Patch Tuesday is once again upon us. As always, our team has put together the monthly Patch Tuesday Report to help you manage your update progress. The audit report gives you a quick and clear overview of your Windows machines and their patching status. The September 2023 edition of Patch Tuesday brings us 63 new fixes, with 5 rated as critical. We’ve listed the most important changes below.
⚡ TL;DR | Go Straight to the September 2023 Patch Tuesday Audit Report
Internet Connection Sharing (ICS) RCE Vulnerability
One of the most critical vulnerabilities lies in the Internet Connection Sharing (ICS). Luckily this only applies to devices where this functionality is enabled. However, if it is, attackers could end up executing code. While CVE-2023-38148 does have a CVSS base score of 8.8 and is more likely to be exploited according to Microsoft. An attack is limited to systems connected to the same network segment as the attacker. Additionally, the attack cannot be performed across multiple networks.
Four Microsoft Exchange Vulnerabilities
Exchange continues to be a hot topic this month. Coming in with three Remote Code Execution (RCE) vulnerabilities, and a spoofing vulnerability. These vulnerabilities range between a CVSS base score of 8 and 8.8.
Luckily, all of the vulnerabilities this month do require an attacker to be authenticated with LAN-access and have credentials for a valid Exchange user. While the requirements in order to utilize the vulnerabilities are quite high, if met, it does mean that attackers can execute code which can result in data theft, data manipulation, and downtime for the targeted environment.
Aside from reporting on whether the patch tuesday updates have been installed, you can also get a quick list of all exchange servers in your IT environment, their version and much more using the Exchange Server audit.
Visual Studio RCE Vulnerabilities
The majority of critically rated vulnerabilities this month are in Visual Studio. CVE-2023-36792, CVE-2023-36793, and CVE-2023-36796 are all rated as critical. In the case of these three vulnerabilities, the “remote” part only refers to the location of the attacker. The actual exploitation must be done locally. All three of the vulnerabilities require a user to open a maliciously crafted package file in Visual Studio.
CVE-2023-36794 is the last of the vulnerabilities fixed for Visual Studio this month but has the exact same description aside from being less severely rated.
If you’d like to get an overview of all the Visual Studio installations in your environment along with their version and how long they will be supported for, you can use our Visual Studio end-of-life audit.
Run the Patch Tuesday September 2023 Audit
To help manage your update progress, we’ve created the Patch Tuesday Audit that checks if the assets in your network are on the latest patch updates. The report has been color-coded to see which machines are up-to-date and which ones still need to be updated. As always, system administrators are urged to update their environment as soon as possible to ensure all endpoints are secured.
The Lansweeper Patch Tuesday report is automatically added to your Lansweeper Site. Lansweeper Sites is included in all our licenses without any additional cost and allows you to federate all your installations into one single view so all you need to do is look at one report, automatically added every patch Tuesday!
Run the September Patch Tuesday Audit
Patch Tuesday September 2023 CVE Codes & Titles
| CVE Number | CVE Title |
| CVE-2023-41764 | Microsoft Office Spoofing Vulnerability |
| CVE-2023-39956 | Electron: CVE-2023-39956 -Visual Studio Code Remote Code Execution Vulnerability |
| CVE-2023-38164 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
| CVE-2023-38163 | Windows Defender Attack Surface Reduction Security Feature Bypass |
| CVE-2023-38162 | DHCP Server Service Denial of Service Vulnerability |
| CVE-2023-38161 | Windows GDI Elevation of Privilege Vulnerability |
| CVE-2023-38160 | Windows TCP/IP Information Disclosure Vulnerability |
| CVE-2023-38156 | Azure HDInsight Apache Ambari Elevation of Privilege Vulnerability |
