Connect with us

    Hi, what are you looking for?

    Reviews

    Microsoft’s Patch Tuesday August Security Update Addresses 74 Vulnerabilities

    Microsoft has resolved 74 security issues in its software during the company’s August 2023 Patch Tuesday release. The previous month’s update tackled 132 vulnerabilities, indicating some progress in securing the software.

    For the August Patch Tuesday, Microsoft unveiled 74 new Common Vulnerabilities and Exposures (CVEs), six of which were labeled as critical. Additionally, a zero-day vulnerability impacting.NET and Visual Studio was identified. One of the vulnerabilities identified as CVE-2023-20593 is independent of Microsoft’s product range and is linked to the Zenbleed vulnerability found in specific AMD processors. To mitigate this risk, administrators are urged to deploy a microcode patch or update the BIOS of vulnerable systems.

    Microsoft Windows

    30 Vulnerabilities Addressed in Edge Browser

    Furthermore, Microsoft has fixed 30 vulnerabilities in its Chromium-based Edge browser since the previous Patch Tuesday release. This includes a side-channel weakness affecting specific AMD processor models (CVE-2023-20569, known as Inception). According to Microsoft, updating to the latest version helps “break the attack chain” that exploited the remote code execution flaw.

    One of the identified vulnerabilities, known as ADV230003, refers to a known security issue labeled as CVE-2023-36884, a remote code execution vulnerability found in Office and Windows HTML that has been exploited by the Russia-linked RomCom threat group in attacks against Ukraine and pro-Ukraine entities in Eastern Europe and North America.


    Windows 11 KB5029263: New Features


    The zero-day vulnerability for August Patch Tuesday is CVE-2023-38180, a.NET and Visual Studio denial-of-service weakness with a CVSS score of 7.5. Proof-of-concept code for this vulnerability has been identified. Since this vulnerability can be activated without requiring privileges, threat actors already present in the system can easily launch an attack.

    Administrators are advised to update Microsoft Visual Studio 2022, .NET 7.0, .NET 6.0, and ASP.NET Core 2.1, which may require significant time if a comprehensive patch management system is not in place.

    Advertisement. Scroll to continue reading.

    Additionally, patches have been released for five privilege escalation vulnerabilities in the Windows Kernel (CVE-2023-35359, CVE-2023-35380, CVE-2023-35382, CVE-2023-35386, and CVE-2023-38154, CVSS scores: 7.8) that could be exploited by threat actors with local access to elevate to SYSTEM privileges.

    Thank you for being a loyal reader. The article on Microsoft’s Patch Tuesday August update addressing 74 vulnerabilities was first published on gHacks Technology News.

    You May Also Like

    Hacks

    An economical high-voltage power supply project has been developed by Sebastian from Baltic Labs. The primary element of this endeavor is a commercial power...

    Hacks

    The issue of compatibility centers around the POPCNT CPU function. TheBobPony’s posts on Twitter uncovered that this function is found in several Windows 11...

    Hacks

    The choice to utilize USB storage was influenced by the nonexistence of Bluetooth and the substandard audio input port in the dated entertainment system....

    Hacks

    Connection of parts is becoming more prevalent in Apple products, where specific components such as cameras, screens, power units, and fingerprint detectors are linked...