CVE-2023-36802
published 2023-09-12CVE-2023-36802: Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability
PriorityP182high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2023-10-03
Exploited in the wild
EPSS
26.10%
97.7th percentile
Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability
Affected
30 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10_1809 | < 10.0.17763.4851 | 10.0.17763.4851 |
| microsoft | windows_10_21h2 | < 10.0.19044.3448 | 10.0.19044.3448 |
| microsoft | windows_10_22h2 | < 10.0.19045.3448 | 10.0.19045.3448 |
| microsoft | windows_10_version_1809 | >= 10.0.0 < 10.0.17763.4851 | 10.0.17763.4851 |
| microsoft | windows_10_version_1809 | >= 10.0.17763.0 < 10.0.17763.4851 | 10.0.17763.4851 |
| microsoft | windows_10_version_21h2 | >= 10.0.19043.0 < 10.0.19044.3448 | 10.0.19044.3448 |
| microsoft | windows_10_version_22h2 | >= 10.0.19045.0 < 10.0.19045.3448 | 10.0.19045.3448 |
| microsoft | windows_11_21h2 | < 10.0.22000.2416 | 10.0.22000.2416 |
| microsoft | windows_11_22h2 | < 10.0.22621.2275 | 10.0.22621.2275 |
| microsoft | windows_11_version_21h2 | >= 10.0.0 < 10.0.22000.2416 | 10.0.22000.2416 |
| microsoft | windows_11_version_22h2 | >= 10.0.22621.0 < 10.0.22621.2283 | 10.0.22621.2283 |
| microsoft | windows_server_2019 | < 10.0.17763.4851 | 10.0.17763.4851 |
| microsoft | windows_server_2019 | >= 10.0.17763.0 < 10.0.17763.4851 | 10.0.17763.4851 |
| microsoft | windows_server_2022 | < 10.0.20348.1970 | 10.0.20348.1970 |
| microsoft | windows_server_2022 | >= 10.0.20348.0 < 10.0.20348.1970 | 10.0.20348.1970 |
| msrc | windows_10_version_1809_for_32-bit_systems | — | — |
| msrc | windows_10_version_1809_for_arm64-based_systems | — | — |
| msrc | windows_10_version_1809_for_x64-based_systems | — | — |
| msrc | windows_10_version_21h2_for_32-bit_systems | — | — |
| msrc | windows_10_version_21h2_for_arm64-based_systems | — | — |
| msrc | windows_10_version_21h2_for_x64-based_systems | — | — |
| msrc | windows_10_version_22h2_for_32-bit_systems | — | — |
| msrc | windows_10_version_22h2_for_arm64-based_systems | — | — |
| msrc | windows_10_version_22h2_for_x64-based_systems | — | — |
| msrc | windows_11_version_21h2_for_arm64-based_systems | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2023-36802 exploit targets Microsoft Streaming Service Proxy (mskssrv.sys) via specific IOCTLs (IOCTL_FRAMESERVER_PUBLISH_TX, IOCTL_FRAMESERVER_CONSUME_TX, IOCTL_FRAMESERVER_CONSUME_RX, IOCTL_FRAMESERVER_INIT_CONTEXT); monitor for unusual IOCTL calls to this driver from non-system processes. ↗
- →Raspberry Robin delivers the CVE-2023-36802 exploit as an external 64-bit executable (not embedded in the main 32-bit component) and with less obfuscation than the main payload — hunt for unsigned or anomalously-signed 64-bit PE drops from the main Raspberry Robin process. ↗
- →Raspberry Robin injects exploit code into cleanmgr.exe or winver.exe — alert on these processes spawning with unusual parent processes or performing privilege escalation activity. ↗
- →Raspberry Robin patches NtTraceEvent API to evade ETW — detect in-memory patching of NtTraceEvent in running processes as a strong indicator of compromise. ↗
- →Raspberry Robin terminates runlegacycplelevated.exe (UAC-related process) as an anti-analysis step — alert on unexpected termination of this process by non-system parents. ↗
- →Raspberry Robin uses PAExec.exe (instead of PsExec.exe) for lateral movement and payload download — monitor for PAExec.exe execution, especially when spawned by unusual parent processes. ↗
