Августовский набор патчей от Microsoft устраняет 87 уязвимостей, включая две активно эксплуатируемые в атаке бреши (0-day) и 23 проблемы удалённого выполнения кода.
При этом разработчики присвоили критическую степень опасности только шести багам. По категориям уязвимости распределились следующим образом:
- 18 проблем повышения прав в системе;
- Три возможности обхода защитных функций;
- 23 дыры удалённого выполнения кода;
- 10 багов раскрытия информации;
- 8 — DoS;
- 12 проблем спуфинга.
Перечисленные бреши не включают проблемы Chromium-версии Microsoft Edge. В браузере ранее нашли 12 дыр, сейчас для них тоже готовы патчи.
Что касается двух уязвимостей нулевого дня, они получили следующие идентификаторы и описания:
- ADV230003 — это, в сущности, возможность обхода ранее выпушенного патча для другой 0-day — CVE-2023-36884, приводящей к удалённому выполнению кода.
- CVE-2023-38180 — DoS-брешь, затрагивающая .NET и Visual Studio. Microsoft, к сожалению, не поделилась подробностями этой проблемы.
Полный список устранённых уязвимостей с классификаторами и степенью риска приводим ниже:
| Уязвимый софт | Идентификатор CVE | CVE-название | Степень опасности |
| .NET Core | CVE-2023-38178 | .NET Core and Visual Studio Denial of Service Vulnerability | Важная |
| .NET Core | CVE-2023-35390 | .NET and Visual Studio Remote Code Execution Vulnerability | Важная |
| .NET Framework | CVE-2023-36873 | .NET Framework Spoofing Vulnerability | Важная |
| ASP .NET | CVE-2023-38180 | .NET and Visual Studio Denial of Service Vulnerability | Важная |
| ASP.NET | CVE-2023-36899 | ASP.NET Elevation of Privilege Vulnerability | Важная |
| ASP.NET and Visual Studio | CVE-2023-35391 | ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability | Важная |
| Azure Arc | CVE-2023-38176 | Azure Arc-Enabled Servers Elevation of Privilege Vulnerability | Важная |
| Azure DevOps | CVE-2023-36869 | Azure DevOps Server Spoofing Vulnerability | Важная |
| Azure HDInsights | CVE-2023-38188 | Azure Apache Hadoop Spoofing Vulnerability | Важная |
| Azure HDInsights | CVE-2023-35393 | Azure Apache Hive Spoofing Vulnerability | Важная |
| Azure HDInsights | CVE-2023-35394 | Azure HDInsight Jupyter Notebook Spoofing Vulnerability | Важная |
| Azure HDInsights | CVE-2023-36881 | Azure Apache Ambari Spoofing Vulnerability | Важная |
| Azure HDInsights | CVE-2023-36877 | Azure Apache Oozie Spoofing Vulnerability | Важная |
| Dynamics Business Central Control | CVE-2023-38167 | Microsoft Dynamics Business Central Elevation Of Privilege Vulnerability | Важная |
| Mariner | CVE-2023-35945 | Неизвестно | Неизвестно |
| Memory Integrity System Readiness Scan Tool | ADV230004 | Memory Integrity System Readiness Scan Tool Defense in Depth Update | Средняя |
| Microsoft Dynamics | CVE-2023-35389 | Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability | Важная |
| Microsoft Edge (Chromium-based) | CVE-2023-38157 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | Средняя |
| Microsoft Edge (Chromium-based) | CVE-2023-4068 | Chromium: CVE-2023-4068 Type Confusion in V8 | Неизвестно |
| Microsoft Edge (Chromium-based) | CVE-2023-4072 | Chromium: CVE-2023-4072 Out of bounds read and write in WebGL | Неизвестно |
| Microsoft Edge (Chromium-based) | CVE-2023-4071 | Chromium: CVE-2023-4071 Heap buffer overflow in Visuals | Неизвестно |
| Microsoft Edge (Chromium-based) | CVE-2023-4073 | Chromium: CVE-2023-4073 Out of bounds memory access in ANGLE | Неизвестно |
| Microsoft Edge (Chromium-based) | CVE-2023-4075 | Chromium: CVE-2023-4075 Use after free in Cast | Неизвестно |
| Microsoft Edge (Chromium-based) | CVE-2023-4074 | Chromium: CVE-2023-4074 Use after free in Blink Task Scheduling | Неизвестно |
| Microsoft Edge (Chromium-based) | CVE-2023-4076 | Chromium: CVE-2023-4076 Use after free in WebRTC | Неизвестно |
