www.belgium.be Logo of the federal government


Advisory #2023-108
Affected software: 
.NET and Visual Studio
.NET Core & Visual Studio
.NET Framework
3D Builder
3D Viewer
Azure DevOps
Azure HDInsights
Microsoft Azure Kubernetes Service
Microsoft Dynamics
Microsoft Dynamics Finance & Operations
Microsoft Exchange Server
Microsoft Identity Linux Broker
Microsoft Office
Microsoft Office Excel
Microsoft Office Outlook
Microsoft Office SharePoint
Microsoft Office Word
Microsoft Streaming Service
Microsoft Windows Codecs Library
Visual Studio
Visual Studio Code
Windows Cloud Files Mini Filter Driver
Windows Common Log File System Driver
Windows Defender
Windows DHCP Server
Windows GDI
Windows Internet Connection Sharing (ICS)
Windows Kernel
Windows Scripting
Windows TCP/IP
Windows Themes
Several types, ranging from Information Disclosure to Remote Code Execution and Privilege Escalation.

Microsoft patched 61 CVEs in its September 2023 Patch Tuesday release, 5 rated as critical and 55 rated as important and 1 as moderate.

Number of CVE's per type

  •     Remote Code Execution (RCE): 27
  •     Elevation of Privileges (EoP): 17
  •     Information Disclosure: 9
  •     Spoofing: 5
  •     Denial of Service (DoS) 3
  •     Security Feature Bypass: 3

Microsoft indicates two vulnerabilities are actively exploited in the wild.



Microsoft - https://msrc.microsoft.com/update-guide/releaseNote/2023-Sep


This month’s Patch Tuesday includes 5 critical and 55 important vulnerabilities for a wide range of Microsoft products, impacting Microsoft Server and Workstations. Since two vulnerabilities are exploited in the wild urgent patching is advised.


Microsoft has released multiple patches for vulnerabilities covering a range of their products. These monthly releases are called “Patch Tuesday”, and contain security fixes for Microsoft devices and software. This month’s release covers 61 vulnerabilities. 5 vulnerabilities are marked as critical and 55 as important. It includes 1 vulnerability which was made public prior to patch Tuesday. Two of the patched vulnerabilities are actively exploited. Microsoft considers 12 of these vulnerabilities are more likely to be exploited in the near future thus urgent patching is advised.

The CCB would like to point your attention to following vulnerabilities:

  • CVE-2023-36761 is an important Microsoft Word information disclosure vulnerability. It received a CVSSv3.1 score of 6.2. According to Microsoft, it has been exploited in the wild as a zero-day and was publicly disclosed prior to a patch being available. Exploitation of this vulnerability requires the user to open a crafted malicious file. Microsoft indicates the Preview Pane is an attack vector. Exploiting this vulnerability could allow the disclosure of NTLM hashes. These NTLM hashes can be cracked or used in NTLM Relay attacks to gain access to the involved account.


  • CVE-2023-36802 is an important Microsoft Streaming Service Proxy Elevation of Privilege (EoP) vulnerability. It received a CVSSv3.1 score of 7.8. According to Microsoft, it has been exploited in the wild as a zero-day. An authenticated local attacker who successfully exploits this vulnerability could gain SYSTEM privileges. A security researcher has indicated full technical details including exploitation code will be published in the near future.


  • CVE-2023-36792, CVE-2023-36793 and CVE-2023-36796 are three critical Remote Code Execution (RCE) vulnerabilities affecting Microsoft Visual Studio. These three vulnerabilities received a CVSSv3.1 score of 7.8. Exploitation of this vulnerability requires that an attacker convinces a user to open a maliciously crafted package file in Visual Studio. Note the word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.


  • CVE-2023-29332 is a critical Elevation of Privilege (EoP) vulnerability affecting Microsoft Azure Kubernetes Service. It received a CVSSv3.1 score of 7.5. An unauthenticated remote attacker who successfully exploits this vulnerability could gain Cluster Administrator privileges. Microsoft also indicates the attacker does not require significant prior knowledge of the cluster/system and can achieve repeatable success when attempting to exploit this vulnerability.


  • CVE-2023-38148 is a critical Remote Code Execution (RCE) vulnerability affecting Internet Connection Sharing (ICS). It received a CVSv3.1 score of 8.8. An unauthorized attacker on the same network segment could exploit this vulnerability by sending a specially crafted network packet to the Internet Connection Sharing (ICS) Service.


  • CVE-2023-36744, CVE-2023-36745, CVE-2023-36756 are three important Remote Code Execution (RCE) vulnerabilities affecting Microsoft Exchange. These three vulnerabilities received a CVSSv3.1 score of 8.0. An authenticated attacker on the same network segment as the Exchange server could trigger malicious code in the context of the server's account through a network call.. These vulnerabilities have been reported by a security researcher but Microsoft considers exploitation of these vulnerabilities in the near future to be more likely.

Recommended Actions

The CCB recommends installing updates for vulnerable devices with the highest priority, after thorough testing.


Tenable - https://www.tenable.com/blog/microsofts-september-2023-patch-tuesday-add...

SANS ISC - https://isc.sans.edu/diary/Microsoft%20September%202023%20Patch%20Tuesday/30214

Bleeping Computer - https://www.bleepingcomputer.com/news/microsoft/microsoft-september-2023-patch-tuesday-fixes-2-zero-days-59-flaws/