- →Raspberry Robin checks API hooks by comparing the first byte of GetUserDefaultLangID and GetModuleHandleW — presence of this hook-detection pattern in memory is a behavioral indicator. ↗
- →Raspberry Robin uses AbortSystemShutdownW and ShutdownBlockReasonCreate APIs to prevent system shutdown — alert on non-system processes calling these APIs. ↗
- →Raspberry Robin C2 beaconing starts by contacting 60 hard-coded Tor v3 .onion domains (masquerading as legitimate sites) before reaching real C2 — monitor for Tor traffic or DNS queries to these specific .onion domains. ↗
- →Raspberry Robin is delivered via Discord-hosted RAR archives containing OleView.exe (legitimate signed binary) and a malicious aclui.dll for DLL side-loading — alert on OleView.exe loading aclui.dll from non-standard paths. ↗
- →CVE-2023-36802 exploit is relevant to Windows 10 up through build number 22621 — prioritize detection and patching on systems at or below this build. ↗
- →Check Point IPS signature available for CVE-2023-36802: 'Microsoft Streaming Service Proxy Elevation of Privilege (CVE-2023-36802)'. ↗
- ·The exploit for CVE-2023-36802 was sold on Dark Web forums as early as February 2023, seven months before Microsoft's patch — systems may have been compromised well before the September 12, 2023 public disclosure. ↗
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vulncheck7.8HIGH
cisa7.8HIGH
vendor_msrc7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability
vendor_msrc·2023-09-12·CVSS 7.8
CVE-2023-36802 [HIGH] CWE-416 Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability
Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability
FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability?
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Microsoft Streaming Service: Microsoft Streaming Service
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Elevation of Privilege
Exploit Status: Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030214
Reference: https://support.microsoft.com/help/5030214
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5030216
Reference: https://support.microsoft.com/help/5030216
Reference: https://catalog
CISA
Microsoft Streaming Service Proxy Privilege Escalation Vulnerability
cisa·2023-09-12·CVSS 7.8
CVE-2023-36802 [HIGH] CWE-416 Microsoft Streaming Service Proxy Privilege Escalation Vulnerability
Vulnerability: Microsoft Streaming Service Proxy Privilege Escalation Vulnerability
Affected: Microsoft Streaming Service Proxy
Microsoft Streaming Service Proxy contains an unspecified vulnerability that allows for privilege escalation.
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36802; https://nvd.nist.gov/vuln/detail/CVE-2023-36802
Remediation Due Date: 2023-10-03
GHSA
GHSA-4v34-9x49-p452: Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability
ghsa_unreviewed·2023-09-12
CVE-2023-36802 [HIGH] CWE-416 GHSA-4v34-9x49-p452: Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability
Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability
VulnCheck
Microsoft Streaming Service Proxy Privilege Escalation Vulnerability
vulncheck·2023·CVSS 7.8
CVE-2023-36802 [HIGH] CWE-416 Microsoft Streaming Service Proxy Privilege Escalation Vulnerability
Microsoft Streaming Service Proxy Privilege Escalation Vulnerability
Microsoft Streaming Service Proxy contains an unspecified vulnerability that allows for privilege escalation.