| CVE-2023-38155 | Azure DevOps Server and Team Foundation Server Elevation of Privilege Vulnerability |
| CVE-2023-38152 | DHCP Server Service Information Disclosure Vulnerability |
| CVE-2023-38150 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2023-38149 | Windows TCP/IP Denial of Service Vulnerability |
| CVE-2023-38148 | Internet Connection Sharing (ICS) Remote Code Execution Vulnerability |
| CVE-2023-38147 | Windows Miracast Wireless Display Remote Code Execution Vulnerability |
| CVE-2023-38146 | Windows Themes Remote Code Execution Vulnerability |
| CVE-2023-38144 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| CVE-2023-38143 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| CVE-2023-38142 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2023-38141 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2023-38140 | Windows Kernel Information Disclosure Vulnerability |
| CVE-2023-38139 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2023-36886 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
| CVE-2023-36805 | Windows MSHTML Platform Security Feature Bypass Vulnerability |
| CVE-2023-36804 | Windows GDI Elevation of Privilege Vulnerability |
| CVE-2023-36803 | Windows Kernel Information Disclosure Vulnerability |
| CVE-2023-36802 | Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability |
| CVE-2023-36801 | DHCP Server Service Information Disclosure Vulnerability |
| CVE-2023-36800 | Dynamics Finance and Operations Cross-site Scripting Vulnerability |
| CVE-2023-36799 | .NET Core and Visual Studio Denial of Service Vulnerability |
| CVE-2023-36796 | Visual Studio Remote Code Execution Vulnerability |
| CVE-2023-36794 | Visual Studio Remote Code Execution Vulnerability |
| CVE-2023-36793 | Visual Studio Remote Code Execution Vulnerability |
| CVE-2023-36792 | Visual Studio Remote Code Execution Vulnerability |
| CVE-2023-36788 | .NET Framework Remote Code Execution Vulnerability |
| CVE-2023-36777 | Microsoft Exchange Server Information Disclosure Vulnerability |
| CVE-2023-36773 | 3D Builder Remote Code Execution Vulnerability |
| CVE-2023-36772 | 3D Builder Remote Code Execution Vulnerability |
| CVE-2023-36771 | 3D Builder Remote Code Execution Vulnerability |
| CVE-2023-36770 | 3D Builder Remote Code Execution Vulnerability |
| CVE-2023-36767 | Microsoft Office Security Feature Bypass Vulnerability |
| CVE-2023-36766 | Microsoft Excel Information Disclosure Vulnerability |
| CVE-2023-36765 | Microsoft Office Elevation of Privilege Vulnerability |
| CVE-2023-36764 | Microsoft SharePoint Server Elevation of Privilege Vulnerability |
| CVE-2023-36763 | Microsoft Outlook Information Disclosure Vulnerability |
| CVE-2023-36762 | Microsoft Word Remote Code Execution Vulnerability |
| CVE-2023-36761 | Microsoft Word Information Disclosure Vulnerability |
| CVE-2023-36760 | 3D Viewer Remote Code Execution Vulnerability |
| CVE-2023-36759 | Visual Studio Elevation of Privilege Vulnerability |
| CVE-2023-36758 | Visual Studio Elevation of Privilege Vulnerability |
| CVE-2023-36757 | Microsoft Exchange Server Spoofing Vulnerability |
| CVE-2023-36756 | Microsoft Exchange Server Remote Code Execution Vulnerability |
| CVE-2023-36745 | Microsoft Exchange Server Remote Code Execution Vulnerability |
| CVE-2023-36744 | Microsoft Exchange Server Remote Code Execution Vulnerability |
| CVE-2023-36742 | Visual Studio Code Remote Code Execution Vulnerability |
| CVE-2023-36740 | 3D Viewer Remote Code Execution Vulnerability |
| CVE-2023-36739 | 3D Viewer Remote Code Execution Vulnerability |
| CVE-2023-36736 | Microsoft Identity Linux Broker Arbitrary Code Execution Vulnerability |
| CVE-2023-35355 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
| CVE-2023-33136 | Azure DevOps Server Remote Code Execution Vulnerability |
| CVE-2023-32051 | Raw Image Extension Remote Code Execution Vulnerability |
| CVE-2023-29332 | Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability |
| CVE-2023-24936 | .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability |
| CVE-2022-41303 | AutoDesk: CVE-2022-41303 use-after-free vulnerability in Autodesk® FBX® SDK 2020 or prior |