| Microsoft Edge (Chromium-based) | CVE-2023-4077 | Chromium: CVE-2023-4077 Insufficient data validation in Extensions | Неизвестно |
| Microsoft Edge (Chromium-based) | CVE-2023-4078 | Chromium: CVE-2023-4078 Inappropriate implementation in Extensions | Неизвестно |
| Microsoft Edge (Chromium-based) | CVE-2023-4070 | Chromium: CVE-2023-4070 Type Confusion in V8 | Неизвестно |
| Microsoft Edge (Chromium-based) | CVE-2023-4069 | Chromium: CVE-2023-4069 Type Confusion in V8 | Неизвестно |
| Microsoft Exchange Server | CVE-2023-38185 | Microsoft Exchange Server Remote Code Execution Vulnerability | Важная |
| Microsoft Exchange Server | CVE-2023-35388 | Microsoft Exchange Server Remote Code Execution Vulnerability | Важная |
| Microsoft Exchange Server | CVE-2023-35368 | Microsoft Exchange Remote Code Execution Vulnerability | Важная |
| Microsoft Exchange Server | CVE-2023-38181 | Microsoft Exchange Server Spoofing Vulnerability | Важная |
| Microsoft Exchange Server | CVE-2023-38182 | Microsoft Exchange Server Remote Code Execution Vulnerability | Важная |
| Microsoft Exchange Server | CVE-2023-21709 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Важная |
| Microsoft Office | ADV230003 | Microsoft Office Defense in Depth Update | Средняя |
| Microsoft Office | CVE-2023-36897 | Visual Studio Tools for Office Runtime Spoofing Vulnerability | Важная |
| Microsoft Office Excel | CVE-2023-36896 | Microsoft Excel Remote Code Execution Vulnerability | Важная |
| Microsoft Office Excel | CVE-2023-35371 | Microsoft Office Remote Code Execution Vulnerability | Важная |
| Microsoft Office Outlook | CVE-2023-36893 | Microsoft Outlook Spoofing Vulnerability | Важная |
| Microsoft Office Outlook | CVE-2023-36895 | Microsoft Outlook Remote Code Execution Vulnerability | Критическая |
| Microsoft Office SharePoint | CVE-2023-36891 | Microsoft SharePoint Server Spoofing Vulnerability | Важная |
| Microsoft Office SharePoint | CVE-2023-36894 | Microsoft SharePoint Server Information Disclosure Vulnerability | Важная |
| Microsoft Office SharePoint | CVE-2023-36890 | Microsoft SharePoint Server Information Disclosure Vulnerability | Важная |
| Microsoft Office SharePoint | CVE-2023-36892 | Microsoft SharePoint Server Spoofing Vulnerability | Важная |
| Microsoft Office Visio | CVE-2023-35372 | Microsoft Office Visio Remote Code Execution Vulnerability | Важная |
| Microsoft Office Visio | CVE-2023-36865 | Microsoft Office Visio Remote Code Execution Vulnerability | Важная |
| Microsoft Office Visio | CVE-2023-36866 | Microsoft Office Visio Remote Code Execution Vulnerability | Важная |
| Microsoft Teams | CVE-2023-29328 | Microsoft Teams Remote Code Execution Vulnerability | Критическая |
| Microsoft Teams | CVE-2023-29330 | Microsoft Teams Remote Code Execution Vulnerability | Критическая |
| Microsoft WDAC OLE DB provider for SQL | CVE-2023-36882 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Важная |
| Microsoft Windows | CVE-2023-20569 | AMD: CVE-2023-20569 Return Address Predictor | Важная |
| Microsoft Windows Codecs Library | CVE-2023-38170 | HEVC Video Extensions Remote Code Execution Vulnerability | Важная |
| Reliability Analysis Metrics Calculation Engine | CVE-2023-36876 | Reliability Analysis Metrics Calculation (RacTask) Elevation of Privilege Vulnerability | Важная |
| Role: Windows Hyper-V | CVE-2023-36908 | Windows Hyper-V Information Disclosure Vulnerability | Важная |
| SQL Server | CVE-2023-38169 | Microsoft OLE DB Remote Code Execution Vulnerability | Важная |
| Tablet Windows User Interface | CVE-2023-36898 | Tablet Windows User Interface Application Core Remote Code Execution Vulnerability | Важная |
