Microsoft September Security Updates for Multiple High-Risk Product Vulnerabilities

Microsoft September Security Updates for Multiple High-Risk Product Vulnerabilities

September 15, 2023 | NSFOCUS

Overview

On September 13, NSFOCUS CERT found that Microsoft had released a security update patch for September, fixing 61 security issues, involving Microsoft SharePoint Server, Visual Studio, Internet Connection Sharing (ICS), Microsoft Azure Kubernetes Service, Microsoft Exchange and other widely used products, including high-risk vulnerability types such as privilege enhancement, remote code execution, etc.

Among the vulnerabilities fixed in Microsoft’s monthly updates this month, there are 5 critical vulnerabilities and 55 important vulnerabilities. This includes two vulnerabilities that exist for exploitation in the wild:

Microsoft Streaming Service Proxy Privilege Escalation Vulnerability (CVS 2023-36802)

Microsoft Word Information Disclosure Vulnerability (CVS 2023-36761)

Please update the patch as soon as possible for protection. Please refer to the appendix for a complete list of vulnerabilities.

Reference link: https://msrc.microsoft.com/update-guide/releaseNote/2023-Sep

Key Vulnerabilities

Microsoft Streaming Service Proxy Privilege Escalation Vulnerability (CVS 2023-36802):

Microsoft Streaming Service Proxy has a privilege escalation vulnerability, which allows local attackers with low privileges to successfully exploit the SYSTEM privileges without user interaction. The vulnerability is exploited in the wild, with a CVSS score of 7.8.

Official announcement link:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36802

Microsoft Word Information Disclosure Vulnerability (CVS 2023-36761):

There is an information leakage vulnerability in Microsoft Word, which can be successfully exploited by local attackers without authentication to cause NTLM hash leakage, and the preview pane is also an attack medium. This vulnerability is exploited in the wild, with a CVSS score of 6.2.

Official announcement link:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36761

Visual Studio Arbitrary Code Execution Vulnerability (CVE-2023-36796/CVE-2023-36792/CVE-2023-36793):

There is an arbitrary code execution vulnerability in Visual Studio, which can be exploited by unauthorized local attackers by inducing users to open specially crafted malicious files in Visual Studio, ultimately enabling the execution of arbitrary code on the target system. The CVSS score is 7.8.

Official link announcement:

https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-36796

https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-36792

https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-36793

Internet Connection Sharing (ICS) Remote Code Execution Vulnerability (CVS 2023-38148):

There is a remote code execution vulnerability in Internet Connection Sharing (ICS), where an unauthenticated attacker can exploit this vulnerability by sending a crafted packet to the ICS server when the attacker and victim are on the same network, ultimately achieving arbitrary code execution on the target system. The CVSS score is 8.8.

Official announcement link:

https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-38148

Microsoft Azure Kubernetes Service Privilege Escalation Vulnerability (CVS 2023-29332):

There is a privilege escalation vulnerability in the Microsoft Azure Kubernetes Service, which allows unauthenticated remote attackers to gain cluster administrator privileges due to security restrictions in the service. The CVSS score is 7.5.

Official announcement link:

https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-29332

Microsoft SharePoint Server privilege escalation vulnerability (CVE-2023-36764):

There is a privilege escalation vulnerability in Microsoft SharePoint Server, which can be exploited by an authenticated remote attacker by creating an ASP. NET web page with a crafted declaration tag. A successful attacker can gain administrator privileges. The CVSS score is 8.8.

Official announcement link:

https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-36764

Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2023-36744/CVE-2023-36756):

There is a remote code execution vulnerability in Microsoft Exchange servers, where authenticated attackers with LAN access and valid Exchange user credentials can trigger malicious code in the server’s context through network calls, leading to remote code execution. The CVSS score is 8.0.

Official announcement link:

https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-36744

https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-36756

Scope of Impact

The followings are some affected product versions that focus on vulnerabilities. For other product ranges affected by vulnerabilities, please refer to the official announcement link.

