Security News > 2023 > October > Microsoft October 2023 Patch Tuesday fixes 3 zero-days, 104 flaws
Today is Microsoft's October 2023 Patch Tuesday, with security updates for 104 flaws, including three actively exploited zero-day vulnerabilities.
While forty-five remote code execution bugs were fixed, Microsoft only rated twelve vulnerabilities as 'Critical,' all of which are RCE flaws.
The total count of 104 flaws does not include one Chromium vulnerability tracked as CVE-2023-5346, which was fixed by Google on October 3rd and ported to Microsoft Edge.
This month's Patch Tuesday fixes three zero-day vulnerabilities, with all of them exploited in attacks and two of them publicly disclosed.
Microsoft has fixed an actively exploited vulnerability that can be used to steal NTLM hashes when opening a document in WordPad. "To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system," explains Microsoft.
Below is the complete list of resolved vulnerabilities in the October 2023 Patch Tuesday updates.
News URL
Related news
- Microsoft May 2024 Patch Tuesday fixes 3 zero-days, 61 flaws (source)
- May 2024 Patch Tuesday: Microsoft fixes exploited zero-days (CVE-2024-30051, CVE-2024-30040) (source)
- April 2024 Patch Tuesday forecast: New and old from Microsoft (source)
- Microsoft April 2024 Patch Tuesday fixes 150 security flaws, 67 RCEs (source)
- Microsoft Fixes 149 Flaws in Huge April Patch Release, Zero-Days Included (source)
- Microsoft patches two actively exploited zero-days (CVE-2024-29988, CVE-2024-26234) (source)
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- Week in review: Palo Alto Networks firewalls under attack, Microsoft patches two exploited zero-days (source)
- CrushFTP warns users to patch exploited zero-day “immediately” (source)
- May 2024 Patch Tuesday forecast: A reminder of recent threats and impact (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-10-05 | CVE-2023-5346 | Type Confusion vulnerability in multiple products Type confusion in V8 in Google Chrome prior to 117.0.5938.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |