Security News > 2023 > September > Grab those updates: Microsoft flings out fixes for already-exploited bugs
Microsoft emitted 59 patches for its September update batch, including two for bugs that have already been exploited.
The preview pane is the attack vector for this bug, which could be exploited to allow the disclosure of NTLM password hashes, which could potentially and ultimately be used to hijack people's network accounts.
Of the other critical-rated bugs, CVE-2023-29332, a 7.5-rated Microsoft Azure Kubernetes Service elevation of privilege vulnerability, is interesting because although it's labeled "Exploitation less likely," it's pretty low complexit, and can be remotely exploited from the internet.
Adobe released software updates to fix five security flaws today, including one critical bug in Acrobat and Reader that's already been found and exploited by miscreants.
"Adobe is aware that CVE-2023-26369 has been exploited in the wild in limited attacks targeting Adobe Acrobat and Reader," according to today's security advisory.
"A successful exploit provides information that can be used in subsequent attacks, leading to a complete compromise of the application," Onapsis' SAP security researcher Thomas Fritsch told The Register.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/09/12/september_2023_patch_tuesday/
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-13 | CVE-2023-26369 | Out-of-bounds Write vulnerability in Adobe products Acrobat Reader versions 23.003.20284 (and earlier), 20.005.30516 (and earlier) and 20.005.30514 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
| 2023-09-12 | CVE-2023-29332 | Improper Input Validation vulnerability in Microsoft Azure Kubernetes Service Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability | 9.8 |