Affected: Microsoft Streaming Service
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Exploitation References: https://api.msrc.microsoft.com/cvrf/v3.0/cvrf/2023-Sep; https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://thehackernews.com/2023/09/microsoft-releases-patch-for-two-new.html; https://ti.qianxin.com/uploads/2024/02/02/dcc93e586f9028c68e7ab34c3326ff31.pdf; https://research.checkpoint.com/2024/rasp
Project0
Project Zero RCA: CVE-2023-36802: Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability
project_zero·CVSS 7.8
CVE-2023-36802 [HIGH] Project Zero RCA: CVE-2023-36802: Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability
# CVE-2023-36802: Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability
*Benoît Sevens*
## The Basics
**Disclosure or Patch Date:** September 12, 2023
**Product:** Windows
**Advisory:** https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36802
**Affected Versions:**
* Windows 10 without KB5030211 or KB5030214
* Windows 11 without KB5030219 or KB5030217
* Windows Server 2019 without KB5030214
* Windows Server 2022 without KB5030216 or KB503025
**First Patched Version:**
* Windows 10 with KB5030211 or KB5030214
* Windows 11 with KB5030219 or KB5030217
* Windows Server 2019 with KB5030214
* Windows Server 2022 with KB5030216 or KB503025
**Issue/Bug Report:** N/A
**Patch CL:** N/A
**Bug-Introducing CL:** N/A
**Reporter(s):**
* Guanghui Xia (@ze0r) with
No detection rules found.
No public exploits indexed.
Securelist
Exploits and vulnerabilities in Q3 2024
blogs_securelist·2024-12-06·CVSS 8.1
CVE-2024-47177 [HIGH] Exploits and vulnerabilities in Q3 2024
Table of Contents
Statistics on registered vulnerabilities
Exploitation statistics
Windows and Linux vulnerability exploitation
Most prevalent exploits
Vulnerability exploitation in APT attacks
Interesting vulnerabilities
CVE-2024-47177 (CUPS filters)
CVE-2024-38112 (MSHTML Spoofing)
CVE-2024-6387 (regreSSHion)
CVE-2024-3183 (Free IPA)
CVE-2024-45519 (Zimbra)
CVE-2024-5290 (Ubuntu wpa_supplicant)
Conclusion and advice
Authors
Alexander Kolesnikov
Q3 2024 saw multiple vulnerabilities discovered in Windows and Linux subsystems that are not standard for cyberattacks. This is because operating system developers have been releasing new security mitigations for whole sets of vulnerabilities in commonly used subsystems. For example, a log integrity check is set to appear in the Co
Securelist
Analyzing the vulnerability landscape in Q3 2024
blogs_securelist·2024-12-06·CVSS 8.1
CVE-2024-47177 [HIGH] Analyzing the vulnerability landscape in Q3 2024
Table of Contents
- Statistics on registered vulnerabilities
- Exploitation statistics
- Vulnerability exploitation in APT attacks
- Interesting vulnerabilities
- CVE-2024-47177 (CUPS filters)
- CVE-2024-38112 (MSHTML Spoofing)
- CVE-2024-6387 (regreSSHion)
- CVE-2024-3183 (Free IPA)
- CVE-2024-45519 (Zimbra)
- CVE-2024-5290 (Ubuntu wpa_supplicant)
- Conclusion and advice
Authors
- Alexander Kolesnikov
Q3 2024 saw multiple vulnerabilities discovered in Windows and Linux subsystems that are not standard for cyberattacks. This is because operating system developers have been releasing new security mitigations for whole sets of vulnerabilities in commonly used subsystems. For example, a log integrity check is set to appear in the Common Log Filing System (CLFS) in Windows, so the number
Tenable
Microsoft’s June 2024 Patch Tuesday Addresses 49 CVEs
blogs_tenable·2024-06-11
Microsoft’s June 2024 Patch Tuesday Addresses 49 CVEs
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Bleepingcomputer
Raspberry Robin malware evolves with early access to Windows exploits
blogs_bleepingcomputer·2024-02-10
Raspberry Robin malware evolves with early access to Windows exploits
## Raspberry Robin malware evolves with early access to Windows exploits
## Bill Toulas
Recent versions of the Raspberry Robin malware are stealthier and implement one-day exploits that are deployed only on systems that are susceptible to them.
