Security News > 2023 > September > Microsoft Releases Patch for Two New Actively Exploited Zero-Days Flaws

Microsoft Releases Patch for Two New Actively Exploited Zero-Days Flaws
2023-09-13 05:18

Microsoft has released software fixes to remediate 59 bugs spanning its product portfolio, including two zero-day flaws that have been actively exploited by malicious cyber actors.

Of the 59 vulnerabilities, five are rated Critical, 55 are rated Important, and one is rated Moderate in severity.

The update is in addition to 35 flaws patched in the Chromium-based Edge browser since last month's Patch Tuesday edition, which also encompasses a fix for CVE-2023-4863, a critical heap buffer overflow flaw in the WebP image format.

The two Microsoft vulnerabilities that have come under active exploitation in real-world attacks are listed below -.

"The first was CVE-2023-23397, an elevation of privilege vulnerability in Microsoft Outlook, that was disclosed in the March Patch Tuesday release."

Other vulnerabilities of note are several remote code execution flaws impacting Internet Connection Sharing, Visual Studio, 3D Builder, Azure DevOps Server, Windows MSHTML, and Microsoft Exchange Server and elevation of privilege issues in Windows Kernel, Windows GDI, Windows Common Log File System Driver, and Office, among others.


News URL

https://thehackernews.com/2023/09/microsoft-releases-patch-for-two-new.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-09-12 CVE-2023-4863 Out-of-bounds Write vulnerability in multiple products
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
8.8
2023-03-14 CVE-2023-23397 Authentication Bypass by Capture-replay vulnerability in Microsoft products
Microsoft Outlook Elevation of Privilege Vulnerability
network
low complexity
microsoft CWE-294
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 365 50 1369 2820 161 4400