Yesterday, Microsoft released the latest security patch for Windows and several other software as part of PATCH TUESDAY, a major safety update that occurs on the second Tuesday of each month.
The August patch addresses a total of 87 errors and vulnerabilities. Among them, there are 2 actively exploited vulnerabilities and 23 remote code vulnerabilities, of which 6 are considered “critical” by Microsoft.
- 18 vulnerabilities with privilege escalation
- 3 vulnerabilities bypassing security systems
- 23 vulnerabilities for remote code execution
- 10 vulnerabilities for information disclosure
- 8 denial-of-service vulnerabilities
- 12 spoofing vulnerabilities
Please note that this list doesn’t include the twelve Microsoft Edge vulnerabilities on Chromium that were fixed earlier this month.
In the previous Patch Tuesday, two zero-day vulnerabilities were also addressed, both of which were actively exploited in real attacks.
Microsoft defines “zero-day vulnerability” as a publicly disclosed or actively exploited vulnerability without an official fix.
The two actively exploited zero-day vulnerabilities fixed in the latest Patch Tuesday are as follows:
• adv230003 – A significant update for Microsoft Office Defense that correctly addressed the previously fixed and actively exploited code execution vulnerability cve-2023-36884. This vulnerability allowed hackers to create specially crafted Microsoft Office documents that could be opened without triggering the security system warning and initiate remote code execution.
• CVE-2023-38180 – A vulnerability related to denial-of-service attacks in .Net and Visual Studio, which attackers could exploit.
Recommendations
Companies and users are strongly advised to install the PATCH TUESDAY update