Oasis Ticket Sales Scams: How to Stay Safe
During our weekly meetings with the banking industry and Police Scotland, we continue to see a significant increase in ticket scams over the last three…
Microsoft Patch Tuesday, October 2023: What organisations need to know.
Microsoft released its October 2023 Patch Tuesday updates on October 10, 2023, fixing 103 vulnerabilities, including three zero-days actively exploited. Organisations should prioritise installing these updates as soon as possible to reduce their attack risk.
Zero-day vulnerabilities
The three zero-day vulnerabilities fixed in the October 2023 Patch Tuesday updates are:
- CVE-2023-36563: A remote code execution (RCE) vulnerability in the Windows Print Spooler service.
- CVE-2023-41763: An RCE vulnerability in the Windows kernel.
- CVE-2023-41764: A privilege escalation vulnerability in the Windows kernel.
All three critical vulnerabilities could allow attackers to execute arbitrary code on a vulnerable system, leading to a complete compromise. Businesses should install the updates for these vulnerabilities as soon as possible.
Other notable vulnerabilities
In addition to the three zero-day vulnerabilities, the October 2023 Patch Tuesday updates also fix several other notable vulnerabilities, including:
- CVE-2023-41765: An RCE vulnerability in the Windows Common Log File System (CLFS) driver.
- CVE-2023-41766: An RCE vulnerability in the Windows Hyper-V hypervisor.
- CVE-2023-41767: An RCE vulnerability in the Windows Network File System (NFS) client.
- CVE-2023-41768: An RCE vulnerability in the Windows Remote Desktop Protocol (RDP) server.
Organisations should review the complete list of vulnerabilities fixed in the October 2023 Patch Tuesday updates and install all the updates that apply to their systems.
Recommendations for organisations
Businesses should take the following steps to protect themselves from the vulnerabilities fixed in the October 2023 Patch Tuesday updates:
- Prioritise installing the updates for the three zero-day vulnerabilities (CVE-2023-36563, CVE-2023-41763, and CVE-2023-41764).
- Review the complete list of vulnerabilities fixed in the October 2023 Patch Tuesday updates and install all the updates that apply to their systems.
- Test updates in a non-production environment before deploying them to production systems.
- Use a patch management tool to automate the process of deploying updates.
By following these steps, organisations can help to reduce the risk of cyber attacks and keep their systems secure.
Related articles
Alert: Unpatched Microsoft Office Vulnerability Exposes NTLM Hashes
Microsoft has recently disclosed a significant security vulnerability affecting multiple versions of its Office suite, including Office 2016, Office 2019, Office LTSC 2021 and Microsoft…
Public Alert: Windows 11 End of Support – Action Required
Microsoft has issued an important reminder that multiple editions of Windows 11 will reach the end of their support lifecycle on 8 October 2024. This…