Microsoft fixes 87 security vulnerabilities in its latest Patch Tuesday release

Alfonso Maruccia

Posts: 753   +259
Why it matters: On the second Tuesday of every month for the past two decades, Redmond has consistently issued new security updates for Windows and all of its software products. This practice is informally referred to as "Patch Tuesday," and it typically adds to the workload of sysadmins and code analysis specialists.

Microsoft recently released security fixes for 87 bugs. This month's Patch Tuesday also includes remedies for two vulnerabilities that were actively being exploited by cybercriminals. Redmond's official bulletin comprises security notices for Teams, Exchange Server, .NET Core, Visual Studio, Azure, Hyper-V, and various Windows components.

Six vulnerabilities were classified as "critical," while 23 flaws could be exploited to execute potentially malicious code from remote locations. Overall, the flaws fixed by the latest Patch Tuesday are classified as follows: 18 elevation of privilege vulnerabilities, three security feature bypass vulnerabilities, 23 remote code execution vulnerabilities, 10 information disclosure vulnerabilities, eight denial of service vulnerabilities, and 12 spoofing vulnerabilities.

The updates don't include 20 security fixes for the Chromium-based Edge browser, which Microsoft released earlier this month. A comprehensive report about all the fixed vulnerabilities and related advisories has been published by Bleeping Computer.

Patch Tuesday includes an advisory (ADV230003) about a Microsoft Office Defense in Depth Update, designed to provide enhanced security for Redmond's productivity suite. The update thwarts an attack chain that could lead to CVE-2023-36884, a previously mitigated remote code execution vulnerability in the Windows Search feature. This flaw could bypass the Mark of the Web (MoTW) security feature, urging users to download and open malicious files without displaying a security warning.

The zero-day flaw had already been exploited in a ransomware operation by the RomCom hacking group. However, it should now be fixed (and unexploitable) for good. The second zero-day addressed this month is a .NET and Visual Studio Denial of Service Vulnerability (CVE-2023-38180), capable of causing a denial of service against .NET applications and the Visual Studio IDE. Microsoft didn't provide any additional details about this flaw.

Microsoft rolled out its latest patch series via Windows Update, update management systems such as WSUS, and as direct downloads available on the Microsoft Update Catalog. Other companies providing security fixes in sync with the August 2023 Patch Tuesday include Adobe, AMD, Cisco, Google, SAP, and VMware.

Permalink to story.

Oh that's why my computer restarted last night? I was wondering why I lost my data. Thanks for the zero-day notice Microsoft!
Last edited:
I have Pro - but I knew when I put it to sleep - good chance it will update - think non-pro is even more takeover
I've started using hibernate because sleep on windows is unusable. it's impossible to keep my laptop from waking up a few minutes after I close the lid when I put it to sleep.
I've started using hibernate because sleep on windows is unusable. it's impossible to keep my laptop from waking up a few minutes after I close the lid when I put it to sleep.
Yeah The PC I built my son - any vibration - wakes it up = suppose could check settings - think you can say wake on keyboard only - not mouse
I don't know why, but mine doesn't restart automatically after an update. Rather, the system asks me to restart the machine.
Just goes to show that hackers are smarter than Windows. Windows has to rely on hackers to expose their basic coding faults instead of hiring smarter coders to tackle the problem before its release. Another option is to hire coders to check for vulnerabilities before the release of new IoT