this post was submitted on 13 Sep 2023
15 points (94.1% liked)

Sysadmin

7566 readers
1 users here now

A community dedicated to the profession of IT Systems Administration

No generic Lemmy issue posts please! Posts about Lemmy belong in one of these communities:
[email protected]
[email protected]
[email protected]
[email protected]

founded 1 year ago
MODERATORS
 

: Today's Patch Tuesday summary: this month's release addresses 61 vulnerabilities from Microsoft: TWO zero days (one with PoC!), five critical.

Plus many important third-party vulnerabilities: Android, Google Chrome, Firefox, Ivanti, SCADA, Citrix, Splunk, Notepad++, Juniper, Apple, Skype, WinRAR, Intel, AMD, and Siemens.

Quick summary:

Windows: 61 vulnerabilities: two zero-days: CVE-2023-36761 and CVE-2023-36802 five critical: CVE-2023-38148, CVE-2023-36796, CVE-2023-36793, CVE-2023-36792, CVE-2023-29332 Android: two sets of fixed vulnerabilities, one zero-day CVE-2023-35674 Adobe: zero-day CVE-2023-26369 Chrome: 9 vulnerabilities Ivanti: seven critical vulnerabilities SCADA: zero-day CVE-2023-39476 (CVSS 9.8) Citrix: CVE-2023-3519, part of extensive malware campaign Splunk: several serious vulnerabilities Notepad++: four critical vulnerabilities Juniper: four serious vulnerabilities Apple: two zero-daysCVE-2023-41064 and CVE-2023-41061 Skype: vulnerability revealing user's IP address WinRAR: serious vulnerabilities CVE-2023-40477 and CVE-2023-38831 Intel: CVE-2022-40982, aka "Downfall" AMD: CVE-2023-20569 aka “Inception" Siemens: over 30 vulnerabilities Sorry, can’t post the full details here due to the max post size limit, so go to the Action1 Vulnerability Digest page: https://www.action1.com/patch-tuesday-september-2023/?vmr (it is updated in real-time as we learn more)

Other sources:

Zero Day Initiative. https://www.zerodayinitiative.com/blog/2023/9/12/the-september-2023-security-update-review

Bleeping Computer: https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5030219-cumulative-update-released-with-24-fixes-changes/

MSRC: https://msrc.microsoft.com/update-guide/vulnerability

top 2 comments
sorted by: hot top controversial new old
[–] [email protected] 3 points 1 year ago (1 children)

Plus many important third-party vulnerabilities: Android, Google Chrome, Firefox, Ivanti, SCADA, Citrix, Splunk, Notepad++, Juniper, Apple, Skype, WinRAR, Intel, AMD, and Siemens.

Don't forget 7zip. Or did I miss that week?

[–] [email protected] 3 points 1 year ago

Yep. Thanks, just what I could find easily to hand.

A lot of patching to go