Microsoft September 2023 Patch Day

Microsoft has released important security updates for Windows and other products. Attackers attack Microsoft Word, among other things and are already exploiting two vulnerabilities. Users of Microsoft software should ensure that applications are up to date. Otherwise, attackers can attack systems and, in the worst case, execute malicious code.

Attackers are already exploiting a vulnerability in Word (CVE-2023-36761 medium). According to a warning message from Microsoft, Word 2013 and Microsoft 365 Apps for Enterprise, among others, are at risk. The article does not reveal what an attack looks like in detail. Since attacks can be initiated in the preview window, it can be assumed that attackers have to slip a manipulated document to victims.

If an attack is successful, attackers should have access to NTLM hashes. Windows stores passwords in this cryptographic format. Equipped with this, pass-the-hash attacks are conceivable, which attackers can use to gain higher user rights. The extent of the attacks is currently unknown.

The second currently exploited vulnerability (CVE-2023-36802 High) affects Microsoft Streaming Service Proxy. The affected Windows versions can be found in a warning message. Attackers should be able to use the vulnerability to gain system rights. How such an attack occurs is currently unknown.

Microsoft classifies vulnerabilities in Azure Kubernetes Service, Internet Connecting Sharing (ICS) and Visual Studio as critical. If attacks fail, malicious code will be executed, among other things. To do this, attackers have to trick victims into opening a crafted Visual Studio package file (including CVE-2023-36792). In the case of Azure Kubernetes Service, attackers can gain cluster admin rights (CVE-2023-29332).

Other vulnerabilities affect Exchange Server, SharePoint Server and various Windows components, among others. Details about all the vulnerabilities closed on this Patch Day can be found in Microsoft's Security Update Guide.