Microsoft Monthly Security Update (September 2023)

Microsoft has released monthly security update for their products:

Vulnerable Product	Risk Level	Impacts	Notes
Browser	Low Risk
Windows	High Risk	Elevation of Privilege Denial of Service Information Disclosure Remote Code Execution Security Restriction Bypass	CVE-2023-36802 is being exploited in the wild. The vulnerability can be exploited to local privilege elevation vulnerability that allows attackers to gain SYSTEM privileges.
Extended Security Updates (ESU)	Medium Risk	Elevation of Privilege Information Disclosure Denial of Service
Azure	Medium Risk	Elevation of Privilege Remote Code Execution
Microsoft Office	High Risk	Security Restriction Bypass Information Disclosure Elevation of Privilege Spoofing Remote Code Execution	CVE-2023-36761 is being exploited in the wild. The vulnerability can be used to steal NTLM hashes when opening a document, including in the preview pane. These NTLM hashes can be cracked or used in NTLM Relay attacks to gain access to the account.
Developer Tools	Medium Risk	Elevation of Privilege Remote Code Execution Denial of Service
Exchange Server	Medium Risk	Spoofing Remote Code Execution Information Disclosure
Apps	Medium Risk	Remote Code Execution
Microsoft Dynamics	Low Risk	Spoofing
System Center	Medium Risk	Security Restriction Bypass

Number of ‘Extremely High Risk’ product(s): 0

Number of ‘High Risk’ product(s): 2

Number of ‘Medium Risk’ product(s): 6

Number of ‘Low Risk’ product(s): 2

Evaluation of overall ‘Risk Level’: High Risk

RISK: High Risk

TYPE: Operating Systems – Windows OS

Impact

Before installation of the software, please visit the vendor web-site for more details.