| Windows Bluetooth A2DP driver | CVE-2023-35387 | Windows Bluetooth A2DP driver Elevation of Privilege Vulnerability | Важная |
| Windows Cloud Files Mini Filter Driver | CVE-2023-36904 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | Важная |
| Windows Common Log File System Driver | CVE-2023-36900 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Важная |
| Windows Cryptographic Services | CVE-2023-36907 | Windows Cryptographic Services Information Disclosure Vulnerability | Важная |
| Windows Cryptographic Services | CVE-2023-36906 | Windows Cryptographic Services Information Disclosure Vulnerability | Важная |
| Windows Defender | CVE-2023-38175 | Microsoft Windows Defender Elevation of Privilege Vulnerability | Важная |
| Windows Fax and Scan Service | CVE-2023-35381 | Windows Fax Service Remote Code Execution Vulnerability | Важная |
| Windows Group Policy | CVE-2023-36889 | Windows Group Policy Security Feature Bypass Vulnerability | Важная |
| Windows HTML Platform | CVE-2023-35384 | Windows HTML Platforms Security Feature Bypass Vulnerability | Важная |
| Windows Kernel | CVE-2023-35359 | Windows Kernel Elevation of Privilege Vulnerability | Важная |
| Windows Kernel | CVE-2023-38154 | Windows Kernel Elevation of Privilege Vulnerability | Важная |
| Windows Kernel | CVE-2023-35382 | Windows Kernel Elevation of Privilege Vulnerability | Важная |
| Windows Kernel | CVE-2023-35386 | Windows Kernel Elevation of Privilege Vulnerability | Важная |
| Windows Kernel | CVE-2023-35380 | Windows Kernel Elevation of Privilege Vulnerability | Важная |
| Windows LDAP - Lightweight Directory Access Protocol | CVE-2023-38184 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | Важная |
| Windows Message Queuing | CVE-2023-36909 | Microsoft Message Queuing Denial of Service Vulnerability | Важная |
| Windows Message Queuing | CVE-2023-35376 | Microsoft Message Queuing Denial of Service Vulnerability | Важная |
| Windows Message Queuing | CVE-2023-38172 | Microsoft Message Queuing Denial of Service Vulnerability | Важная |
| Windows Message Queuing | CVE-2023-35385 | Microsoft Message Queuing Remote Code Execution Vulnerability | Критическая |
| Windows Message Queuing | CVE-2023-35383 | Microsoft Message Queuing Information Disclosure Vulnerability | Важная |
| Windows Message Queuing | CVE-2023-36913 | Microsoft Message Queuing Information Disclosure Vulnerability | Важная |
| Windows Message Queuing | CVE-2023-35377 | Microsoft Message Queuing Denial of Service Vulnerability | Важная |
| Windows Message Queuing | CVE-2023-38254 | Microsoft Message Queuing Denial of Service Vulnerability | Важная |
| Windows Message Queuing | CVE-2023-36911 | Microsoft Message Queuing Remote Code Execution Vulnerability | Критическая |
| Windows Message Queuing | CVE-2023-36910 | Microsoft Message Queuing Remote Code Execution Vulnerability | Критическая |
| Windows Message Queuing | CVE-2023-36912 | Microsoft Message Queuing Denial of Service Vulnerability | Важная |
| Windows Mobile Device Management | CVE-2023-38186 | Windows Mobile Device Management Elevation of Privilege Vulnerability | Важная |
| Windows Projected File System | CVE-2023-35378 | Windows Projected File System Elevation of Privilege Vulnerability | Важная |
| Windows Reliability Analysis Metrics Calculation Engine | CVE-2023-35379 | Reliability Analysis Metrics Calculation Engine (RACEng) Elevation of Privilege Vulnerability | Важная |
| Windows Smart Card | CVE-2023-36914 | Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability | Важная |
| Windows System Assessment Tool | CVE-2023-36903 | Windows System Assessment Tool Elevation of Privilege Vulnerability | Важная |
| Windows Wireless Wide Area Network Service | CVE-2023-36905 | Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability | Важная |
