Microsoft’s August 2023 Security Update: Tackling Two Zero-Days and Nearly 90 Flaws
The latest Patch Tuesday security release from Microsoft is a critical one, addressing a substantial number of vulnerabilities, including two zero-day flaws that are being actively exploited in the wild. This month’s update resolves a total of 87 security vulnerabilities, underscoring the urgent need for IT administrators and users to apply these patches as soon as possible.
Of the flaws fixed, six are rated as ‘Critical,’ the highest severity level, as they could allow for Remote Code Execution (RCE). The remaining vulnerabilities are rated ‘Important.’ These patches cover a wide range of Microsoft products, including Windows, Office, .NET and Visual Studio, and Exchange Server.
Here’s a breakdown of what you need to know about this significant security update.
The Zero-Day Threats: What’s Being Exploited?
The most pressing issues in this release are the two zero-day vulnerabilities. A “zero-day” refers to a flaw that has been disclosed or is being actively exploited by attackers before an official patch is available.
CVE-2023-36884: Office and Windows HTML Remote Code Execution Vulnerability
This is a particularly dangerous flaw that Microsoft had previously issued guidance on but has now fully patched. Attackers have been exploiting this vulnerability by sending specially crafted Microsoft Office documents to victims. When the target opens the malicious file, the attacker can execute code on their system. This flaw was reportedly used by threat actors, including a group linked to Russian cyber-espionage, in attacks targeting defense and government entities in Europe and North America. Applying this month’s patches fully resolves this threat.CVE-2023-38180: .NET and Visual Studio Denial of Service Vulnerability
This second zero-day can lead to a Denial of Service (DoS) condition. An attacker could exploit this flaw to disrupt or completely crash a server or application running .NET or Visual Studio, making it unavailable to legitimate users. While not allowing for data theft directly, a DoS attack can cause significant operational disruption and financial loss.
Critical Flaws Requiring Immediate Attention
Beyond the zero-days, several ‘Critical’ vulnerabilities stand out due to their potential for severe impact, primarily through Remote Code Execution. An RCE flaw is considered the holy grail for attackers, as it allows them to run arbitrary code on a target machine from a distance.
The most notable critical vulnerabilities fixed this month include:
- Microsoft Message Queuing (MSMQ) Vulnerabilities: Three critical RCE flaws (CVE-2023-35385, CVE-2023-36910, and CVE-2023-36911) were patched in the Windows MSMQ service. A successful exploit would allow an attacker to send a malicious MSMQ packet to a server, enabling them to execute code on it. These are particularly dangerous because they could be ‘wormable,’ meaning they could spread automatically between vulnerable systems without user interaction.
- Microsoft Teams Code Execution: CVE-2023-29330 is a critical RCE in Microsoft Teams. An attacker could exploit this by tricking a user into joining a malicious Teams meeting, potentially leading to the execution of malware on the user’s device.
- Microsoft SharePoint Server Privilege Escalation: While not an RCE, CVE-2023-36884, also impacting SharePoint, allows an authenticated attacker with specific privileges to execute code.
Your Security Action Plan: What to Do Now
Given the active exploitation of two vulnerabilities and the critical nature of several others, swift action is essential to protect your systems and data.
Patch Immediately: The primary advice is to deploy the August 2023 security updates without delay. Automated update services like Windows Update should handle this for most individual users, but enterprise environments require a more structured approach.
Prioritize Internet-Facing Systems: IT administrators should prioritize patching servers and systems that are exposed to the internet, such as those running Exchange Server, SharePoint, and web-facing applications using .NET. These are the most likely targets for external attackers.
Verify MSMQ Service Status: For the critical MSMQ vulnerabilities, check if the service is running on your Windows servers. The service runs on TCP port 1801. If you do not need the Message Queuing service, it is highly recommended to disable it to reduce your organization’s attack surface.
Educate Users on Phishing: The actively exploited Office vulnerability (CVE-2023-36884) relies on social engineering. Remind users to be cautious of unsolicited attachments and links, even if they appear to come from a trusted source.
This month’s Patch Tuesday is a clear reminder that proactive security is not optional. The presence of actively exploited zero-days means attackers are already leveraging these weaknesses. Taking immediate and decisive action to patch your systems is the most effective way to ensure your organization remains secure.
Source: https://www.bleepingcomputer.com/news/microsoft/microsoft-august-2025-patch-tuesday-fixes-one-zero-day-107-flaws/
