Security News > 2023 > August > Microsoft, Intel lead this month's security fix emissions
The advisory for that flaw, ADV230003, is related to last month's CVE-2023-36884 in Microsoft Office, and as the IT giant notes, it's a "Defense in depth update." Installing the update "Stops the attack chain leading to the Windows Search security feature bypass vulnerability," we're told.
Finally the XMP-Toolkit-SDK update plugs an important security hole that could lead to application denial of service.
Exploitation could allow an unauthenticated attacker to run arbitrary queries against the back-end database via a proxy, Thomas Fritsch, an SAP security researcher at Onapsis, told The Register.
AMD today released nine security updates to fix 13 flaws.
Finally, Google pushed its Android August security updates yesterday to fix bugs affecting those devices.
"The most severe of these issues is a critical security vulnerability in the System component that could lead to remote code execution with no additional execution privileges needed," Google warned, adding that this vulnerability doesn't need any user interaction for exploitation.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/08/08/microsoft_intel_august_patch_tuesday/
Related news
- Microsoft confirms memory leak in March Windows Server security update (source)
- Microsoft slammed for lax security that led to China's cyber-raid on Exchange Online (source)
- Microsoft slammed for lax security that led to China's cyber-raid on Exchange Online (source)
- Microsoft fixes Outlook security alerts bug caused by December updates (source)
- Microsoft April 2024 Patch Tuesday fixes 150 security flaws, 67 RCEs (source)
- Microsoft squashes SmartScreen security bypass bug exploited in the wild (source)
- Microsoft lifts Windows 11 block on some Intel systems after 2 years (source)
- Microsoft and Security Incentives (source)
- Microsoft releases Exchange hotfixes for security update issues (source)
- Microsoft pulls fix for Outlook bug behind ICS security alerts (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-07-11 | CVE-2023-36884 | Unspecified vulnerability in Microsoft products Windows Search Remote Code Execution Vulnerability | 7.5 |