CVE-2024-3400: PAN-OS Command Injection Vulnerability in GlobalProtect Gateway. Learn More

CVE-2024-3400: PAN-OS Command Injection Vulnerability in GlobalProtect Gateway. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
SpiderLabs Blog

Patch Tuesday, October 2023

Halloween is arriving and with it, Trustwave’s return to Patch Tuesday reports.

This month, Microsoft has released 104 patches with 12 of those rated as “critical.” Two vulnerabilities, one in MS WordPad and the other in Skype for Business (CVE-2023-36563 and CVE-2023-41763, respectively) are reported as being publicly exposed and exploited in the wild.

The critical patches include a Remote Code Execution (RCE) issue in Microsoft Message Queuing (CVE-2023-35349, CVE-2023-36697), a Microsoft Virtual Trusted Platform Module RCE(CVE-2023-36718), and a Layer 2 Tunnelling Protocol RCE (CVE-2023-38166, CVE-2023-41765, CVE-2023-41767, CVE-2023-41768, CVE-2023-41769, CVE-2023-41770, CVE-2023-41771, CVE-2023-41773, CVE-2023-41774) .

In addition to the 12 critical vulnerabilities, 92 are rated “important” and include the following attack types: RCE, Information Disclosure, Spoofing, Denial of Service (DOS), Elevation of Privilege, and Security Feature Bypass.

 

Critical (12)

 

Microsoft Message Queuing Remote Code Execution Vulnerability

CVE-2023-35349, CVE-2023-36697                          

Remote Code Execution                              

Microsoft Virtual Trusted Platform Module Remote Code Execution Vulnerability           

CVE-2023-36718

Remote Code Execution

Layer 2 Tunneling Protocol Remote Code Execution Vulnerability            

CVE-2023-38166, CVE-2023-41765, CVE-2023-41767, CVE-2023-41768, CVE-2023-41769,

CVE-2023-41770, CVE-2023-41771, CVE-2023-41773, CVE-2023-41774

Remote Code Execution

 

Important (92)

 

Windows Remote Desktop Gateway (RD Gateway) Information Disclosure Vulnerability              

CVE-2023-29348

Information Disclosure  

Azure Identity SDK Remote Code Execution Vulnerability            

CVE-2023-36414, CVE-2023-36415

Remote Code Execution               

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability              

CVE-2023-36416

Spoofing             

Microsoft SQL OLE DB Remote Code Execution Vulnerability

CVE-2023-36417

Remote Code Execution

Azure RTOS GUIX Studio Remote Code Execution Vulnerability

CVE-2023-36418

Remote Code Execution               

Azure HDInsight Apache Oozie Workflow Scheduler Elevation of Privilege Vulnerability

CVE-2023-36419

Elevation of Privilege     

Microsoft SQL ODBC Driver Remote Code Execution Vulnerability

CVE-2023-36420

Remote Code Execution

Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability

CVE-2023-36429

Information Disclosure  

Microsoft Message Queuing Denial of Service Vulnerability

CVE-2023-36431

Denial of Service             

Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability

CVE-2023-36433

Remote Code Execution

Windows IIS Server Elevation of Privilege Vulnerability 

CVE-2023-36434

Security Feature Bypass

Microsoft QUIC Denial of Service Vulnerability

CVE-2023-36435

Denial of Service             

Windows MSHTML Platform Remote Code Execution Vulnerability

CVE-2023-36436

Remote Code Execution               

Windows TCP/IP Information Disclosure Vulnerability

CVE-2023-36438

Information Disclosure                                

PrintHTML API Remote Code Execution Vulnerability

CVE-2023-36557

Remote Code Execution               

Azure DevOps Server Elevation of Privilege Vulnerability             

CVE-2023-36561

Elevation of Privilege     

Microsoft WordPad Information Disclosure Vulnerability            

CVE-2023-36563

Information Disclosure  

Windows Search Security Feature Bypass Vulnerability

CVE-2023-36564

Security Feature Bypass

Microsoft Office Graphics Elevation of Privilege Vulnerability    

CVE-2023-36565

Remote Code Execution

Microsoft Common Data Model SDK Denial of Service Vulnerability

CVE-2023-36566

Denial of Service

Windows Deployment Services Information Disclosure Vulnerability

CVE-2023-36567                                                                                                        

Information Disclosure  

Microsoft Office Click-To-Run Elevation of Privilege Vulnerability            

CVE-2023-36568

Elevation of Privilege     

Microsoft Office Elevation of Privilege Vulnerability

CVE-2023-36569

Elevation of Privilege     

Microsoft Message Queuing Remote Code Execution Vulnerability

CVE-2023-36570, CVE-2023-36571, CVE-2023-36572, CVE-2023-36573, CVE-2023-36574,

CVE-2023-36575

Remote Code Execution               

Windows Kernel Information Disclosure Vulnerability

CVE-2023-36576

Information Disclosure                                

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVE-2023-36577

Remote Code Execution

Microsoft Message Queuing Remote Code Execution Vulnerability

CVE-2023-36578

Remote Code Execution               

Microsoft Message Queuing Denial of Service Vulnerability

CVE-2023-36579, CVE-2023-36581

Denial of Service                            

 Microsoft Message Queuing Remote Code Execution Vulnerability

CVE-2023-36582, CVE-2023-36583

Remote Code Execution               

Windows Mark of the Web Security Feature Bypass Vulnerability

CVE-2023-36584

Security Feature Bypass               

Active Template Library Denial of Service Vulnerability

CVE-2023-36585

Denial of Service             

Microsoft Message Queuing Remote Code Execution Vulnerability

CVE-2023-36589, CVE-2023-36590, CVE-2023-36591, CVE-2023-36592, CVE-2023-36593

Remote Code Execution

Windows Graphics Component Elevation of Privilege Vulnerability

CVE-2023-36594

Elevation of Privilege                                   

Remote Procedure Call Information Disclosure Vulnerability

CVE-2023-36596

Information Disclosure                 

Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability

CVE-2023-36598

Remote Code Execution                              

Windows TCP/IP Denial of Service Vulnerability               

CVE-2023-36602

Denial of Service             

Windows TCP/IP Denial of Service Vulnerability               

CVE-2023-36603

Denial of Service             

Windows Named Pipe Filesystem Elevation of Privilege Vulnerability

CVE-2023-36605

Elevation of Privilege     

Microsoft Message Queuing Denial of Service Vulnerability

CVE-2023-36606

Denial of Service                            

Windows Kernel Security Feature Bypass Vulnerability  

CVE-2023-36698

Security Feature Bypass                              

Microsoft Defender Security Feature Bypass Vulnerability

CVE-2023-36700

Security Feature Bypass               

Microsoft Resilient File System (ReFS) Elevation of Privilege Vulnerability                          

CVE-2023-36701

Elevation of Privilege                    

Microsoft DirectMusic Remote Code Execution Vulnerability

CVE-2023-36702

Remote Code Execution

DHCP Server Service Denial of Service Vulnerability

CVE-2023-36703

Denial of Service                            

Windows Setup Files Cleanup Remote Code Execution Vulnerability

CVE-2023-36704

Remote Code Execution                              

Windows Deployment Services Information Disclosure Vulnerability

CVE-2023-36706

Information Disclosure  

Windows Deployment Services Denial of Service Vulnerability

CVE-2023-36707

Denial of Service                            

Microsoft AllJoyn API Denial of Service Vulnerability

CVE-2023-36709

Denial of Service                                                          

Windows Media Foundation Core Remote Code Execution Vulnerability              

CVE-2023-36710

Remote Code Execution               

Windows Runtime C++ Template Library Elevation of Privilege Vulnerability

CVE-2023-36711

Elevation of Privilege                                   

Windows Kernel Elevation of Privilege Vulnerability

CVE-2023-36712

Elevation of Privilege     

Windows Common Log File System Driver Information Disclosure Vulnerability

CVE-2023-36713

Information Disclosure  

Windows Virtual Trusted Platform Module Denial of Service Vulnerability

CVE-2023-36717

Denial of Service                            

Windows Mixed Reality Developer Tools Denial of Service Vulnerability              

CVE-2023-36720

Denial of Service                            

Windows Error Reporting Service Elevation of Privilege Vulnerability

CVE-2023-36721

Elevation of Privilege                

Active Directory Domain Services Information Disclosure Vulnerability

CVE-2023-36722

Information Disclosure                 

Windows Container Manager Service Elevation of Privilege Vulnerability            

CVE-2023-36723

Elevation of Privilege                    

Windows Power Management Service Information Disclosure Vulnerability

CVE-2023-36724

Information Disclosure  

Windows Kernel Elevation of Privilege Vulnerability

CVE-2023-36725

Elevation of Privilege                    

Windows Internet Key Exchange (IKE) Extension Elevation of Privilege Vulnerability

CVE-2023-36726

Elevation of Privilege     

Microsoft SQL Server Denial of Service Vulnerability

CVE-2023-36728

Denial of Service

Named Pipe File System Elevation of Privilege Vulnerability

CVE-2023-36729

Elevation of Privilege     

Microsoft SQL ODBC Driver Remote Code Execution Vulnerability

CVE-2023-36730

Remote Code Execution                              

Win32k Elevation of Privilege Vulnerability        

CVE-2023-36731, CVE-2023-36732

Elevation of Privilege     

Azure Network Watcher VM Agent Elevation of Privilege Vulnerability

CVE-2023-36737

Elevation of Privilege                                                  

Win32k Elevation of Privilege Vulnerability

CVE-2023-36743, CVE-2023-36776

Elevation of Privilege                                                  

Microsoft Exchange Server Remote Code Execution Vulnerability

CVE-2023-36778

Remote Code Execution

Skype for Business Remote Code Execution Vulnerability            

CVE-2023-36780, CVE-2023-36786

Remote Code Execution

Microsoft SQL ODBC Driver Remote Code Execution Vulnerability

CVE-2023-36785

Remote Code Execution                              

Skype for Business Elevation of Privilege Vulnerability   

CVE-2023-36789

Remote Code Execution                              

Windows RDP Encoder Mirror Driver Elevation of Privilege Vulnerability

CVE-2023-36790

Elevation of Privilege     

Windows Runtime Remote Code Execution Vulnerability            

CVE-2023-36902

Remote Code Execution               

Windows Graphics Component Elevation of Privilege Vulnerability

CVE-2023-38159

Elevation of Privilege     

Microsoft QUIC Denial of Service Vulnerability

CVE-2023-38171

Denial of Service                            

Skype for Business Elevation of Privilege Vulnerability

CVE-2023-41763

Elevation of Privilege                                   

Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability              

CVE-2023-41766                                                                                                                       

Elevation of Privilege     

Win32k Elevation of Privilege Vulnerability

CVE-2023-41772

Elevation of Privilege                    

Latest SpiderLabs Blogs

The Secret Cipher: Modern Data Loss Prevention Solutions

This is Part 7 in my ongoing project to cover 30 cybersecurity topics in 30 weekly blog posts. The full series can be found here. Far too many organizations place Data Loss Prevention (DLP) and Data...

Read More

CVE-2024-3400: PAN-OS Command Injection Vulnerability in GlobalProtect Gateway

Overview A command injection vulnerability has been discovered in the GlobalProtect feature within Palo Alto Networks PAN-OS software for specific versions that have distinct feature configurations...

Read More

CNAPP, CSPM, CIEM, CWPP – Oh My!

We all know the cybersecurity industry loves its acronyms, but just because this fact is widely known doesn’t mean everyone knows the story behind the alphabet soup groups of letters, we must deal...

Read More