Service Notices

All Notices > Security Notices > Microsoft Releases August 2023 Security Updates

Microsoft Releases August 2023 Security Updates

Aug 10, 2023 GMT+08:00

I. Overview

Microsoft has released its August 2023 Security Updates. A total of 74 security vulnerabilities have been disclosed, among which 6 are marked as important vulnerabilities. Attackers can exploit these vulnerabilities to implement remote code execution, privilege escalation, and security feature bypass. The affected applications include Microsoft Windows, Microsoft Office, Microsoft Teams, and Microsoft Exchange.

For details, visit the Microsoft official website:

https://msrc.microsoft.com/update-guide/releaseNote/2023-Aug

The following vulnerabilities have been exploited by attackers:

.NET and Visual Studio Denial of Service Vulnerability (CVE-2023-38180): 0-day vulnerability. Remote attacker may send specially crafted input to the target application to trigger this vulnerability. Successful exploitation of this vulnerability can cause DoS attacks. This vulnerability has been exploited in the wild, and the risk is high.

8 vulnerabilities (such as CVE-2023-38182, CVE-2023-35388, and CVE-2023-35386) are marked as Exploitation More Likely. For details, see the official announcement. Please perform security self-check and security hardening in a timely manner to reduce attack risks.

II. Severity

Severity: important

(Severity: low, moderate, important, and critical)

III. Affected Products

Microsoft Windows, Microsoft Office, Microsoft Teams, and Microsoft Exchange.

IV. Vulnerability Details

CVE ID

Vulnerability

Severity

Description

CVE-2023-35385
CVE-2023-36911
CVE-2023-36910

Microsoft Message Queuing Remote Code Execution Vulnerability

Important

Successful exploitation of this vulnerability could allow an unauthenticated attacker to remotely execute code on the target server.

CVE-2023-29330
CVE-2023-29328

Microsoft Teams Remote Code Execution Vulnerability

Important

To exploit this vulnerability, a remote attacker would trick the victim into joining a malicious Microsoft Teams meeting set up by the attacker. Successful exploitation of this vulnerability could enable access to the victim's information and the ability to alter information. Successful exploitation could also potentially cause downtime for the client machine.

CVE-2023-36895

Microsoft Outlook Remote Code Execution Vulnerability

Important

To exploit this vulnerability, an unauthenticated attacker would trick the victim to download and open a specially crafted file from the website. Successful exploitation of the vulnerability can cause remote code execution on the target system.

(Note: Vulnerabilities listed above are important ones. For more information, refer to the official website of Microsoft.)

V. Security Recommendations

1. Use Windows Update or download patches from the following address to fix the vulnerabilities:

https://msrc.microsoft.com/update-guide

2. Back up data remotely to protect your data.

Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.