Overview
On September 13, NSFOCUS CERT found that Microsoft had released a security update patch for September, fixing 61 security issues, involving Microsoft SharePoint Server, Visual Studio, Internet Connection Sharing (ICS), Microsoft Azure Kubernetes Service, Microsoft Exchange and other widely used products, including high-risk vulnerability types such as privilege enhancement, remote code execution, etc.
Among the vulnerabilities fixed in Microsoft’s monthly updates this month, there are 5 critical vulnerabilities and 55 important vulnerabilities. This includes two vulnerabilities that exist for exploitation in the wild:
Microsoft Streaming Service Proxy Privilege Escalation Vulnerability (CVS 2023-36802)
Microsoft Word Information Disclosure Vulnerability (CVS 2023-36761)
Please update the patch as soon as possible for protection. Please refer to the appendix for a complete list of vulnerabilities.
Reference link: https://msrc.microsoft.com/update-guide/releaseNote/2023-Sep
Key Vulnerabilities
Microsoft Streaming Service Proxy Privilege Escalation Vulnerability (CVS 2023-36802):
Microsoft Streaming Service Proxy has a privilege escalation vulnerability, which allows local attackers with low privileges to successfully exploit the SYSTEM privileges without user interaction. The vulnerability is exploited in the wild, with a CVSS score of 7.8.
Official announcement link:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36802
Microsoft Word Information Disclosure Vulnerability (CVS 2023-36761):
There is an information leakage vulnerability in Microsoft Word, which can be successfully exploited by local attackers without authentication to cause NTLM hash leakage, and the preview pane is also an attack medium. This vulnerability is exploited in the wild, with a CVSS score of 6.2.
Official announcement link:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36761
Visual Studio Arbitrary Code Execution Vulnerability (CVE-2023-36796/CVE-2023-36792/CVE-2023-36793):
There is an arbitrary code execution vulnerability in Visual Studio, which can be exploited by unauthorized local attackers by inducing users to open specially crafted malicious files in Visual Studio, ultimately enabling the execution of arbitrary code on the target system. The CVSS score is 7.8.
Official link announcement:
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-36796
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-36792
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-36793
Internet Connection Sharing (ICS) Remote Code Execution Vulnerability (CVS 2023-38148):
There is a remote code execution vulnerability in Internet Connection Sharing (ICS), where an unauthenticated attacker can exploit this vulnerability by sending a crafted packet to the ICS server when the attacker and victim are on the same network, ultimately achieving arbitrary code execution on the target system. The CVSS score is 8.8.
Official announcement link:
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-38148
Microsoft Azure Kubernetes Service Privilege Escalation Vulnerability (CVS 2023-29332):
There is a privilege escalation vulnerability in the Microsoft Azure Kubernetes Service, which allows unauthenticated remote attackers to gain cluster administrator privileges due to security restrictions in the service. The CVSS score is 7.5.
Official announcement link:
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-29332
Microsoft SharePoint Server privilege escalation vulnerability (CVE-2023-36764):
There is a privilege escalation vulnerability in Microsoft SharePoint Server, which can be exploited by an authenticated remote attacker by creating an ASP. NET web page with a crafted declaration tag. A successful attacker can gain administrator privileges. The CVSS score is 8.8.
Official announcement link:
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-36764
Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2023-36744/CVE-2023-36756):
There is a remote code execution vulnerability in Microsoft Exchange servers, where authenticated attackers with LAN access and valid Exchange user credentials can trigger malicious code in the server’s context through network calls, leading to remote code execution. The CVSS score is 8.0.
Official announcement link:
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-36744
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-36756
Scope of Impact
The followings are some affected product versions that focus on vulnerabilities. For other product ranges affected by vulnerabilities, please refer to the official announcement link.
