PHL Tech Magazine

Post: Microsoft addresses three zero-days for October’s Patch Tuesday

coder_prem

coder_prem

Hi, I'm Prem. I'm professional WordPress Web Developer. I developed this website. And writing articles about Finance, Startup, Business, Marketing and Tech is my hobby.
Hope you will always get informative articles which will help you to startup your business.
If you need any kind of wordpress website then feel free to contact me at webexpertprem@gmail.com

Categories


This month, Microsoft has released 103 updates to Windows, Edge, Microsoft Office, and Exchange Server. This update also includes minor updates to Visual Studio. Three zero-days (CVE-2023-44487, CVE-2023-36563 and CVE-2023-41763) require “Patch Now” updates for both Windows and the Edge browser for this October update cycle.

Microsoft has also updated its patch release and notification system with support for RSS feeds and has published its latest Digital Defense Report for this year. The team at Application Readiness has provided a helpful infographic that outlines the risks associated with each of the updates for this October update cycle.

Known issues

Each month, Microsoft includes a list of known issues that relate to the operating system and platforms that are included in this update cycle.

  • Microsoft Server 2022: After installing this month’s update on guest virtual machines (VMs) running Windows Server 2022 on some versions of VMware ESXi, Windows Server 2022 might not start up. Microsoft and VMware are both investigating this issue, but there is no published resolution at the time of writing.

Major revisions

Microsoft has published one major revision this month:

  • CVE-2023-36794: In the Security Updates table, added Microsoft Visual Studio 2013 Update 5 and Visual Studio 2015 Update 3, as these versions of Visual Studio are also affected by the vulnerability. No further action is required.

Mitigations and workarounds

Microsoft has published the following vulnerability related mitigations for this month’s Patch Tuesday release cycle:

  • There are 15 Microsoft Message Queue updates this month, each with a published mitigation from Microsoft that notes, “if the Message Queuing service is enabled and listening on port 1801, then your system is vulnerable.”
  • Microsoft offers some limited advice on OLE related vulnerabilities (e.g., CVE-2023-36730) this month with advice to only connect to trusted servers.

Some may question the efficacy of these proffered mitigations.

Copyright © 2023 IDG Communications, Inc.

Lora Helmin

Lora Helmin

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Popular Posts

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.