Global Economy

Microsoft patch Tuesday: August Patches for 74 critical, important software vulnerabilities released. Details here


Microsoft has issued its latest Patch Tuesday updates for August 2023. The Patches Tuesday addressed a total of 74 vulnerabilities in its software. This marks a notable decrease from the 132 vulnerabilities that were resolved in the previous month.

This collection includes six vulnerabilities classified as Critical and 67 as Important for security. Apart from these updates, Microsoft has also introduced two defense-in-depth patches: one for Microsoft Office (ADV230003) and another for the Memory Integrity System Readiness Scan Tool (ADV230004).

Additionally, Microsoft has taken care of 31 issues in its Chromium-based Edge browser since the last Patch Tuesday edition. Furthermore, there is a single side-channel vulnerability, denoted as CVE-2023-20569 or Inception, that affects specific processor models offered by AMD.

ADV230003 pertains to a known security flaw identified as CVE-2023-36884. This particular vulnerability involves remote code execution in Office and Windows HTML. It has been actively exploited by a threat actor known as RomCom, with links to Russia. The attacks primarily targeted Ukraine and pro-Ukraine entities in Eastern Europe and North America. Microsoft emphasizes that the latest update effectively disrupts the attack chain leading to this remote code execution bug.

The other defense-in-depth update pertains to the Memory Integrity System Readiness scan tool. This tool is responsible for assessing compatibility issues with memory integrity, also referred to as hypervisor-protected code integrity or HVCI. The update addresses a known issue where the original version was released without an RSRC section, which contains essential resource information for a module.

Microsoft has also tackled various other vulnerabilities. These include remote code execution vulnerabilities in Microsoft Message Queuing (MSMQ) and Microsoft Teams, as well as several instances of spoofing vulnerabilities in products such as Azure Apache Ambari, Azure Apache Hadoop, Azure Apache Hive, Azure Apache Oozie, Azure DevOps Server, Azure HDInsight Jupyter, and .NET Framework.Furthermore, Redmond has resolved six denial-of-service (DoS) vulnerabilities and two instances of information disclosure flaws in MSMQ. This is in addition to a series of other issues previously identified within the same service, which could potentially lead to remote code execution and DoS.Among the notable vulnerabilities are CVE-2023-35388, CVE-2023-38182 (with a CVSS score of 8.0), and CVE-2023-38185 (with a CVSS score of 8.8). These are classified as remote code execution vulnerabilities affecting Exchange Server. The first two vulnerabilities have been assessed with a higher likelihood of exploitation.

Readers Also Like:  Will have great FTA with India, negotiations going well: UK MP Baroness Verma

FAQs
Q1. Has Microsoft released August Patches?
A1. Yes, Microsoft has released August Patches for a total of 74 vulnerabilities in software. This collection includes six vulnerabilities classified as Critical and 67 as Important for security.

Q2. What was the last Patch Tuesday?
A2. Microsoft has taken care of 31 issues in its Chromium-based Edge browser since the last Patch Tuesday edition. Furthermore, there is a single side-channel vulnerability, denoted as CVE-2023-20569 or Inception, that affects specific processor models offered by AMD.

Disclaimer Statement: This content is authored by a 3rd party. The views expressed here are that of the respective authors/ entities and do not represent the views of Economic Times (ET). ET does not guarantee, vouch for or endorse any of its contents nor is responsible for them in any manner whatsoever. Please take all steps necessary to ascertain that any information and content provided is correct, updated, and verified. ET hereby disclaims any and all warranties, express or implied, relating to the report and any content therein.



READ SOURCE

This website uses cookies. By continuing to use this site, you accept our use of cookies.