| Vulnerability number | Affected product version |
| CVE-2023-36802 | Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64 based Systems Windows 10 Version 22H2 for x64 based Systems Windows 11 Version 22H2 for x64 based Systems Windows 11 Version 22H2 for ARM64 based Systems Windows 10 Version 21H2 for x64 based Systems Windows 10 Version 21H2 for ARM64 based Systems Windows 10 Version 21H2 for 32 bit Systems Windows 11 version 21H2 for ARM64 based Systems Windows 11 version 21H2 for x64 based Systems Windows Server 2022 (Server Core Installation) Windows Server 2022 Windows Server 2019 (Server Core Installation) Windows Server 2019 Windows 10 Version 1809 for ARM64 based Systems Windows 10 Version 1809 for x64 based Systems Windows 10 Version 1809 for 32-bit Systems |
| CVE-2023-36761 | Microsoft Word 2013 Service Pack 1 (64 bit editions) Microsoft Word 2013 Service Pack 1 (32 bit editions) Microsoft Word 2013 RT Service Pack 1 Microsoft Word 2016 (64 bit edition) Microsoft Word 2016 (32 bit edition) Microsoft Office LTSC 2021 for 32 bit editions Microsoft Office LTSC 2021 for 64 bit editions Microsoft 365 Apps for Enterprise for 64 bit Systems Microsoft 365 Apps for Enterprise for 32 bit Systems Microsoft Office 2019 for 64 bit editions Microsoft Office 2019 for 32 bit editions |
| CVE-2023-36796 CVE-2023-36793 | Microsoft. NET Framework 3.5.1 Microsoft. NET Framework 3.5 Microsoft. NET Framework 3.0 Service Pack 2 Microsoft. NET Framework 2.0 Service Pack 2 Microsoft. NET Framework 4.6.2 Microsoft. NET Framework 3.5 AND 4.8.1 Microsoft. NET Framework 4.6.2/4.7/4.7.1/4.7.2 Microsoft. NET Framework 3.5 AND 4.7.2 Microsoft. NET Framework 4.8 Microsoft. NET Framework 3.5 AND 4.8 . NET 6.0 . NET 7.0 Microsoft Visual Studio 2022 version 17.4 Microsoft Visual Studio 2019 version 16.11 (includes 16.0-16.10) Microsoft Visual Studio 2022 version 17.2 Microsoft Visual Studio 2017 version 15.9 (includes 15.0-15.8) Microsoft Visual Studio 2022 version 17.7 Microsoft Visual Studio 2022 version 17.6 |
| CVE-2023-36792 | Microsoft. NET Framework 3.5.1 Microsoft. NET Framework 3.5 Microsoft. NET Framework 2.0 Service Pack 2 Microsoft. NET Framework 3.0 Service Pack 2 Microsoft. NET Framework 3.5 AND 4.8 Microsoft. NET Framework 4.6.2 Microsoft. NET Framework 3.5 AND 4.8.1 Microsoft. NET Framework 4.8 Microsoft. NET Framework 4.6.2/4.7/4.7.1/4.7.2 Microsoft. NET Framework 3.5 AND 4.7.2 Microsoft Visual Studio 2022 version 17.7 . NET 7.0 . NET 6.0 Microsoft Visual Studio 2022 version 17.4 Microsoft Visual Studio 2019 version 16.11 (includes 16.0-16.10) Microsoft Visual Studio 2022 version 17.2 Microsoft Visual Studio 2017 version 15.9 (includes 15.0-15.8) |
| CVS 2023-38148 | Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64 based Systems Windows 10 Version 22H2 for x64 based Systems Windows 11 Version 22H2 for x64 based Systems Windows 11 Version 22H2 for ARM64 based Systems Windows 10 Version 21H2 for x64 based Systems Windows 10 Version 21H2 for ARM64 based Systems Windows 10 Version 21H2 for 32 bit Systems Windows 11 version 21H2 for ARM64 based Systems Windows 11 version 21H2 for x64 based Systems Windows Server 2022 (Server Core Installation) Windows Server 2022 |
| CVS 2023-29332 | Azure Kubernetes Service |
| CVE-2023-36764 | Microsoft SharePoint Server Subscription Edition Microsoft SharePoint Server 2019 Microsoft SharePoint Enterprise Server 2016 |
| CVE-2023-36744 CVE-2023-36756 | Microsoft Exchange Server 2019 Cumulative Update 12 Microsoft Exchange Server 2019 Cumulative Update 13 Microsoft Exchange Server 2016 Cumulative Update 23 |
Mitigation
At present, Microsoft has officially released security patches to fix the above vulnerabilities for supported product versions. It is strongly recommended that affected users install the patch as soon as possible for protection. The official download link is:
https://msrc.microsoft.com/update-guide/releaseNote/2023-Sep
Note: Due to network issues, computer environment issues, and other reasons, patch updates for Windows Update may fail. After installing the patch, users should promptly check whether the patch has been successfully updated.
