Jetzt Ausprobieren
Patch Tuesday

Microsoft Patch Tuesday – August 2023

6 min. read
08/08/2023
By Esben Dochy
Microsoft-Patch-Tuesday-May-2022

Patch Tuesday is once again upon us. As always, our team has put together the monthly Patch Tuesday Report to help you manage your update progress. The audit report gives you a quick and clear overview of your Windows machines and their patching status. The August 2023 edition of Patch Tuesday brings us 75 new fixes, with 6 rated as critical. We’ve listed the most important changes below.

⚡ TL;DR | Go Straight to the August 2023 Patch Tuesday Audit Report

Six Microsoft Exchange Vulnerabilities

Exchange is once again a hot topic this month. Coming in with four Remote Code Execution (RCE) vulnerabilities, a spoofing vulnerability, and an elevation of privilege vulnerability, it is likely the most important group of fixes this month. These vulnerabilities range between a CVSS base score of 8 and 9.8.

The two most severe in the group are CVE-2023-38182 and CVE-2023-35388, while they both „only“ have a CVSS base score of 8, Microsoft mentions that these two are more likely to be exploited. In order to exploit these vulnerabilities, an authenticated attacker who is on the same intranet as the Exchange server can achieve remote code execution via a PowerShell remoting session.

Microsoft Teams Remote Code Execution

Two of the critical severity vulnerabilities are related to Microsoft Teams. Both are RCE vulnerabilities that require a user to join a malicious Microsoft Teams meeting set up by the attacker to be exploited. If exploited, the attacker can then execute code using the security context of that user.

Microsoft has released updates for all of its Teams versions. While Teams should automatically update (since Microsoft doesn’t allow manual deployment). However, it might be interesting to verify your Teams installations are fully up to date. Microsoft lists that it has updated its Teams applications to the following versions.

ProductBuild
Microsoft Teams for iOS5.12.1
Microsoft Teams for Mac1.6.00.17554
Microsoft Teams for Android1.0.0.2023070204
Microsoft Teams for Desktop1.6.00.18681

Run the Patch Tuesday August 2023 Audit

To help manage your update progress, we’ve created the Patch Tuesday Audit that checks if the assets in your network are on the latest patch updates. The report has been color-coded to see which machines are up-to-date and which ones still need to be updated. As always, system administrators are urged to update their environment as soon as possible to ensure all endpoints are secured.

The Lansweeper Patch Tuesday report is automatically added to your Lansweeper Site. Lansweeper Sites is included in all our licenses without any additional cost and allows you to federate all your installations into one single view so all you need to do is look at one report, automatically added every patch Tuesday!

