< BACK TO BLOG

September 14, 2023
by Andres Ramos

Actively Exploited Zero-day Vulnerabilities Patched in Microsoft’s September 2023 Patch Tuesday

On September 12, 2023, Microsoft published their September 2023 Security Update with patches for 59 vulnerabilities. Among these 59 vulnerabilities, Arctic Wolf has highlighted two in this bulletin that were reported by Microsoft to be under active exploitation.

Impacted Product #1: Windows

Windows Server 2022, Windows Server 2019

Windows 10 Version 22H2, Windows 11 Version 22H2, Windows 10 Version 21H2, Windows 11 Version 21H2, Windows 10 Version 1809

Vulnerabilities Impacting Windows:

CVE-2023-36802

CVSS 7.8 – High

Actively exploited

Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability – A threat actor with low privileges could exploit this vulnerability to gain SYSTEM privileges.

Note: This vulnerability was added to CISA’s Known Exploited Vulnerabilities catalog.

Impacted Product #2: Microsoft Office

Microsoft Word 2013 Service Pack 1, Microsoft Word 2013 RT Service Pack 1, Microsoft Word 2016

Microsoft Office LTSC 2021, Microsoft Office 2019

Microsoft 365 Apps for Enterprise

Vulnerabilities Impacting Microsoft Office:

CVE-2023-36761

CVSS: 6.2 – Medium

Actively exploited

Microsoft Word Information Disclosure Vulnerability – A threat actor could exploit this vulnerability to read the NTLM hashes of user’s passwords. The preview pane is a possible attack vector for this vulnerability.

Note: This vulnerability was added to CISA’s Known Exploited Vulnerabilities catalog.

Recommendations

Recommendation: Apply Security Updates to Impacted Products

Arctic Wolf strongly recommends applying the available security updates to all impacted products to prevent potential exploitation.

Note: Please follow your organization’s patching and testing guidelines to avoid operational impact.

Product	CVE	Update
Microsoft Word 2013	CVE-2023-36761	Security Update: 5002483
Microsoft Word 2016	CVE-2023-36761	Security Update: 5002497
Microsoft 365 Apps for Enterprise	CVE-2023-36761	Security Update: Release Notes
Microsoft Office 2019	CVE-2023-36761	Security Update: Release Notes
Microsoft Office LTSC 2021	CVE-2023-36761	Security Update: Release Notes
Windows 10 Version 22H2	CVE-2023-36802	Security Update: 5030211
Windows 10 Version 21H2	CVE-2023-36802	Security Update: 5030211
Windows 11 Version 22H2	CVE-2023-36802	Security Update: 5030219
Windows 11 version 21H2	CVE-2023-36802	Security Update: 5030217
Windows Server 2022	CVE-2023-36802	Security Update: 5030216 Azure HotPatch: 5030325
Windows Server 2019	CVE-2023-36802	Security Update: 5030214
Windows 10 Version 1809	CVE-2023-36802	Security Update: 5030214

References

Andres Ramos

Andres Ramos is a Threat Intelligence Researcher at Arctic Wolf with a strong background in tracking emerging threats and producing actionable intelligence for both technical and non-technical stakeholders. He has a diverse background encompassing various domains of cyber security, holds a degree in Cybersecurity Engineering, and is a CISSP.

Continue Reading

CVE-2024-29204, CVE-2024-24996: Critical Vulnerabilities in Ivanti Avalanche

© 2024 Arctic Wolf Networks Inc. All Rights Reserved.
Privacy Notice	Terms of Use	Cookie Policy	Accessibility Statement	Information Security	Sustainability Statement	Cookies Settings

SOLUTIONS

INDUSTRIES

Quickly detect, respond, and recover from advanced threats.

Detect and respond to advanced threats targeting your cloud infrastructure and applications.

Discover, assess, and harden your environment against digital risks.

Explore, harden, and simplify your cloud environment against misconfiguration vulnerabilities.

Engage and prepare employees to recognize and neutralize social engineering attacks.

Recover quickly from cyber attacks and breaches, from threat containment to business restoration.

HOW IT WORKS

Delivering security operations outcomes.

Collect, enrich, analyze.

Ecosystem integrations and technology partnerships.

Tailored security expertise and guided risk mitigation.

Security experts proactively protecting you 24×7.

Meet some of the security experts working alongside you and your team.

TRENDING RESOURCES

Understanding ransomware — from its origins to its impacts to the TTPs that allow ransomware gangs to exploit victim organizations and make off with millions in ransom payments and extortion fees.

The elite security researchers, data scientists, and security developers of Arctic Wolf Labs share forward-thinking insights along with practical guidance you can apply to protect your organization.

Learn how our Concierge Security® and Triage Security Teams help end cyber risk.

SECURITY BULLETINS

CVE-2024-29204, CVE-2024-24996: Critical Vulnerabilities in Ivanti Avalanche

CVE-2024-3400: Follow Up: Patches Released for Actively Exploited Critical Vulnerability in GlobalProtect Feature of PAN-OS

CVE-2024-26234 for Windows and CVE-2024-29053 for Defender for IOT highlighted in Microsoft’s April 2024 Patch Tuesday

COMPANY