Patch Tuesday Updates for August 2023: Fixes 74 Flaws
Microsoft has released its most recent Patch Tuesday updates for August 2023, and there are 74 vulnerabilities fixed in this update. The 132 vulnerabilities that were fixed in the previous month have significantly decreased from that number.
The Patch Tuesday updates for August 2023 include one moderate, 67 Important, and six Critical vulnerabilities. Take a look at the list of patches included in the August 2023 Security Updates. Two defense-in-depth updates for Microsoft Office (ADV230003) and the Memory Integrity System Readiness Scan Tool were released alongside the security upgrades (ADV230004).
The updates are in addition to the 30 issues that Microsoft has fixed in its Chromium-based Edge browser since Patch Tuesday last month and the one side-channel flaw affecting specific AMD processor models (CVE-2023-20569 or Inception).
Six of the vulnerabilities in this collection are rated as Critical and 67 as Important for security. In addition to these updates, Microsoft has also released two defense-in-depth updates: one for Microsoft Office (ADV230003) and one for the Memory Integrity System Readiness Scan Tool (ADV230004).
See Also: Windows 11 KB5028185 Update Released with Moment 3 features
ADV230003 CVE-2023-36884
ADV230003 relates to a security hole known as CVE-2023-36884. In Office and Windows HTML, this specific vulnerability allows for remote code execution. Threat actor RomCom, which has ties to Russia, has actively exploited it. The majority of the targets of the attacks were Eastern European and North American organizations that supported Ukraine. Microsoft stresses that the most recent patch successfully breaks the attack chain that resulted in the remote code execution bug.
The Memory Integrity System Readiness scan tool is covered by the other defense-in-depth update. Assessing compatibility problems with memory integrity, also known as hypervisor-protected code integrity, or HVCI, is the responsibility of this tool. The update resolves a known issue in which the initial release lacked an RSRC section, which contains crucial resource data for a module.
Microsoft has also addressed numerous additional vulnerabilities. These include flaws that allow remote code execution in Microsoft Teams and Microsoft Message Queuing (MSMQ), as well as a number of spoofing flaws in software like Azure Apache Ambari, Azure Apache Hadoop, Azure Apache Hive, Azure Apache Oozie, Azure DevOps Server, Azure HDInsight Jupyter, and the.NET Framework.
Additionally, Microsoft has fixed two information disclosure flaws and six DoS vulnerabilities in MSMQ. This is in addition to numerous other issues that have previously been found in the same service and may result in remote code execution and denial of service attacks.
The following vulnerabilities stand out among the others: CVE-2023-35388, CVE-2023-38182 (which has a CVSS score of 8.0), and CVE-2023-38185 (with a CVSS score of 8.8). These are categorized as vulnerabilities that affect Exchange Server and allow remote code execution. The likelihood of exploitation has been estimated to be higher for the first two vulnerabilities.
Install Patch Tuesday Updates for August 2023
The Windows 11 KB5029263 security update for 22H2 (also known as the August 2023 Patch Tuesday Update) has been released, and this update addresses security issues for your Windows operating system. This update makes miscellaneous security improvements to internal OS functionality.
In addition to the security fixes and improvements, Microsoft also says that the KB5029263 update has a known issue that impacts IT administrators who use provisioning packages to configure new devices for use on business or school networks. This issue can cause Windows to only be partially configured or the Out-of-Box Experience to not finish or restart unexpectedly.
You can install the KB5029263 update on your Windows 11 computer via Windows Update. To get this update, go to Settings > Windows Update and run Check for Updates. This will fetch the latest updates applicable to Windows 11 and download the KB5029263 update. Once you see the 2023-07 Cumulative Update for Windows 11 Version 22H2 for x64-based Systems (KB5029263), click Install. This will install the update, and your computer will reboot to complete the update installation.
For offline installation of KB5029263 update on your Windows 11 PC, you can download this update from Microsoft Update Catalog site.