Today is the second Tuesday of September 2023, and Microsoft has released its latest security updates. These updates address 59 vulnerabilities across various Microsoft products. Among them, Five are considered critical because they can allow attackers to gain higher privileges, execute remote code, or engage in spoofing activities, and the remaining 54 are classified as important. In this month’s update, Microsoft has also fixed two zero-day vulnerabilities that were actively being exploited. These vulnerabilities, known as CVE-2023-36761 – Microsoft Word Information Disclosure Vulnerability and CVE-2023-36802 – Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability could enable attackers to gain full control over targeted machines.
Microsoft patched 59 CVEs in its September 2023 Patch Tuesday Release, including 2 actively exploited zero-day, with Five rated as critical and 54 rated as important.
Microsoft September 2023 Patch Tuesday update
Today is Microsoft’s Patch Tuesday, addressing 59 flaws. Among them are two actively exploited vulnerabilities and 24 remote code execution (RCE) vulnerabilities. Microsoft has categorized Foue RCE bugs as ‘Critical.’ Unfortunately, one RCE flaw remains unpatched and is being actively exploited. The vulnerabilities also include 17 elevations of privilege, 4 security feature bypasses, 9 information disclosures, 3 denial of service, and 5 spoofing vulnerabilities.
Today’s updates address two actively exploited zero-day vulnerabilities:
CVE-2023-36802 – Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability
This vulnerability, actively exploited in the wild, enabled attackers to escalate their privileges locally, ultimately gaining SYSTEM-level access. The discovery of this flaw credits a collaborative effort involving Quan Jin, ze0r from DBAPPSecurity WeBin Lab, Valentina Palmiotti from IBM X-Force, along with Microsoft Threat Intelligence and the Microsoft Security Response Center.
CVE-2023-36761 – Microsoft Word Information Disclosure Vulnerability
This vulnerability allows for the theft of NTLM hashes simply by opening a document, including in the preview pane. These hashes can potentially be exploited through cracking or utilized in NTLM Relay attacks to compromise the affected account. The discovery of this flaw was made internally by the vigilant Microsoft Threat Intelligence group.
Windows security updates
In addition to Microsoft security updates, this September 2023 Patch Tuesday update also brought Windows 11 and Windows 10 cumulative updates. That includes KB5030219 for Windows 11 and KB5030211 for Windows 10 version 22H2. So if you are running any of these Windows versions make sure you update them as you install the new patches.
Windows 7 and Windows 8.1 reached the End of support from Microsoft, which means the company no longer provides frequent updates or security patches for these operating systems. For more information please visit the Microsoft lifecycle page at https://learn.microsoft.com/en-us/lifecycle/end-of-support/end-of-support-2023
Windows 11 KB5030219
Windows 11 KB5030219 (OS Build 22621.2283) update introduces a new hover behavior to the search box gleam, providing users with a convenient way to access the search flyout box when hovering over it. Customization options for this feature are available in the Taskbar settings. Additionally, this update extends support for daylight saving time changes in Israel. It addresses several issues related to the Search app, ensuring its reliability and responsiveness. Users will also notice improvements in the TAB key’s functionality for browsing search results. Furthermore, the update resolves a Narrator issue that affected the proper identification of the search box on the taskbar and search highlights within it. Lastly, it addresses a size-related problem with the search box, ensuring it maintains the correct dimensions when used in tablet posture mode on Microsoft Surface Pro and Surface Book devices. You can read the complete changelog Microsoft support blog here.
Windows 10 KB5030211
Today’s cumulative update Windows 10 KB5030211 Enhance build number 19045.3448 brings significant enhancements to the Windows location detection system, providing users with more accurate and timely weather, news, and traffic information. Additionally, it expands the availability of notification badging for Microsoft accounts directly on the Start menu. A Microsoft account serves as the linchpin connecting Windows to various Microsoft apps, ensuring data backup and aiding in subscription management. This update also bolsters account security with the option to implement extra protective measures against potential lockouts. Moreover, it adds support for daylight saving time changes in Israel, ensuring seamless transitions. Finally, the update addresses a display issue with the search box and resolves a synchronization problem with settings, even when the toggle on the Windows backup page in the Settings app is enabled. You can read the complete changelog Microsoft support blog here.
Download the Windows 10 Cumulative update
All these Security updates Automatically download and get installed on your device via Windows update. If your device has not received it yet open Settings, Update & Security and Check for updates. Once done restart your Device to apply the updates.
- Windows 11 KB5030219 (Version 22H2) offline installer Direct Download Link 64-bit.
- Windows 11 KB5030217 (Version 21H2) offline installer Direct Download Link 64-bit.
- Windows 10 KB5030211 (For versions 21H2 and 21H1) Direct Download Links: 64-bit and 32-bit (x86).
- Windows 10 KB5030214 (version 1809) 64-bit | Download and 32-bit | Download
The above link directly opens the Microsoft Update Catalog which is the library of Windows Update offline installers. You need to click on the ‘Download’ button next to the version of the OS installed on your machine and run the .msu files to begin the installation of the update.
If you are Looking for Windows 10 22H2 Update ISO image click here Or check How to Upgrade to Windows 10 version 22H2 Using the media creation tool.
If you face any difficulty while installing these updates, Check the Windows 10 Update troubleshooting guide to fix the Windows 10 Cumulative update stuck downloading, failed to install with different errors, etc.
- What time do Patch Tuesday patches come out?
Microsoft schedules the release of security updates on “Patch Tuesday,” the second Tuesday of each month at 10:00 AM PST.
Is Patch Tuesday weekly or monthly?
Patch Tuesday falls on the second Tuesday of each month. The upcoming Patch Tuesday is on October 10, 2023.
- Why did the second Tuesday of every month call Patch Tuesday?
The second Tuesday of the month is referred to as “Patch Tuesday” because Microsoft attempts to combine the largest updates into this maintenance window.
- What is the latest update for Windows 11 September 2023?
The latest KB5029263 for Windows 11 version 22H2 and KB5029244 for Windows 10 version 22H2.
- What is the zero-day patch?
The term “Zero-Day” is used when security teams are unaware of their software vulnerability, and they’ve had “0” days to work on a security patch or an update to fix the issue.