Security News > 2023 > September > Microsoft Releases Patch for Two New Actively Exploited Zero-Days Flaws
Microsoft has released software fixes to remediate 59 bugs spanning its product portfolio, including two zero-day flaws that have been actively exploited by malicious cyber actors.
Of the 59 vulnerabilities, five are rated Critical, 55 are rated Important, and one is rated Moderate in severity.
The update is in addition to 35 flaws patched in the Chromium-based Edge browser since last month's Patch Tuesday edition, which also encompasses a fix for CVE-2023-4863, a critical heap buffer overflow flaw in the WebP image format.
The two Microsoft vulnerabilities that have come under active exploitation in real-world attacks are listed below -.
"The first was CVE-2023-23397, an elevation of privilege vulnerability in Microsoft Outlook, that was disclosed in the March Patch Tuesday release."
Other vulnerabilities of note are several remote code execution flaws impacting Internet Connection Sharing, Visual Studio, 3D Builder, Azure DevOps Server, Windows MSHTML, and Microsoft Exchange Server and elevation of privilege issues in Windows Kernel, Windows GDI, Windows Common Log File System Driver, and Office, among others.
News URL
https://thehackernews.com/2023/09/microsoft-releases-patch-for-two-new.html
Related news
- Microsoft May 2025 Patch Tuesday fixes 5 exploited zero-days, 72 flaws (source)
- Patch Tuesday: Microsoft fixes 5 actively exploited zero-days (source)
- Emergency patch for potential SAP zero-day that could grant full system control (source)
- Microsoft pitches pay-to-patch reboot reduction subscription for Windows Server 2025 (source)
- Microsoft Fixes 78 Flaws, 5 Zero-Days Exploited; CVSS 10 Bug Impacts Azure DevOps Server (source)
- Hackers exploit VMware ESXi, Microsoft SharePoint zero-days at Pwn2Own (source)
- Microsoft's May Patch Tuesday update fails on some Windows 11 VMs (source)
- Microsoft ships emergency patch to fix Windows 11 startup failures (source)
- New Chrome Zero-Day Actively Exploited; Google Issues Emergency Out-of-Band Patch (source)
- Microsoft patches the patch that put Windows 11 in a coma (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-12 | CVE-2023-4863 | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. network low complexity google fedoraproject debian mozilla microsoft webmproject netapp bentley bandisoft CWE-787 | 8.8 |
| 2023-03-14 | CVE-2023-23397 | Authentication Bypass by Capture-replay vulnerability in Microsoft products Microsoft Outlook Elevation of Privilege Vulnerability | 9.8 |