Vulnerability numberAffected product version
CVE-2023-36802Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64 based Systems
Windows 10 Version 22H2 for x64 based Systems
Windows 11 Version 22H2 for x64 based Systems
Windows 11 Version 22H2 for ARM64 based Systems
Windows 10 Version 21H2 for x64 based Systems
Windows 10 Version 21H2 for ARM64 based Systems
Windows 10 Version 21H2 for 32 bit Systems
Windows 11 version 21H2 for ARM64 based Systems
Windows 11 version 21H2 for x64 based Systems
Windows Server 2022 (Server Core Installation)
Windows Server 2022
Windows Server 2019 (Server Core Installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64 based Systems
Windows 10 Version 1809 for x64 based Systems
Windows 10 Version 1809 for 32-bit Systems
CVE-2023-36761Microsoft Word 2013 Service Pack 1 (64 bit editions)
Microsoft Word 2013 Service Pack 1 (32 bit editions)
Microsoft Word 2013 RT Service Pack 1
Microsoft Word 2016 (64 bit edition)
Microsoft Word 2016 (32 bit edition)
Microsoft Office LTSC 2021 for 32 bit editions
Microsoft Office LTSC 2021 for 64 bit editions
Microsoft 365 Apps for Enterprise for 64 bit Systems
Microsoft 365 Apps for Enterprise for 32 bit Systems
Microsoft Office 2019 for 64 bit editions
Microsoft Office 2019 for 32 bit editions
CVE-2023-36796
CVE-2023-36793
Microsoft. NET Framework 3.5.1
Microsoft. NET Framework 3.5
Microsoft. NET Framework 3.0 Service Pack 2
Microsoft. NET Framework 2.0 Service Pack 2
Microsoft. NET Framework 4.6.2
Microsoft. NET Framework 3.5 AND 4.8.1
Microsoft. NET Framework 4.6.2/4.7/4.7.1/4.7.2
Microsoft. NET Framework 3.5 AND 4.7.2
Microsoft. NET Framework 4.8
Microsoft. NET Framework 3.5 AND 4.8 . NET 6.0 . NET 7.0
Microsoft Visual Studio 2022 version 17.4
Microsoft Visual Studio 2019 version 16.11 (includes 16.0-16.10)
Microsoft Visual Studio 2022 version 17.2
Microsoft Visual Studio 2017 version 15.9 (includes 15.0-15.8)
Microsoft Visual Studio 2022 version 17.7
Microsoft Visual Studio 2022 version 17.6
CVE-2023-36792Microsoft. NET Framework 3.5.1
Microsoft. NET Framework 3.5
Microsoft. NET Framework 2.0 Service Pack 2
Microsoft. NET Framework 3.0 Service Pack 2
Microsoft. NET Framework 3.5 AND 4.8
Microsoft. NET Framework 4.6.2
Microsoft. NET Framework 3.5 AND 4.8.1
Microsoft. NET Framework 4.8
Microsoft. NET Framework 4.6.2/4.7/4.7.1/4.7.2
Microsoft. NET Framework 3.5 AND 4.7.2
Microsoft Visual Studio 2022 version 17.7 . NET 7.0 . NET 6.0
Microsoft Visual Studio 2022 version 17.4
Microsoft Visual Studio 2019 version 16.11 (includes 16.0-16.10)
Microsoft Visual Studio 2022 version 17.2
Microsoft Visual Studio 2017 version 15.9 (includes 15.0-15.8)
CVS 2023-38148Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64 based Systems
Windows 10 Version 22H2 for x64 based Systems
Windows 11 Version 22H2 for x64 based Systems
Windows 11 Version 22H2 for ARM64 based Systems
Windows 10 Version 21H2 for x64 based Systems
Windows 10 Version 21H2 for ARM64 based Systems
Windows 10 Version 21H2 for 32 bit Systems
Windows 11 version 21H2 for ARM64 based Systems
Windows 11 version 21H2 for x64 based Systems
Windows Server 2022 (Server Core Installation) Windows Server 2022
CVS 2023-29332Azure Kubernetes Service
CVE-2023-36764Microsoft SharePoint Server Subscription Edition
Microsoft SharePoint Server 2019
Microsoft SharePoint Enterprise Server 2016
CVE-2023-36744
CVE-2023-36756
Microsoft Exchange Server 2019 Cumulative Update 12
Microsoft Exchange Server 2019 Cumulative Update 13
Microsoft Exchange Server 2016 Cumulative Update 23

Mitigation

At present, Microsoft has officially released security patches to fix the above vulnerabilities for supported product versions. It is strongly recommended that affected users install the patch as soon as possible for protection. The official download link is:

https://msrc.microsoft.com/update-guide/releaseNote/2023-Sep

Note: Due to network issues, computer environment issues, and other reasons, patch updates for Windows Update may fail. After installing the patch, users should promptly check whether the patch has been successfully updated.

