Fresh Patch Tuesday Eliminates 87 Windows Vulnerabilities, Microsoft Products

Yesterday, Microsoft released the latest security patch for Windows and several other software as part of PATCH TUESDAY, a major safety update that occurs on the second Tuesday of each month.

The August patch addresses a total of 87 errors and vulnerabilities. Among them, there are 2 actively exploited vulnerabilities and 23 remote code vulnerabilities, of which 6 are considered “critical” by Microsoft.

  • 18 vulnerabilities with privilege escalation
  • 3 vulnerabilities bypassing security systems
  • 23 vulnerabilities for remote code execution
  • 10 vulnerabilities for information disclosure
  • 8 denial-of-service vulnerabilities
  • 12 spoofing vulnerabilities

Please note that this list doesn’t include the twelve Microsoft Edge vulnerabilities on Chromium that were fixed earlier this month.

In the previous Patch Tuesday, two zero-day vulnerabilities were also addressed, both of which were actively exploited in real attacks.

Microsoft defines “zero-day vulnerability” as a publicly disclosed or actively exploited vulnerability without an official fix.

The two actively exploited zero-day vulnerabilities fixed in the latest Patch Tuesday are as follows:

adv230003 – A significant update for Microsoft Office Defense that correctly addressed the previously fixed and actively exploited code execution vulnerability cve-2023-36884. This vulnerability allowed hackers to create specially crafted Microsoft Office documents that could be opened without triggering the security system warning and initiate remote code execution.

CVE-2023-38180 – A vulnerability related to denial-of-service attacks in .Net and Visual Studio, which attackers could exploit.

Recommendations

Companies and users are strongly advised to install the PATCH TUESDAY update

/Reports, release notes, official announcements.