Microsoft has rolled out the scheduled Patch Tuesday updates for August 2023, ensuring automatic updates for all devices. Yet, users should still check for system updates manually to ensure receiving all security fixes timely. This month’s update bundle is important because it addresses two critical zero-day vulnerabilities alongside other security flaws.
Important Security Fixes With Microsoft Patch Tuesday August
This month’s update bundle addresses two severe zero-day vulnerabilities that allowed remote code execution attacks.
The first includes CVE-2023-36884 – a high-severity zero-day flaw that became publicly disclosed before receiving a patch. Also, the researchers found it under active attack, particularly for cyberespionage purposes. The latest exploitation of this flaw appeared in the RomCom Threat Group attacks targeting the NATO Summit.
Microsoft admitted detecting the flaw’s exploitation and even released a fix with July 2023 updates. However, with August updates, the tech giant has released another update as a “defense in depth” measure to “break the chain” of exploitation.
The next significant security fix this month addresses an important severity denial of service vulnerability in .NET and Visual Studio. Exploiting this flaw (CVE-2023-38180). While Microsoft stated no public disclosure of this vulnerability, it did admit detecting its active exploitation before the fix could arrive.
Alongside these fixes, Microsoft has also addressed six critical severity vulnerabilities, all of which could allow remote code execution attacks when exploited. These vulnerabilities affect Microsoft Office (CVE-2023-36895), Microsoft Teams (CVE-2023-29328 and CVE-2023-29330), and Microsoft Message Queuing (CVE-2023-35385, CVE-2023-36910, and CVE-2023-36911).
Besides, this month’s update bundle addressed 79 other important and low-severity vulnerabilities that include 17 RCE flaws, 18 privilege escalation vulnerabilities, 12 spoofing vulnerabilities, 10 information disclosure issues, 7 vulnerabilities triggering denial-of-service, and 3 security feature bypass flaws.
While the tech giant has rolled out all the updates automatically for all devices, users should ensure to enable auto-updates on their systems to receive the patches in time. Whereas, for devices where automatic updates aren’t feasible, users should manually install the updates at the earliest to avoid potential threats.
Let us know your thoughts in the comments.