• icons/search
  • icons/search

Patch Tuesday Microsoft: Critical Updates October 2023

October 2023 Patch Tuesday: All vulnerabilities fixed

Patch Tuesday

Table of Contents

As part of October 2023 Patch Tuesday, Microsoft released fixes for 104 vulnerabilities identified in its products, including Windows 10, Windows 11, Windows Server, Microsoft Office, and Skype. Three currently exploited zero-day vulnerabilities deserve special attention.

Patch Tuesday: The Importance of Microsoft’s Monthly Updates

Patch Tuesday” is a term that many IT professionals are familiar with. It refers to the second Tuesday of every month, the day Microsoft releases its security patches for its software products. This regular practice arose from the need to provide users and companies with some predictability regarding updates, allowing them to plan any tests and deployments in advance.

The three zero-day vulnerabilities, classified as CVE-2023-41763, CVE-2023-36563, and CVE-2023-44487, were discovered in Skype, WordPad, and the HTTP/2 Rapid Reset attack, respectively. The Microsoft website provides more information about the updates. Remember that you must have an updated version of Windows 10 or activate Windows 11 with a product key to receive updates.

WIndows 11 ProfessionalWindows 11 Professional59,99€view deal
Windows 11 HomeWindows 11 Home49,99€view deal
windows 11 pro uprgradeWindows 11 Upgrade59,99€view deal
windows 11 enterpriseWindows 11 Enterprise79,99€view deal
Windows 10 ProfessionalWindows 10 Professional39,99€view deal
Windows 10 homeWindows 10 Home24,99€view deal
upgrade windows 10Windows 10 Upgrade41,99€view deal

Patch Tuesday: Zero-Day Vulnerability Details

Zero-Day vulnerabilities are not just theoretical, but have already been actively exploited, making their fix even more urgent.

HTTP/2 Rapid Reset Alert

The vulnerability CVE-2023-44487 represents a serious threat. This flaw allows DDoS attacks by exploiting the HTTP/2 stream cancellation feature, causing the target server to become overloaded. Despite being integrated into the HTTP/2 standard, the proposed solution is to limit the speed or block the protocol. Cloudflare, Amazon, and Google collaborated in disclosing this vulnerability.

Vulnerabilities in Skype

CVE-2023-41763 in Skype allows escalation of privilege. An attacker can exploit it to obtain information such as IP addresses or port numbers. Microsoft has rated this vulnerability with a CVSS Severity Rating of 5.3 out of 10.

Vulnerabilities in WordPad

CVE-2023-36563 in WordPad can compromise user security by exposing NTLM hashes. This flaw could be used to gain control of the system. The CVSS score for this vulnerability is 6.5 out of 10.

microsoft patch tuesday

Other Vulnerabilities Discovered in Patch Tuesday

The vulnerabilities detected can be divided into different categories, depending on their nature and the type of risk they present:

  • EoP (Elevation of Privilege): 26 vulnerabilities belong to this category, which allow an attacker to elevate their privileges within a system, potentially gaining complete control of it.
  • Bypass of Security Functions: 3 vulnerabilities allow security mechanisms to be bypassed, making the protections put in place useless.
  • RCE (Remote Code Execution): with 45 vulnerabilities of this type, an attacker could execute code remotely, compromising the system without necessarily having physical access to the device.
  • ID (Information Disclosure): 12 vulnerabilities allow the disclosure of information, which could be exploited for further attacks or privacy violations.
  • Denial of Service: 17 vulnerabilities could cause a denial of service, making a system or network inaccessible to users.
  • Spoofing: a vulnerability of this type could allow an attacker to masquerade as the identity of another user or system.

The security bulletin released by CSIRT Italy rated the overall impact of these vulnerabilities as “severe/red”, assigning a score of 75 out of 100. This underlines the importance of addressing and fixing these vulnerabilities as soon as possible to ensure security of systems and networks.

Installing Updates

To ensure system security, it is essential to install updates released by Microsoft. Windows automatically checks for these updates, but it’s always good practice to check manually.

  • Windows 10: go to Start > Settings > Update & Security > Windows Update > Check for updates.
  • Windows 11: click Start > Settings > Windows Update > Check for updates.

For older versions of Windows, turn on the Windows Update service from the Control Panel. Before installing updates, we recommend that you backup important data.

Conclusion

Microsoft updates are essential to keeping systems safe and secure. With growing cyber threats, it is crucial to stay updated and protect your devices from potential attacks.

Mr Key Shop Editorial Staff

Mr Key Shop Editorial Staff

News and insights into the world of technology and software.

Leave a comment

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments

Follow Us

Newsletter

Get the best blog stories into your inbox

Recent Posts

Editor's Choise

articles of the day

Subscribe to our Newsletter