Today’s Microsoft Security Update, Microsoft addressed 59 vulnerabilities, including five rated as Critical.

  • This release also includes three republished non-Microsoft CVEs to address issues in Microsoft Edge (Chromium-based), Visual Studio Code, and 3D Viewer.
  • Two of the CVEs fixed in this month’s release are also being exploited in the wild.
    • CVE-2023-36802
      • A privilege escalation vulnerability in the Microsoft Streaming Service Proxy could allow an attacker to gain SYSTEM privileges on the affected system.
    • CVE-2023-36761
      • This information disclosure vulnerability in Microsoft Word could result in the disclosure of NTLM hashes.
CVE/AdvisoryTitleTagMicrosoft Severity RatingBase ScoreMicrosoft ImpactExploitedPublicly Disclosed
CVE-2023-35355Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityWindows Cloud Files Mini Filter DriverImportant7.8Elevation of PrivilegeNoNo
CVE-2023-38162DHCP Server Service Denial of Service VulnerabilityWindows DHCP ServerImportant7.5Denial of ServiceNoNo
CVE-2023-38161Windows GDI Elevation of Privilege VulnerabilityWindows GDIImportant7.8Elevation of PrivilegeNoNo
CVE-2023-38156Azure HDInsight Apache Ambari Elevation of Privilege VulnerabilityAzure HDInsightsImportant7.2Elevation of PrivilegeNoNo
CVE-2023-38152DHCP Server Service Information Disclosure VulnerabilityWindows DHCP ServerImportant5.3Information DisclosureNoNo
CVE-2023-38150Windows Kernel Elevation of Privilege VulnerabilityWindows KernelImportant7.8Elevation of PrivilegeNoNo
CVE-2023-38149Windows TCP/IP Denial of Service VulnerabilityWindows TCP/IPImportant7.5Denial of ServiceNoNo
CVE-2023-38148Internet Connection Sharing (ICS) Remote Code Execution VulnerabilityWindows Internet Connection Sharing (ICS)Critical8.8Remote Code ExecutionNoNo
CVE-2023-38147Windows Miracast Wireless Display Remote Code Execution VulnerabilityMicrosoft Windows Codecs LibraryImportant8.8Remote Code ExecutionNoNo
CVE-2023-38146Windows Themes Remote Code Execution VulnerabilityWindows ThemesImportant8.8Remote Code ExecutionNoNo
CVE-2023-38144Windows Common Log File System Driver Elevation of Privilege VulnerabilityWindows Common Log File System DriverImportant7.8Elevation of PrivilegeNoNo
CVE-2023-38143Windows Common Log File System Driver Elevation of Privilege VulnerabilityWindows Common Log File System DriverImportant7.8Elevation of PrivilegeNoNo
CVE-2023-38142Windows Kernel Elevation of Privilege VulnerabilityWindows KernelImportant7.8Elevation of PrivilegeNoNo
CVE-2023-38141Windows Kernel Elevation of Privilege VulnerabilityWindows KernelImportant7.8Elevation of PrivilegeNoNo
CVE-2023-38140Windows Kernel Information Disclosure VulnerabilityWindows KernelImportant5.5Information DisclosureNoNo
CVE-2023-38139Windows Kernel Elevation of Privilege VulnerabilityWindows KernelImportant7.8Elevation of PrivilegeNoNo
CVE-2023-36805Windows MSHTML Platform Security Feature Bypass VulnerabilityWindows ScriptingImportant7Security Feature BypassNoNo
CVE-2023-36804Windows GDI Elevation of Privilege VulnerabilityWindows GDIImportant7.8Elevation of PrivilegeNoNo
CVE-2023-36803Windows Kernel Information Disclosure VulnerabilityWindows KernelImportant5.5Information DisclosureNoNo
CVE-2023-36802Microsoft Streaming Service Proxy Elevation of Privilege VulnerabilityMicrosoft Streaming ServiceImportant7.8Elevation of PrivilegeYesNo
CVE-2023-36801DHCP Server Service Information Disclosure VulnerabilityWindows DHCP ServerImportant5.3Information DisclosureNoNo
CVE-2023-36767Microsoft Office Security Feature Bypass VulnerabilityMicrosoft OfficeImportant4.3Security Feature BypassNoNo
CVE-2023-36766Microsoft Excel Information Disclosure VulnerabilityMicrosoft Office ExcelImportant7.8Information DisclosureNoNo
CVE-2023-36765Microsoft Office Elevation of Privilege VulnerabilityMicrosoft OfficeImportant7.8Elevation of PrivilegeNoNo
CVE-2023-36759Visual Studio Elevation of Privilege VulnerabilityVisual StudioImportant6.7Elevation of PrivilegeNoNo
CVE-2023-36758Visual Studio Elevation of Privilege VulnerabilityVisual StudioImportant7.8Elevation of PrivilegeNoNo
CVE-2023-36757Microsoft Exchange Server Spoofing VulnerabilityMicrosoft Exchange ServerImportant8SpoofingNoNo
CVE-2023-36756Microsoft Exchange Server Remote Code Execution VulnerabilityMicrosoft Exchange ServerImportant8Remote Code ExecutionNoNo