Right click on the Windows icon, select “Settings”, select “Updates and Security” – “Windows Update” to view the prompts on this page, or click “View Update History” to view the historical update status. For updates that have not been successfully installed, you can click on the update name to go to the Microsoft official download page. It is recommended that users click on the link on this page and go to the “Microsoft Update Directory” website to download and install the independent package.

Appendix

Impact productCVE number Vulnerability TitleSeverity
. NET and Visual StudioCVE-2023-36796Visual Studio Remote Code Execution VulnerabilityCritical
. NET and Visual StudioCVE-2023-36792Visual Studio Remote Code Execution VulnerabilityCritical
. NET and Visual StudioCVE-2023-36793Visual Studio Remote Code Execution VulnerabilityCritical
Microsoft Azure Kubernetes ServiceCVS 2023-29332Microsoft Azure Kubernetes Service Privilege Escalation VulnerabilityCritical
Windows Internet Connection Sharing (ICS)CVS 2023-38148Internet Connection Sharing (ICS) Remote Code Execution VulnerabilityCritical
. NET and Visual StudioCVE-2023-36794Visual Studio Remote Code Execution VulnerabilityImportant
. NET Core&Visual StudioCVE-2023-36799. NET Core and Visual Studio Denial of Service VulnerabilityImportant
. NET FrameworkCVE-2023-36788. NET Framework Remote Execution Code VulnerabilityImportant
3D BuilderCVE-2023-367723D Generator Remote Execution Code VulnerabilityImportant
3D BuilderCVE-2023-367713D Generator Remote Execution Code VulnerabilityImportant
3D BuilderCVE-2023-367703D Generator Remote Execution Code VulnerabilityImportant
3D BuilderCVE-2023-367733D Generator Remote Execution Code VulnerabilityImportant
3D ViewerCVE-2022-41303AutoDesk: Autodesk ® FBX ® Vulnerability in SDK 2022 or earlier for post release use of CVE-41303-2020Important
3D ViewerCVE-2023-367603D Viewer Remote Execution Code VulnerabilityImportant
3D ViewerCVE-2023-367403D Viewer Remote Execution Code VulnerabilityImportant
3D ViewerCVE-2023-367393D Viewer Remote Execution Code VulnerabilityImportant
Azure DevOpsCVE-2023-33136Azure DevOps Server Remote Code Execution VulnerabilityImportant
Azure DevOpsCVS 2023-38155Azure DevOps Server Remote Code Execution VulnerabilityImportant
Azure HDInsightsCVE-2023-38156Azure HDInsight Apache Ambari Elevation of Privilege VulnerabilityImportant
Microsoft DynamicsCVE-2023-38164Microsoft Dynamics 365 (Local) Cross Site Scripting VulnerabilityImportant
Microsoft DynamicsCVE-2023-36886Microsoft Dynamics 365 (Local) Cross Site Scripting VulnerabilityImportant
Microsoft Dynamics Finance&OperationsCVE-2023-36800Dynamic Finance and Operations Cross Site Scripting VulnerabilityImportant
Microsoft Exchange ServerCVE-2023-36744Microsoft Exchange Server Remote Code Execution VulnerabilityImportant
Microsoft Exchange ServerCVE-2023-36756Microsoft Exchange Server Remote Code Execution VulnerabilityImportant
Microsoft Exchange ServerCVE-2023-36745Microsoft Exchange Server Remote Code Execution VulnerabilityImportant
Microsoft Exchange ServerCVE-2023-36777Microsoft Exchange Server Information Disclosure VulnerabilityImportant
Microsoft Exchange ServerCVE-2023-36757Microsoft Exchange Server Spoofing VulnerabilityImportant
Microsoft Identity Linux BrokerCVE-2023-36736Microsoft Identity Linux Proxy Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2023-36767Microsoft Office Security Feature Bypass VulnerabilityImportant
Microsoft OfficeCVE-2023-36765Microsoft Office Privilege Escalation VulnerabilityImportant
Microsoft Office ExcelCVE-2023-36766Microsoft Excel Information Disclosure VulnerabilityImportant
Microsoft Office OutlookCVE-2023-36763Microsoft Outlook Information Disclosure VulnerabilityImportant
Microsoft Office SharePointCVE-2023-36764Microsoft SharePoint Server Privilege Escalation VulnerabilityImportant