Patch Tuesday August 2023 CVE Codes & Titles

CVE NumberCVE Title
CVE-2023-38254Microsoft Message Queuing Denial of Service Vulnerability
CVE-2023-38188Azure Apache Hadoop Spoofing Vulnerability
CVE-2023-38186Windows Mobile Device Management Elevation of Privilege Vulnerability
CVE-2023-38185Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2023-38184Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
CVE-2023-38182Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2023-38181Microsoft Exchange Server Spoofing Vulnerability
CVE-2023-38180.NET and Visual Studio Denial of Service Vulnerability
CVE-2023-38178.NET Core and Visual Studio Denial of Service Vulnerability
CVE-2023-38176Azure Arc-Enabled Servers Elevation of Privilege Vulnerability
CVE-2023-38175Microsoft Windows Defender Elevation of Privilege Vulnerability
CVE-2023-38172Microsoft Message Queuing Denial of Service Vulnerability
CVE-2023-38170HEVC Video Extensions Remote Code Execution Vulnerability
CVE-2023-38169Microsoft OLE DB Remote Code Execution Vulnerability
CVE-2023-38167Microsoft Dynamics Business Central Elevation Of Privilege Vulnerability
CVE-2023-38154Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-36914Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability
CVE-2023-36913Microsoft Message Queuing Information Disclosure Vulnerability
CVE-2023-36912Microsoft Message Queuing Denial of Service Vulnerability
CVE-2023-36911Microsoft Message Queuing Remote Code Execution Vulnerability
CVE-2023-36910Microsoft Message Queuing Remote Code Execution Vulnerability
CVE-2023-36909Microsoft Message Queuing Denial of Service Vulnerability
CVE-2023-36908Windows Hyper-V Information Disclosure Vulnerability
CVE-2023-36907Windows Cryptographic Services Information Disclosure Vulnerability
CVE-2023-36906Windows Cryptographic Services Information Disclosure Vulnerability
CVE-2023-36905Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability
CVE-2023-36904Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVE-2023-36903Windows System Assessment Tool Elevation of Privilege Vulnerability
CVE-2023-36900Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2023-36899ASP.NET Elevation of Privilege Vulnerability
CVE-2023-36898Tablet Windows User Interface Application Core Remote Code Execution Vulnerability
CVE-2023-36897Visual Studio Tools for Office Runtime Spoofing Vulnerability
CVE-2023-36896Microsoft Excel Remote Code Execution Vulnerability
CVE-2023-36895Microsoft Outlook Remote Code Execution Vulnerability
CVE-2023-36894Microsoft SharePoint Server Information Disclosure Vulnerability
CVE-2023-36893Microsoft Outlook Spoofing Vulnerability
CVE-2023-36892Microsoft SharePoint Server Spoofing Vulnerability
CVE-2023-36891Microsoft SharePoint Server Spoofing Vulnerability
CVE-2023-36890Microsoft SharePoint Server Information Disclosure Vulnerability
CVE-2023-36889Windows Group Policy Security Feature Bypass Vulnerability
CVE-2023-36884Windows Search Security Feature Bypass Vulnerability
CVE-2023-36882Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2023-36881Azure Apache Ambari Spoofing Vulnerability
CVE-2023-36877Azure Apache Oozie Spoofing Vulnerability
CVE-2023-36876Reliability Analysis Metrics Calculation (RacTask) Elevation of Privilege Vulnerability
CVE-2023-36873.NET Framework Spoofing Vulnerability
CVE-2023-36869Azure DevOps Server Spoofing Vulnerability
CVE-2023-36866Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2023-36865Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2023-35394Azure HDInsight Jupyter Notebook Spoofing Vulnerability
CVE-2023-35393Azure Apache Hive Spoofing Vulnerability
CVE-2023-35391ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability
CVE-2023-35390.NET and Visual Studio Remote Code Execution Vulnerability
CVE-2023-35389Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability
CVE-2023-35388Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2023-35387Windows Bluetooth A2DP driver Elevation of Privilege Vulnerability
CVE-2023-35386Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-35385Microsoft Message Queuing Remote Code Execution Vulnerability
CVE-2023-35384Windows HTML Platforms Security Feature Bypass Vulnerability
CVE-2023-35383Microsoft Message Queuing Information Disclosure Vulnerability
CVE-2023-35382Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-35381Windows Fax Service Remote Code Execution Vulnerability
CVE-2023-35380Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-35379Reliability Analysis Metrics Calculation Engine (RACEng) Elevation of Privilege Vulnerability
CVE-2023-35378Windows Projected File System Elevation of Privilege Vulnerability
CVE-2023-35377Microsoft Message Queuing Denial of Service Vulnerability
CVE-2023-35376Microsoft Message Queuing Denial of Service Vulnerability
CVE-2023-35372Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2023-35371Microsoft Office Remote Code Execution Vulnerability
CVE-2023-35368Microsoft Exchange Remote Code Execution Vulnerability
CVE-2023-35359Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-29330Microsoft Teams Remote Code Execution Vulnerability
CVE-2023-29328Microsoft Teams Remote Code Execution Vulnerability
CVE-2023-21709Microsoft Exchange Server Elevation of Privilege Vulnerability
CVE-2023-20569AMD: CVE-2023-20569 Return Address Predictor