2023-367568.0CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation More LikelyYesNoNo
Microsoft Exchange ServerCVE-2023-367578.0CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Visual StudioCVE-2023-367587.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Visual StudioCVE-2023-367596.7CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
3D ViewerCVE-2023-367607.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Microsoft Office WordCVE-2023-367616.2CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:CExploitation DetectedYesNoNo
Microsoft Office WordCVE-2023-367627.3CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:CExploitation UnlikelyYesNoNo
Microsoft Office OutlookCVE-2023-367637.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Microsoft Office SharePointCVE-2023-367648.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Microsoft OfficeCVE-2023-367657.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Microsoft Office ExcelCVE-2023-367667.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Microsoft OfficeCVE-2023-367674.3CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
3D BuilderCVE-2023-367707.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
3D BuilderCVE-2023-367717.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
3D BuilderCVE-2023-367727.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
3D BuilderCVE-2023-367737.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Microsoft Exchange ServerCVE-2023-367775.7CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:CExploitation More LikelyYesNoNo
.NET FrameworkCVE-2023-367887.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
.NET and Visual StudioCVE-2023-367927.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
.NET and Visual StudioCVE-2023-367937.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
.NET and Visual StudioCVE-2023-367947.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
.NET and Visual StudioCVE-2023-367967.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
.NET Core & Visual StudioCVE-2023-367996.5CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Microsoft Dynamics Finance & OperationsCVE-2023-368007.6CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows DHCP ServerCVE-2023-368015.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:CExploitation Less LikelyYesNoYes
Microsoft Streaming ServiceCVE-2023-368027.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation DetectedYesNoNo
Windows KernelCVE-2023-368035.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows GDICVE-2023-368047.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation More LikelyYesNoNo
Windows ScriptingCVE-2023-368057.0CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Microsoft DynamicsCVE-2023-368867.6CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows KernelCVE-2023-381397.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows KernelCVE-2023-381405.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows KernelCVE-2023-381417.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows KernelCVE-2023-381427.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation More LikelyYesNoNo
Windows Common Log File System DriverCVE-2023-381437.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation More LikelyYesNoNo
Windows Common Log File System DriverCVE-2023-381447.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation More LikelyYesNoNo
Windows ThemesCVE-2023-381468.8CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Microsoft Windows Codecs LibraryCVE-2023-381478.8CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows Internet Connection Sharing (ICS)CVE-2023-381488.8CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation More LikelyYesNoYes
Windows TCP/IPCVE-2023-381497.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:CExploitation Less LikelyNoYesYes
Windows KernelCVE-2023-381507.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows DHCP ServerCVE-2023-381525.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:CExploitation More LikelyYesNoYes
Azure DevOpsCVE-2023-381557.0CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:CExploitation Less LikelyYesNoNo
Azure HDInsightsCVE-2023-381567.2CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows TCP/IPCVE-2023-381605.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:CExploitation More LikelyYesNoNo
Windows GDICVE-2023-381617.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation More LikelyYesNoNo
Windows DHCP ServerCVE-2023-381627.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:CExploitation Less LikelyNoNoYes
Windows DefenderCVE-2023-381637.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Microsoft DynamicsCVE-2023-381647.6CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Microsoft OfficeCVE-2023-417645.5CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo

We are republishing 7 non-Microsoft CVEs:

CNATagCVEFAQs?Workarounds?Mitigations?
Autodesk3D ViewerCVE-2022-41303YesNoNo
ElectronVisual Studio CodeCVE-2023-39956YesNoNo
ChromeMicrosoft Edge (Chromium-based)CVE-2023-4761YesNoNo
ChromeMicrosoft Edge (Chromium-based)CVE-2023-4762YesNoNo
ChromeMicrosoft Edge (Chromium-based)CVE-2023-4763YesNoNo
ChromeMicrosoft Edge (Chromium-based)CVE-2023-4764YesNoNo
ChromeMicrosoft Edge (Chromium-based)CVE-2023-4863YesNoNo

4.0 Recommendations
MyCERT encourages users and administrators to review Microsoft’s September 2023 Security Update Guide and apply the necessary updates.

Kindly refer to the following link: https://msrc.microsoft.com/update-guide/releaseNote/2023-Sep

Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:

E-mail: cyber999[at]cybersecurity.my 
Phone: 1-300-88-2999 (monitored during business hours) 
Mobile: +60 19 2665850 (24x7 call incident reporting) 
Business Hours: Mon - Fri 09:00 -18:00 MYT 
Web: https://www.mycert.org.my 
Twitter: https://twitter.com/mycert 
Facebook: https://www.facebook.com/mycert.org.my

5.0    References

Popular Advisories
Archives