As part of October 2023 Patch Tuesday, Microsoft released fixes for 104 vulnerabilities identified in its products, including Windows 10, Windows 11, Windows Server, Microsoft Office, and Skype. Three currently exploited zero-day vulnerabilities deserve special attention.
Patch Tuesday: The Importance of Microsoft’s Monthly Updates
“Patch Tuesday” is a term that many IT professionals are familiar with. It refers to the second Tuesday of every month, the day Microsoft releases its security patches for its software products. This regular practice arose from the need to provide users and companies with some predictability regarding updates, allowing them to plan any tests and deployments in advance.
The three zero-day vulnerabilities, classified as CVE-2023-41763, CVE-2023-36563, and CVE-2023-44487, were discovered in Skype, WordPad, and the HTTP/2 Rapid Reset attack, respectively. The Microsoft website provides more information about the updates. Remember that you must have an updated version of Windows 10 or activate Windows 11 with a product key to receive updates.
|Windows 11 Professional||59,99€|
|Windows 11 Home||49,99€|
|Windows 11 Upgrade||59,99€|
|Windows 11 Enterprise||79,99€|
|Windows 10 Professional||39,99€|
|Windows 10 Home||24,99€|
|Windows 10 Upgrade||41,99€|
Patch Tuesday: Zero-Day Vulnerability Details
Zero-Day vulnerabilities are not just theoretical, but have already been actively exploited, making their fix even more urgent.
HTTP/2 Rapid Reset Alert
The vulnerability CVE-2023-44487 represents a serious threat. This flaw allows DDoS attacks by exploiting the HTTP/2 stream cancellation feature, causing the target server to become overloaded. Despite being integrated into the HTTP/2 standard, the proposed solution is to limit the speed or block the protocol. Cloudflare, Amazon, and Google collaborated in disclosing this vulnerability.
Vulnerabilities in Skype
CVE-2023-41763 in Skype allows escalation of privilege. An attacker can exploit it to obtain information such as IP addresses or port numbers. Microsoft has rated this vulnerability with a CVSS Severity Rating of 5.3 out of 10.
Vulnerabilities in WordPad
CVE-2023-36563 in WordPad can compromise user security by exposing NTLM hashes. This flaw could be used to gain control of the system. The CVSS score for this vulnerability is 6.5 out of 10.
Other Vulnerabilities Discovered in Patch Tuesday
The vulnerabilities detected can be divided into different categories, depending on their nature and the type of risk they present:
- EoP (Elevation of Privilege): 26 vulnerabilities belong to this category, which allow an attacker to elevate their privileges within a system, potentially gaining complete control of it.
- Bypass of Security Functions: 3 vulnerabilities allow security mechanisms to be bypassed, making the protections put in place useless.
- RCE (Remote Code Execution): with 45 vulnerabilities of this type, an attacker could execute code remotely, compromising the system without necessarily having physical access to the device.
- ID (Information Disclosure): 12 vulnerabilities allow the disclosure of information, which could be exploited for further attacks or privacy violations.
- Denial of Service: 17 vulnerabilities could cause a denial of service, making a system or network inaccessible to users.
- Spoofing: a vulnerability of this type could allow an attacker to masquerade as the identity of another user or system.
The security bulletin released by CSIRT Italy rated the overall impact of these vulnerabilities as “severe/red”, assigning a score of 75 out of 100. This underlines the importance of addressing and fixing these vulnerabilities as soon as possible to ensure security of systems and networks.
To ensure system security, it is essential to install updates released by Microsoft. Windows automatically checks for these updates, but it’s always good practice to check manually.
- Windows 10: go to Start > Settings > Update & Security > Windows Update > Check for updates.
- Windows 11: click Start > Settings > Windows Update > Check for updates.
For older versions of Windows, turn on the Windows Update service from the Control Panel. Before installing updates, we recommend that you backup important data.
Microsoft updates are essential to keeping systems safe and secure. With growing cyber threats, it is crucial to stay updated and protect your devices from potential attacks.