Security News > 2023 > August > Microsoft Patch Tuesday: 74 CVEs plus 2 “Exploit Detected” advisories
The August 2023 Microsoft security updates are out, with 74 CVE-numbered bugs fixed.
Intriguingly, if not confusingly, Microsoft's offical bug listing page is topped by two special items dubbed Exploitation Detected.
Technically this doesn't seem to be a zero-day this month, given that there was a patch for it in July 2023, even though it counts as an Exploitation Detected bug because crooks were historically known to be abusing the vulnerability before any patch was available.
The special Advisory page doesn't shed much more light on the issue, saying simply, "Microsoft has released an update for Microsoft Office that provides enhanced security as a defense in depth measure."
Confusingly, Microsoft's main Patch Tuesday bug-listing page says Exploitation Detected against this item, without saying what sort of attacks were carried out.
In other words, to defend against these bugs, don't just remember our encouragement to Patch early, patch often, but also our more general advice about online invitations, which says: If in doubt, leave it out.
News URL
Related news
- April 2024 Patch Tuesday forecast: New and old from Microsoft (source)
- Microsoft April 2024 Patch Tuesday fixes 150 security flaws, 67 RCEs (source)
- Microsoft May 2024 Patch Tuesday fixes 3 zero-days, 61 flaws (source)
- May 2024 Patch Tuesday: Microsoft fixes exploited zero-days (CVE-2024-30051, CVE-2024-30040) (source)
- Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955) (source)
- Microsoft Fixes 149 Flaws in Huge April Patch Release, Zero-Days Included (source)
- Exploit released for Palo Alto PAN-OS bug used in attacks, patch now (source)
- Microsoft: APT28 hackers exploit Windows flaw reported by NSA (source)
- Microsoft: APT28 hackers exploit Windows flaw reported by NSA (source)
- Maximum severity Flowmon bug has a public exploit, patch now (source)