Microsoft August Patch Tuesday: 1 Zero-Day Security Flaw Addressed -- Redmondmag.com

Microsoft August Patch Tuesday: 1 Zero-Day Security Flaw Addressed

In the wake of last month's massive security update, Microsoft has released a smaller number of fixes for August.

By Chris Paoli
08/08/2023

After last months massive security update from Microsoft, this month's patch load comes with a more-manageable 74 bulletins and two advisories.

Zero-day issues were also on the downswing this month, with Microsoft issuing a fix for just one issue that is in active exploit. As with the case, the lone zero-day, CVE-2023-38180, should be the top priority in patching this month.

The fix addresses a denial-of-service vulnerability in .NET and Visual Studio, which Microsoft said could lead to a system crash through a DDoS attack. While Microsoft has acknowledged that it has seen attacks exploiting the hole in the wild, it has not gone into any detail on the flaw or the monitored attacks.

While that directly takes care of this month's single zero-day issue, Microsoft also released an advisory on a publicly disclosed issue in Microsoft Office, which updates an issue first disclosed last month. "This defense in depth update is not a vulnerability, but installing this update stops the attack chain leading to the Windows Search security feature bypass vulnerability (CVE-2023-36884)," wrote Microsoft. "Microsoft recommends installing the Office updates discussed in this advisory as well as installing the Windows updates from August 2023."

While this month's advisory can be seen as a mitigation against the Office remote code execution vulnerability, it isn't a final patch. Microsoft has not stated when a permanent fix will be available.

Once the two zero-day items are addressed, IT should focus on applying the following "critical" bulletins:

CVE-2023-36895: Remote code execution vulnerability in Microsoft Outlook.
CVE-2023-29330: Remote code execution vulnerability in Microsoft Teams.
CVE-2023-29328: Remote code execution vulnerability in Microsoft Teams.
CVE-2023-36911: Remote code execution vulnerability in Microsoft Message Queuing.
CVE-2023-36910: Remote code execution vulnerability in Microsoft Message Queuing.
CVE-2023-35385: Remote code execution vulnerability in Microsoft Message Queuing.

The full list of this month's bulletins can be found here.

About the Author

Chris Paoli (@ChrisPaoli5) is the associate editor for Converge360.

Featured

Multi-Tenant Organization Hooks Released for Microsoft 365

Microsoft Entra ID's new multi-tenant organization capabilities have reached general availability (GA).
Real-World Ransomware Recovery

Here's how I was (mostly) successful in recovering a family PC infected with malware.
Microsoft Launches Small AI Models Family Phi-3

Recognizing that bigger isn't always better, Microsoft has released its smallest open AI models to date, Phi-3.
Microsoft and OpenAI Continue Global AI Expansions

Microsoft and OpenAI each continued their global expansion this month, with the announcements of new infrastructure investments and service rollouts in new regions, like Asia and the Middle East.
Cisco Warns of Brute Force Attacks Targeting VPNs and Firewalls

Cisco has revealed that a global increase in brute force attacks targeting Virtual Private Networks (VPNs) and other devices is currently taking place.