One-day exploits refer to code that leverages a vulnerability that the developer of the impacted software patched recently but the fix has either not been deployed to all clients or it has not been applied on all vulnerable systems.
From the moment the vendor discloses the vulnerability, which usually comes with publishing a patch, threat actors rush to create an exploit and use it before the fix propagates to a large number of systems.
According to a report from Check Point , Raspberry Robin has recently used at least two exploits for 1-day fl
Checkpoint
Raspberry Robin Keeps Riding the Wave of Endless 1-Days
blogs_checkpoint·2024-02-07
CVE-2023-36802 Raspberry Robin Keeps Riding the Wave of Endless 1-Days
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
AI Research 2
Android Malware 23
Artificial Intelligence 4
ChatGPT 3
Check Point Research Publications 455
Cloud Security 1
CPRadio 44
Crypto 2
Data & Threat Intelligence 2
Data Analysis 0
Demos 22
Global Cyber Attack Reports 408
How To Guides 13
Ransomware 5
Russo-Ukrainian War 1
Security Report 1
Threat and data analysis 0
Threat Research 174
Web 3.0 Security 11
Wipers 0
## Raspberry Robin Keeps Riding the Wave of Endless 1-Days
## Key Findings
Two new 1-day LPE exploits were used by the Raspberry Robin worm before they were publicly disclosed, which means
Tenable
Microsoft’s November 2023 Patch Tuesday Addresses 57 CVEs (CVE-2023-36025)
blogs_tenable·2023-11-14·CVSS 8.8
[HIGH] Microsoft’s November 2023 Patch Tuesday Addresses 57 CVEs (CVE-2023-36025)
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Checkpoint
18th September – Threat Intelligence Report
blogs_checkpoint·2023-09-18
CVE-2023-26369 18th September – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 18th September – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 11th September, please download our Threat_Intelligence Bulletin .
TOP ATTACKS AND BREACHES
The American resort, casino and hotel chain MGM has suffered a cyber-attack that resulted in widespread disruption across the company’s hotels and casinos, and has shut down its internal networks as a precaution. The cyber-attack paralyzed the company’s ATMs, slot machines, room digital key cards and electronic paymen
Talos
Turns out even the NFL is worried about deepfakes
blogs_talos·2023-09-14
Turns out even the NFL is worried about deepfakes
## Turns out even the NFL is worried about deepfakes
Welcome to this week’s edition of the Threat Source newsletter.
I’m at the point in the calendar year where I’m a sponge for NFL content. I couldn’t be happier to escape from my six-month American football-free slumber and am ready to watch games three days a week and listen to NFL podcasts or read power rankings the other four.
So of course, I wasn’t going to miss this feature in Dark Reading from the NFL’s chief information security officer, which just happens to include several shoutouts to Talos and Cisco . Talos is a valuable security partner with the NFL, helping secure their major events like the NFL Draft and Super Bowl, the most-watched entertainment event in the U.S. every year.
One of the things that Tomás Maldonado said i
Talos
Turns out even the NFL is worried about deepfakes
blogs_talos·2023-09-14
Turns out even the NFL is worried about deepfakes
Welcome to this week’s edition of the Threat Source newsletter.
I’m at the point in the calendar year where I’m a sponge for NFL content. I couldn’t be happier to escape from my six-month American football-free slumber and am ready to watch games three days a week and listen to NFL podcasts or read power rankings the other four.
So of course, I wasn’t going to miss this feature in Dark Reading from the NFL’s chief information security officer, which just happens to include several shoutouts to Talos and Cisco. Talos is a valuable security partner with the NFL, helping secure their major events like the NFL Draft and Super Bowl, the most-watched entertainment event in the U.S. every year.
