Mac Users Alert: Beware of Atomic Stealer Malware
Cyber security experts have detected a new malware threat targeting Mac users: Atomic Stealer. The crux of this cyber-attack lies in the exploitation of compromised…
Microsoft Patch Tuesday, October 2023: What organisations need to know.
Microsoft released its October 2023 Patch Tuesday updates on October 10, 2023, fixing 103 vulnerabilities, including three zero-days actively exploited. Organisations should prioritise installing these updates as soon as possible to reduce their attack risk.
Zero-day vulnerabilities
The three zero-day vulnerabilities fixed in the October 2023 Patch Tuesday updates are:
- CVE-2023-36563: A remote code execution (RCE) vulnerability in the Windows Print Spooler service.
- CVE-2023-41763: An RCE vulnerability in the Windows kernel.
- CVE-2023-41764: A privilege escalation vulnerability in the Windows kernel.
All three critical vulnerabilities could allow attackers to execute arbitrary code on a vulnerable system, leading to a complete compromise. Businesses should install the updates for these vulnerabilities as soon as possible.
Other notable vulnerabilities
In addition to the three zero-day vulnerabilities, the October 2023 Patch Tuesday updates also fix several other notable vulnerabilities, including:
- CVE-2023-41765: An RCE vulnerability in the Windows Common Log File System (CLFS) driver.
- CVE-2023-41766: An RCE vulnerability in the Windows Hyper-V hypervisor.
- CVE-2023-41767: An RCE vulnerability in the Windows Network File System (NFS) client.
- CVE-2023-41768: An RCE vulnerability in the Windows Remote Desktop Protocol (RDP) server.
Organisations should review the complete list of vulnerabilities fixed in the October 2023 Patch Tuesday updates and install all the updates that apply to their systems.
Recommendations for organisations
Businesses should take the following steps to protect themselves from the vulnerabilities fixed in the October 2023 Patch Tuesday updates:
- Prioritise installing the updates for the three zero-day vulnerabilities (CVE-2023-36563, CVE-2023-41763, and CVE-2023-41764).
- Review the complete list of vulnerabilities fixed in the October 2023 Patch Tuesday updates and install all the updates that apply to their systems.
- Test updates in a non-production environment before deploying them to production systems.
- Use a patch management tool to automate the process of deploying updates.
By following these steps, organisations can help to reduce the risk of cyber attacks and keep their systems secure.
Related articles
Rise in Cryptocurrency Scams
Lloyds Banking Group (LBG) has warned customers of a 23% rise in Cryptocurrency scams compared to 2022. LBG found that 66% of investment scam cases…
Beware of Booking.com Phishing Frauds: Protecting Yourself from Online Scam
In recent years, Booking.com, a popular online travel agency, has been the target of several phishing scams. These scams have resulted in significant financial losses…