CVE-2023-36745Microsoft Exchange Server Remote Code Execution VulnerabilityMicrosoft Exchange ServerImportant8Remote Code ExecutionNoNo
CVE-2023-36744Microsoft Exchange Server Remote Code Execution VulnerabilityMicrosoft Exchange ServerImportant8Remote Code ExecutionNoNo
CVE-2023-36742Visual Studio Code Remote Code Execution VulnerabilityVisual Studio CodeImportant7.8Remote Code ExecutionNoNo
CVE-2023-36736Microsoft Identity Linux Broker Remote Code Execution VulnerabilityMicrosoft Identity Linux BrokerImportant4.4Remote Code ExecutionNoNo
CVE-2023-41764Microsoft Office Spoofing VulnerabilityMicrosoft OfficeModerate5.5SpoofingNoNo
CVE-2022-41303AutoDesk: CVE-2022-41303 use-after-free vulnerability in Autodesk® FBX® SDK 2020 or prior3D ViewerImportantN/ARemote Code ExecutionNoNo
CVE-2023-29332Microsoft Azure Kubernetes Service Elevation of Privilege VulnerabilityMicrosoft Azure Kubernetes ServiceCritical7.5Elevation of PrivilegeNoNo
CVE-2023-33136Azure DevOps Server Remote Code Execution VulnerabilityAzure DevOpsImportant8.8Remote Code ExecutionNoNo
CVE-2023-36886Microsoft Dynamics 365 (on-premises) Cross-site Scripting VulnerabilityMicrosoft DynamicsImportant7.6SpoofingNoNo
CVE-2023-38164Microsoft Dynamics 365 (on-premises) Cross-site Scripting VulnerabilityMicrosoft DynamicsImportant7.6SpoofingNoNo
CVE-2023-38163Windows Defender Attack Surface Reduction Security Feature BypassWindows DefenderImportant7.8Security Feature BypassNoNo
CVE-2023-38160Windows TCP/IP Information Disclosure VulnerabilityWindows TCP/IPImportant5.5Information DisclosureNoNo
CVE-2023-38155Azure DevOps Server Remote Code Execution VulnerabilityAzure DevOpsImportant7Elevation of PrivilegeNoNo
CVE-2023-36800Dynamics Finance and Operations Cross-site Scripting VulnerabilityMicrosoft Dynamics Finance & OperationsImportant7.6SpoofingNoNo
CVE-2023-36799.NET Core and Visual Studio Denial of Service Vulnerability.NET Core & Visual StudioImportant6.5Denial of ServiceNoNo
CVE-2023-36796Visual Studio Remote Code Execution Vulnerability.NET and Visual StudioImportant/Critical7.8Remote Code ExecutionNoNo
CVE-2023-36794Visual Studio Remote Code Execution Vulnerability.NET and Visual StudioImportant7.8Remote Code ExecutionNoNo
CVE-2023-36793Visual Studio Remote Code Execution Vulnerability.NET and Visual StudioImportant/Critical7.8Remote Code ExecutionNoNo
CVE-2023-36792Visual Studio Remote Code Execution Vulnerability.NET and Visual StudioImportant/Critical7.8Remote Code ExecutionNoNo
CVE-2023-36788.NET Framework Remote Code Execution Vulnerability.NET FrameworkImportant7.8Remote Code ExecutionNoNo
CVE-2023-36777Microsoft Exchange Server Information Disclosure VulnerabilityMicrosoft Exchange ServerImportant5.7Information DisclosureNoNo
CVE-2023-367733D Builder Remote Code Execution Vulnerability3D BuilderImportant7.8Remote Code ExecutionNoNo
CVE-2023-367723D Builder Remote Code Execution Vulnerability3D BuilderImportant7.8Remote Code ExecutionNoNo
CVE-2023-367713D Builder Remote Code Execution Vulnerability3D BuilderImportant7.8Remote Code ExecutionNoNo
CVE-2023-367703D Builder Remote Code Execution Vulnerability3D BuilderImportant7.8Remote Code ExecutionNoNo
CVE-2023-36764Microsoft SharePoint Server Elevation of Privilege VulnerabilityMicrosoft Office SharePointImportant8.8Elevation of PrivilegeNoNo
CVE-2023-36763Microsoft Outlook Information Disclosure VulnerabilityMicrosoft Office OutlookImportant7.5Information DisclosureNoNo
CVE-2023-36762Microsoft Word Remote Code Execution VulnerabilityMicrosoft Office WordImportant7.3Remote Code ExecutionNoNo
CVE-2023-36761Microsoft Word Information Disclosure VulnerabilityMicrosoft Office WordImportant6.2Information DisclosureYesYes
CVE-2023-367603D Viewer Remote Code Execution Vulnerability3D ViewerImportant7.8Remote Code ExecutionNoNo
CVE-2023-39956Electron: CVE-2023-39956 -Visual Studio Code Remote Code Execution VulnerabilityVisual Studio CodeImportantN/ARemote Code ExecutionNoNo
CVE-2023-367403D Viewer Remote Code Execution Vulnerability3D ViewerImportant7.8Remote Code ExecutionNoNo
CVE-2023-367393D Viewer Remote Code Execution Vulnerability3D ViewerImportant7.8Remote Code ExecutionNoNo
CVE-2023-4863Chromium: CVE-2023-4863 Heap buffer overflow in WebPMicrosoft Edge (Chromium-based) N/A   

Prioritize the right vulnerabilities and accelerate your time-to-remediation

Watch this 3-minute video to see what Frontline VM can do for you.

Watch now

Mieng Lim

Vice President, Product Management
View Profile