Microsoft Office WordCVE-2023-36761Microsoft Word Information Disclosure VulnerabilityImportant
Microsoft Office WordCVE-2023-36762Microsoft Word Remote Execution Code VulnerabilityImportant
Microsoft Streaming ServiceCVE-2023-36802Microsoft Streaming Service Proxy Privilege Escalation VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2023-38147Windows Miracast Wireless Display Remote Code Execution VulnerabilityImportant
Visual StudioCVE-2023-36758Visual Studio Permission Elevation VulnerabilityImportant
Visual StudioCVE-2023-36759Visual Studio Permission Elevation VulnerabilityImportant
Visual Studio CodeCVE-2023-36742Visual Studio Code Remote Code Execution VulnerabilityImportant
Visual Studio CodeCVE-2023-39956Electronic: CVE-2023-39956- Visual Studio Code Remote Code Execution VulnerabilityImportant
Windows Cloud Files Mini Filter DriverCVE-2023-35355Windows Cloud File Minifilter Driver Privilege Escalation VulnerabilityImportant
Windows Common Log File System DriverCVS 2023-38143Windows Common Log File System Driver Privilege Escalation VulnerabilityImportant
Windows Common Log File System DriverCVS 2023-38144Windows Common Log File System Driver Privilege Escalation VulnerabilityImportant
Windows DefenderCVE-2023-38163Windows Defender attack surface reduces security feature bypassImportant
Windows DHCP ServerCVS 2023-38152DHCP Server Service Information Disclosure VulnerabilityImportant
Windows DHCP ServerCVE-2023-38162DHCP Server Service Denial of Service VulnerabilityImportant
Windows DHCP ServerCVE-2023-36801DHCP Server Service Information Disclosure VulnerabilityImportant
Windows GDICVE-2023-36804Windows GDI privilege escalation vulnerabilityImportant
Windows GDICVE-2023-38161Windows GDI privilege escalation vulnerabilityImportant
Windows KernelCVS 2023-38141Windows Kernel privilege escalation vulnerabilityImportant
Windows KernelCVS 2023-38142Windows Kernel privilege escalation vulnerabilityImportant
Windows KernelCVS 2023-38139Windows Kernel privilege escalation vulnerabilityImportant
Windows KernelCVE-2023-38140Windows Kernel Information Disclosure VulnerabilityImportant
Windows KernelCVE-2023-38150Windows Kernel privilege escalation vulnerabilityImportant
Windows KernelCVE-2023-36803Windows Kernel Information Disclosure VulnerabilityImportant
Windows ScriptingCVE-2023-36805Windows MSHTML Platform Security Feature Bypass VulnerabilityImportant
Windows TCP/IPCVE-2023-38160Windows TCP/IP Information Disclosure VulnerabilityImportant
Windows TCP/IPCVE-2023-38149Windows TCP/IP Denial of Service VulnerabilityImportant
Windows ThemesCVE-2023-38146Windows Theme Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2023-41764Microsoft Office Spoofing VulnerabilityModerate

Statement

This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and/or indirect consequences and losses caused by transmitting and/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add/delete any information to/from it, or use this advisory for commercial purposes without permission from NSFOCUS.

About NSFOCUS

NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyberattacks. The company’s Intelligent Hybrid Security strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide multi-layered, unified and dynamic protection against advanced cyber attacks.

NSFOCUS works with Fortune Global 500 companies, including four of the world’s five largest financial institutions, organizations in insurance, retail, healthcare, critical infrastructure industries as well as government agencies. NSFOCUS has technology and channel partners in more than 60 countries, is a member of both the Microsoft Active Protections Program (MAPP), and the Cloud Security Alliance (CSA). A wholly owned subsidiary of NSFOCUS Technologies Group Co., Ltd., the company has operations in the Americas, Europe, the Middle East and Asia Pacific.