One of the things that Tomás Maldonado said in the Dark Reading interview really stood out to me — t
Krebs
Adobe, Apple, Google & Microsoft Patch 0-Day Bugs
blogs_krebs·2023-09-12·CVSS 6.5
[MEDIUM] Adobe, Apple, Google & Microsoft Patch 0-Day Bugs
Microsoft today issued software updates to fix at least five dozen security holes in Windows and supported software, including patches for two zero-day vulnerabilities that are already being exploited. Also, Adobe , Google Chrome and Apple iOS users may have their own zero-day patching to do.
On Sept. 7, researchers at Citizen Lab warned they were seeing active exploitation of a “zero-click,” zero-day flaw to install spyware on iOS devices without any interaction from the victim.
“The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim,” the researchers wrote.
According to Citizen Lab, the exploit uses malicious images sent via iMessage , an embedded component of Apple’s iOS that has been the source of previo
Qualys
Microsoft and Adobe Patch Tuesday, September 2023 Security Update Review
blogs_qualys·2023-09-12
Microsoft and Adobe Patch Tuesday, September 2023 Security Update Review
## Table of Contents
Microsoft Patch Tuesday for September 2023
Adobe Patches for September 2023
Zero-day Vulnerability Patched in September Patch Tuesday Edition
Other Critical Severity Vulnerabilities Patched in September Patch Tuesday Edition
Other Microsoft Vulnerability Highlights
Microsoft Release Summary
Discover and Prioritize Vulnerabilities in Vulnerability Management, Detection & Response (VMDR)
Rapid Response with Patch Management (PM)
EVALUATE Vendor-Suggested Mitigation with Policy Compliance (PC)
EXECUTE Mitigation Using Qualys Custom Assessment and Remediation (CAR)
Qualys Monthly Webinar Series
Microsoft has released the Patch Tuesday edition for September. This month’s updates have addressed 66 security vulnerabilities (including Edge Chromium-based) in multip
Bleepingcomputer
Microsoft September 2023 Patch Tuesday fixes 2 zero-days, 59 flaws
blogs_bleepingcomputer·2023-09-12·CVSS 6.5
[MEDIUM] Microsoft September 2023 Patch Tuesday fixes 2 zero-days, 59 flaws
## Microsoft September 2023 Patch Tuesday fixes 2 zero-days, 59 flaws
## Lawrence Abrams
3 Security Feature Bypass Vulnerabilities
24 Remote Code Execution Vulnerabilities
9 Information Disclosure Vulnerabilities
3 Denial of Service Vulnerabilities
5 Spoofing Vulnerabilities
5 Edge - Chromium Vulnerabilities
The total count of 59 flaws does not include five Microsoft Edge (Chromium) vulnerabilities two non-Microsoft flaws in Electron and Autodesk.
To learn more about the non-security updates released today, you can review our dedicated articles on the new Windows 11 KB5030219 cumulative update and Windows 10 KB5030211 updates released.
## Two actively exploited zero-day vulnerabilities
This month's Patch Tuesday fixes two zero-day vulnerabilities, with both exploited in attacks
Krebs
Adobe, Apple, Google & Microsoft Patch 0-Day Bugs
blogs_krebs·2023-09-12·CVSS 6.5
[MEDIUM] Adobe, Apple, Google & Microsoft Patch 0-Day Bugs
Microsoft today issued software updates to fix at least five dozen security holes in Windows and supported software, including patches for two zero-day vulnerabilities that are already being exploited. Also, Adobe, Google Chrome and Apple iOS users may have their own zero-day patching to do.
On Sept. 7, researchers at Citizen Lab warned they were seeing active exploitation of a “zero-click,” zero-day flaw to install spyware on iOS devices without any interaction from the victim.
“The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim,” the researchers wrote.
