September’s Patch Tuesday brings important updates for Microsoft Office and Visual Studio

September’s Patch Tuesday brings important updates for Microsoft Office and Visual Studio

Microsoft ⁣released 59 updates ⁤in​ its September Patch Tuesday release,⁢ with critical patches ‌for Microsoft Office and Visual Studio,⁣ and  continued the trend​ of including non-Microsoft applications‍ in its ‌update cycle. (Notepad++ is a notable addition, with ⁢Autodesk returning with a revised bulletin.) We’ve ⁢made “Patch Now” recommendations for ⁣Microsoft development platforms (Visual Studio) ‌and⁤ Microsoft Word.

Unfortunately, updates for Microsoft Exchange Server have also returned, requiring server reboots this ⁢time, too.

The team at Readiness ⁢has created this infographic outlining the risks associated with ⁤each of the September updates.

Known issues

Each month, Microsoft includes a list of known issues ​that ‍relate to the operating system and‌ platforms included in the latest update cycle:

After installing this update ⁣on guest virtual machines (VMs) running Windows Server 2022 on some versions of VMware ESXi, Windows Server 2022 might not ⁢start up. VMWare‍ has ⁣published an article (KB90947) ‌on how to resolve the issue.
New security enhancements in SharePoint ‌Server (2019) might prevent custom .aspx⁢ files ⁣from being displayed‌ under certain circumstances. Browsing to such a page generates a “92liq” ‍event tag in SharePoint Unified Logging System (ULS) logs.
Major‍ revisions

Microsoft published the following major revisions this month:

CVE-2023-41303: Use-after-free vulnerability in Autodesk® FBX® SDK 2020. This is an ⁤information update (note that this⁢ third-party application update does not have‍ an updated release log — naughty Microsoft). No further action required.
CVE-2023-20569 Return Address Predictor. The affected ⁣products​ table has been updated to⁣ include Azure ‍Virtual⁣ Machines, as customers who use custom maintenance controls‌ are ⁢affected by CVE-2023-20569 and‌ are required to take action to protect⁢ their resources.
CVE-2023-21709, CVE-2023-35368, CVE-2023-35388, CVE-2023-38185, CVE-2023-38181 and ⁣CVE-2023-38182: Microsoft Exchange Server Elevation ⁢of Privilege Vulnerability. ⁤The⁢ known issue affecting the non-English August ⁢updates of Exchange Server has been resolved. Microsoft recommends installing the ​updated packages as soon as possible.

And it looks as⁤ if Microsoft “missed” a CVE​ last month ​— CVE-2023-36769 for ⁣OneNote, which has ‌now been updated and included in this month’s ‍updates.

Mitigations and⁢ workarounds

Microsoft published the following vulnerability ⁣related mitigations for this release ​cycle:

CVE-2023-38162, ​CVE-2023-38152, CVE-2023-36081: DHCP Server Service Information ‌Disclosure Vulnerability. Microsoft helpfully notes that‍ if‍ you have not enabled DHCP on your servers, you’re not exposed to this vulnerability.
CVE-2023-38148: ‍Internet Connection⁤ Sharing (ICS) ⁣Remote Code Execution Vulnerability. Similarly, if you have ⁤not enabled ⁣this feature, you’re not exposed.
Testing⁣ guidance

Each month,⁢ the ​Readiness ‌team analyzes⁤ the latest Patch ‌Tuesday updates and provides detailed, ‍actionable…

2023-09-17⁤ 12:00:03
Link from www.computerworld.com rnrn

Exit mobile version