Security Bulletin text on the screen with a wolf in the background

< BACK TO BLOG

Actively Exploited Zero-day Vulnerabilities Patched in Microsoft’s September 2023 Patch Tuesday

Share :

On September 12, 2023, Microsoft published their September 2023 Security Update with patches for 59 vulnerabilities. Among these 59 vulnerabilities, Arctic Wolf has highlighted two in this bulletin that were reported by Microsoft to be under active exploitation.  

Impacted Product #1: Windows 

Windows Server 2022, Windows Server 2019, Windows 10 Version 1809 
Windows 10 Version 22H2, Windows 11 Version 22H2, Windows 10 Version 21H2, Windows 11 Version 21H2, Windows 10 Version 1809 

Vulnerabilities Impacting Windows:  

CVE-2023-36802  CVSS 7.8 – High  Actively exploited 

Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability – A threat actor with low privileges could exploit this vulnerability to gain SYSTEM privileges.  

  • Note: This vulnerability was added to CISA’s Known Exploited Vulnerabilities catalog. 

Impacted Product #2: Microsoft Office 

Microsoft Word 2013 Service Pack 1, Microsoft Word 2013 RT Service Pack 1, Microsoft Word 2016 
Microsoft Office LTSC 2021, Microsoft Office 2019  
Microsoft 365 Apps for Enterprise 

Vulnerabilities Impacting Microsoft Office: 

CVE-2023-36761  CVSS: 6.2 – Medium  Actively exploited 

Microsoft Word Information Disclosure Vulnerability – A threat actor could exploit this vulnerability to read the NTLM hashes of user’s passwords. The preview pane is a possible attack vector for this vulnerability. 

  • Note: This vulnerability was added to CISA’s Known Exploited Vulnerabilities catalog. 

Recommendations 

Recommendation: Apply Security Updates to Impacted Products 

Arctic Wolf strongly recommends applying the available security updates to all impacted products to prevent potential exploitation. 

Note: Please follow your organization’s patching and testing guidelines to avoid operational impact. 

Product  CVE  Update 
Microsoft Word 2013  CVE-2023-36761  Security Update: 5002483 
Microsoft Word 2016  CVE-2023-36761  Security Update: 5002497 
Microsoft 365 Apps for Enterprise  CVE-2023-36761  Security Update: Release Notes 
Microsoft Office 2019  CVE-2023-36761  Security Update: Release Notes 
Microsoft Office LTSC 2021  CVE-2023-36761  Security Update: Release Notes 
Windows 10 Version 22H2   CVE-2023-36802  Security Update: 5030211 
Windows 10 Version 21H2  CVE-2023-36802  Security Update: 5030211 
Windows 11 Version 22H2  CVE-2023-36802  Security Update: 5030219 
Windows 11 version 21H2  CVE-2023-36802  Security Update: 5030217 
Windows Server 2022  CVE-2023-36802  Security Update: 5030216
Azure HotPatch: 5030325 
Windows Server 2019   CVE-2023-36802  Security Update: 5030214 
Windows 10 Version 1809  CVE-2023-36802  Security Update: 5030214 

References 

Andres Ramos

Andres Ramos

Andres Ramos is a Threat Intelligence Researcher at Arctic Wolf with a strong background in tracking emerging threats and producing actionable intelligence for both technical and non-technical stakeholders. He has a diverse background encompassing various domains of cyber security and holds a bachelor’s degree in Cybersecurity Engineering.
Share :
Table of Contents
Categories
Subscribe to our Monthly Newsletter

Continue Reading