Two zero-days can be resolved by patching Office and Windows immediately

Two zero-days can be resolved by patching Office and Windows immediately

Microsoft has resolved 80 new CVEs this month in addition to four earlier CVEs, bringing the number of security issues addressed in this month’s Patch Tuesday release to 84. 

Unfortunately, we have two zero-day flaws in Outlook (CVE-2023-23397) and Windows (CVE-2023-24880) that require a “Patch Now” release requirement for both Windows and Microsoft Office updates. As it was last month, there were no further updates for Microsoft Exchange Server or Adobe Reader. This month the team at Application Readiness has provided a helpful infographic that outlines the risks associated with each of the updates for this cycle.

Known issues

Each month, Microsoft includes a list of known issues that relate to the operating system and platforms included in the update cycle.

KB5022842: After installing KB5022842 on Windows Server 2022 with Secure Boot enabled and rebooting twice, the VMware VM failed to boot using the new bootmgr. This issue is still under consideration by Microsoft. After installing this update, WPF apps may have a change in behavior.
After installing this month’s Windows update on guest virtual machines (VMs) running Windows Server 2022 on some versions of VMware ESXi, Windows Server 2022 might not start.

Microsoft is still working on a network performance issue with Windows 11 22H2. Large (multi-gigabyte) network file transfers (and potentially similarly large local transfers) are affected. This issue should mainly affect IT administrators.

Major revisions

Microsoft published four major revisions this month covering:

VE-2023-2156: Microsoft SQL Server Integration Service (VS extension) Remote Code Execution Vulnerability.
CVE-2022-41099: Title: BitLocker Security Feature Bypass Vulnerability.
CVE-2023-21716: Microsoft Word Remote Code Execution Vulnerability.
CVE-2023-21808 .NET and Visual Studio Remote Code Execution Vulnerability.

All of these revisions were due to documentation and expanded affected software updates. No…

2023-03-19 04:46:07
Original from www.computerworld.com

Exit mobile version