2023-09-12
September 2023 Patch Tuesday
variety of products. Five of the vulnerabilities are rated critical, and two are being actively exploited: a Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability (CVE-2023-36802) and a Microsoft Word Information Disclosure Vulnerability (CVE-2023-36761).
Editor's Note
CVE-2023-36761 is the vulnerability to watch out for. It is not only already being exploited, but it is also not a difficult problem to exploit. Note that Windows 11 will soon have the ability to disable NTLM hashes for SMB which may help with problems like this in the future.
![Johannes Ullrich](https://images.contentstack.io/v3/assets/blt36c2e63521272fdc/blt5fe184d7be67ebdd/6307a227847c967c7c96af6f/370x370_Johannes-Ullrich-2022.jpg)
Johannes Ullrich
The Microsoft Word information disclosure vulnerability (CVE-2023-36761, CVSS score 6.2) understates what's disclosed. This flaw discloses Net-NTLMv2 (authentication) hashes, which makes it very attractive to exploit. Also take note of CVE-2023-38148, a RCE flaw in the Internet Connection Sharing (ICS) service, where an unauthenticated attacker can exploit this just by sending a properly crafted packet to the ICS service. This flaw has the highest rating of the bunch at CVSS score of 8.8.
![Lee Neely](https://images.contentstack.io/v3/assets/blt36c2e63521272fdc/blt287a7a830c1223e8/60285112efec26565b3dc240/Lee-Neely-headshot-768x1024.png)
Lee Neely
Rapid patching of any Windows vulnerability at least at Microsoft’s Critical level is the minimum that is defensible based on real world exploitation of unpatched Windows systems.
![John Pescatore](https://images.contentstack.io/v3/assets/blt36c2e63521272fdc/blt52401881b1eb3b47/5ec57c253a450a58554b667a/370x370_john-pescatore.jpg)
John Pescatore
Interestingly, the two vulnerabilities being actively exploited have relatively low CVSS scores yet, can lead to either loss of user credentials or system-level access. Follow the standard security advice by prioritizing critical vulnerabilities first, as part of your patch cycle.
![Curtis Dukes](https://images.contentstack.io/v3/assets/blt36c2e63521272fdc/blt2a96d77f89dabfce/6179106bc05249199df194eb/CD_CISO.jpg)