Right click on the Windows icon, select “Settings”, select “Updates and Security” – “Windows Update” to view the prompts on this page, or click “View Update History” to view the historical update status. For updates that have not been successfully installed, you can click on the update name to go to the Microsoft official download page. It is recommended that users click on the link on this page and go to the “Microsoft Update Directory” website to download and install the independent package.
Appendix
| Impact product | CVE number | Vulnerability Title | Severity |
| . NET and Visual Studio | CVE-2023-36796 | Visual Studio Remote Code Execution Vulnerability | Critical |
| . NET and Visual Studio | CVE-2023-36792 | Visual Studio Remote Code Execution Vulnerability | Critical |
| . NET and Visual Studio | CVE-2023-36793 | Visual Studio Remote Code Execution Vulnerability | Critical |
| Microsoft Azure Kubernetes Service | CVS 2023-29332 | Microsoft Azure Kubernetes Service Privilege Escalation Vulnerability | Critical |
| Windows Internet Connection Sharing (ICS) | CVS 2023-38148 | Internet Connection Sharing (ICS) Remote Code Execution Vulnerability | Critical |
| . NET and Visual Studio | CVE-2023-36794 | Visual Studio Remote Code Execution Vulnerability | Important |
| . NET Core&Visual Studio | CVE-2023-36799 | . NET Core and Visual Studio Denial of Service Vulnerability | Important |
| . NET Framework | CVE-2023-36788 | . NET Framework Remote Execution Code Vulnerability | Important |
| 3D Builder | CVE-2023-36772 | 3D Generator Remote Execution Code Vulnerability | Important |
| 3D Builder | CVE-2023-36771 | 3D Generator Remote Execution Code Vulnerability | Important |
| 3D Builder | CVE-2023-36770 | 3D Generator Remote Execution Code Vulnerability | Important |
| 3D Builder | CVE-2023-36773 | 3D Generator Remote Execution Code Vulnerability | Important |
| 3D Viewer | CVE-2022-41303 | AutoDesk: Autodesk ® FBX ® Vulnerability in SDK 2022 or earlier for post release use of CVE-41303-2020 | Important |
| 3D Viewer | CVE-2023-36760 | 3D Viewer Remote Execution Code Vulnerability | Important |
| 3D Viewer | CVE-2023-36740 | 3D Viewer Remote Execution Code Vulnerability | Important |
| 3D Viewer | CVE-2023-36739 | 3D Viewer Remote Execution Code Vulnerability | Important |
| Azure DevOps | CVE-2023-33136 | Azure DevOps Server Remote Code Execution Vulnerability | Important |
| Azure DevOps | CVS 2023-38155 | Azure DevOps Server Remote Code Execution Vulnerability | Important |
| Azure HDInsights | CVE-2023-38156 | Azure HDInsight Apache Ambari Elevation of Privilege Vulnerability | Important |
| Microsoft Dynamics | CVE-2023-38164 | Microsoft Dynamics 365 (Local) Cross Site Scripting Vulnerability | Important |
| Microsoft Dynamics | CVE-2023-36886 | Microsoft Dynamics 365 (Local) Cross Site Scripting Vulnerability | Important |
| Microsoft Dynamics Finance&Operations | CVE-2023-36800 | Dynamic Finance and Operations Cross Site Scripting Vulnerability | Important |
| Microsoft Exchange Server | CVE-2023-36744 | Microsoft Exchange Server Remote Code Execution Vulnerability | Important |
| Microsoft Exchange Server | CVE-2023-36756 | Microsoft Exchange Server Remote Code Execution Vulnerability | Important |
| Microsoft Exchange Server | CVE-2023-36745 | Microsoft Exchange Server Remote Code Execution Vulnerability | Important |
| Microsoft Exchange Server | CVE-2023-36777 | Microsoft Exchange Server Information Disclosure Vulnerability | Important |
| Microsoft Exchange Server | CVE-2023-36757 | Microsoft Exchange Server Spoofing Vulnerability | Important |
| Microsoft Identity Linux Broker | CVE-2023-36736 | Microsoft Identity Linux Proxy Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2023-36767 | Microsoft Office Security Feature Bypass Vulnerability | Important |
| Microsoft Office | CVE-2023-36765 | Microsoft Office Privilege Escalation Vulnerability | Important |
| Microsoft Office Excel | CVE-2023-36766 | Microsoft Excel Information Disclosure Vulnerability | Important |
| Microsoft Office Outlook | CVE-2023-36763 | Microsoft Outlook Information Disclosure Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2023-36764 | Microsoft SharePoint Server Privilege Escalation Vulnerability | Important |