According to Citizen Lab, the exploit uses malicious images sent via iMessage, an embedded component of Apple’s iOS that has been the source of previous
Talos
Microsoft Patch Tuesday for September 2023 — Unusually low 5 critical vulnerabilities included in Microsoft Patch Tuesday, along with two zero-days
blogs_talos·2023-09-12·CVSS 8.0
[HIGH] Microsoft Patch Tuesday for September 2023 — Unusually low 5 critical vulnerabilities included in Microsoft Patch Tuesday, along with two zero-days
Microsoft disclosed 65 vulnerabilities across its suite of products and software Tuesday, only five of which are considered critical, which is very low compared to Microsoft’s usual security updates.
However, there are two issues disclosed and patched this month that have already been exploited in the wild.
Fifty-six of the vulnerabilities included in this month’s Patch Tuesday are considered “important,” according to Microsoft, while two are of “moderate” severity. One remote code execution vulnerability in Microsoft Exchange Server, CVE-2023-36756, was meant to be included in August’s security update but was mistakenly excluded. Users should ensure the August 2023 security update for Exchange is already downloaded to remediate this issue.
One of the vulnerabilities adversaries are alr
Tenable
Microsoft’s September 2023 Patch Tuesday Addresses 61 CVEs (CVE-2023-36761)
blogs_tenable·2023-09-12·CVSS 6.5
[MEDIUM] Microsoft’s September 2023 Patch Tuesday Addresses 61 CVEs (CVE-2023-36761)
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Talos
Microsoft Patch Tuesday for September 2023 — Unusually low 5 critical vulnerabilities included in Microsoft Patch Tuesday, along with two zero-days
blogs_talos·2023-09-12·CVSS 8.0
[HIGH] Microsoft Patch Tuesday for September 2023 — Unusually low 5 critical vulnerabilities included in Microsoft Patch Tuesday, along with two zero-days
## Microsoft Patch Tuesday for September 2023 — Unusually low 5 critical vulnerabilities included in Microsoft Patch Tuesday, along with two zero-days
Microsoft disclosed 65 vulnerabilities across its suite of products and software Tuesday, only five of which are considered critical, which is very low compared to Microsoft’s usual security updates.
However, there are two issues disclosed and patched this month that have already been exploited in the wild.
Fifty-six of the vulnerabilities included in this month’s Patch Tuesday are considered “important,” according to Microsoft, while two are of “moderate” severity. One remote code execution vulnerability in Microsoft Exchange Server, CVE-2023-36756 , was meant to be included in August’s security update but was mistakenly excluded. Users
Qualys
Microsoft and Adobe Patch Tuesday, September 2023 Security Update Review | Qualys
blogs_qualys·2023-09-12
Microsoft and Adobe Patch Tuesday, September 2023 Security Update Review | Qualys
#### Table of Contents
- Microsoft Patch Tuesday for September 2023
- Adobe Patches for September 2023
- Zero-day Vulnerability Patched in September Patch Tuesday Edition
- Other Critical Severity Vulnerabilities Patched in September Patch Tuesday Edition
- Other Microsoft Vulnerability Highlights
- Microsoft Release Summary
- Discover and Prioritize Vulnerabilities in Vulnerability Management, Detection & Response (VMDR)
- Rapid Response with Patch Management (PM)
- EVALUATE Vendor-Suggested Mitigation with Policy Compliance (PC)
- EXECUTE Mitigation Using Qualys Custom Assessment and Remediation (CAR)
- Qualys Monthly Webinar Series
Microsoft has released the Patch Tuesday edition for September. This month’s updates have addressed 66 security vulnerabilities (including Edge Chromium-ba
Zscaler
Zscaler found Windows Security Vulnerabilities | 09-12-2023
blogs_zscaler·CVSS 7.8
[HIGH] Zscaler found Windows Security Vulnerabilities | 09-12-2023
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
Crowdstrike
September 2023 Patch Tuesday: Updates and Analysis
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] September 2023 Patch Tuesday: Updates and Analysis
How CrowdStrike is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 06, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How CrowdStrike is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 06, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand AT
2023-09-12
Published
2023-09-12
Added to CISA KEV
Exploited in the wild