| Microsoft Office Word | CVE-2023-36761 | Microsoft Word Information Disclosure Vulnerability | Important |
| Microsoft Office Word | CVE-2023-36762 | Microsoft Word Remote Execution Code Vulnerability | Important |
| Microsoft Streaming Service | CVE-2023-36802 | Microsoft Streaming Service Proxy Privilege Escalation Vulnerability | Important |
| Microsoft Windows Codecs Library | CVE-2023-38147 | Windows Miracast Wireless Display Remote Code Execution Vulnerability | Important |
| Visual Studio | CVE-2023-36758 | Visual Studio Permission Elevation Vulnerability | Important |
| Visual Studio | CVE-2023-36759 | Visual Studio Permission Elevation Vulnerability | Important |
| Visual Studio Code | CVE-2023-36742 | Visual Studio Code Remote Code Execution Vulnerability | Important |
| Visual Studio Code | CVE-2023-39956 | Electronic: CVE-2023-39956- Visual Studio Code Remote Code Execution Vulnerability | Important |
| Windows Cloud Files Mini Filter Driver | CVE-2023-35355 | Windows Cloud File Minifilter Driver Privilege Escalation Vulnerability | Important |
| Windows Common Log File System Driver | CVS 2023-38143 | Windows Common Log File System Driver Privilege Escalation Vulnerability | Important |
| Windows Common Log File System Driver | CVS 2023-38144 | Windows Common Log File System Driver Privilege Escalation Vulnerability | Important |
| Windows Defender | CVE-2023-38163 | Windows Defender attack surface reduces security feature bypass | Important |
| Windows DHCP Server | CVS 2023-38152 | DHCP Server Service Information Disclosure Vulnerability | Important |
| Windows DHCP Server | CVE-2023-38162 | DHCP Server Service Denial of Service Vulnerability | Important |
| Windows DHCP Server | CVE-2023-36801 | DHCP Server Service Information Disclosure Vulnerability | Important |
| Windows GDI | CVE-2023-36804 | Windows GDI privilege escalation vulnerability | Important |
| Windows GDI | CVE-2023-38161 | Windows GDI privilege escalation vulnerability | Important |
| Windows Kernel | CVS 2023-38141 | Windows Kernel privilege escalation vulnerability | Important |
| Windows Kernel | CVS 2023-38142 | Windows Kernel privilege escalation vulnerability | Important |
| Windows Kernel | CVS 2023-38139 | Windows Kernel privilege escalation vulnerability | Important |
| Windows Kernel | CVE-2023-38140 | Windows Kernel Information Disclosure Vulnerability | Important |
| Windows Kernel | CVE-2023-38150 | Windows Kernel privilege escalation vulnerability | Important |
| Windows Kernel | CVE-2023-36803 | Windows Kernel Information Disclosure Vulnerability | Important |
| Windows Scripting | CVE-2023-36805 | Windows MSHTML Platform Security Feature Bypass Vulnerability | Important |
| Windows TCP/IP | CVE-2023-38160 | Windows TCP/IP Information Disclosure Vulnerability | Important |
| Windows TCP/IP | CVE-2023-38149 | Windows TCP/IP Denial of Service Vulnerability | Important |
| Windows Themes | CVE-2023-38146 | Windows Theme Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2023-41764 | Microsoft Office Spoofing Vulnerability | Moderate |
Statement
This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and/or indirect consequences and losses caused by transmitting and/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add/delete any information to/from it, or use this advisory for commercial purposes without permission from NSFOCUS.
About NSFOCUS
NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyberattacks. The company’s Intelligent Hybrid Security strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide multi-layered, unified and dynamic protection against advanced cyber attacks.
NSFOCUS works with Fortune Global 500 companies, including four of the world’s five largest financial institutions, organizations in insurance, retail, healthcare, critical infrastructure industries as well as government agencies. NSFOCUS has technology and channel partners in more than 60 countries, is a member of both the Microsoft Active Protections Program (MAPP), and the Cloud Security Alliance (CSA). A wholly owned subsidiary of NSFOCUS Technologies Group Co., Ltd., the company has operations in the Americas, Europe, the Middle East and Asia Pacific.
