On August’s Patch Tuesday, Microsoft patched scores of vulnerabilities, including two that had actually been utilized in actual assaults. The first is a Defense in Depth update for CVE-2023-36884, a Windows Search remote code execution (RCE) bug that might let attackers get around Microsoft’s Mark of the Web security measure. Because Microsoft had fixed the vulnerability in July, if it seems familiar, that’s because it does. However, according to Microsoft, installing the most recent version “stops the attack chain” causing the problem.
The second vulnerability, CVE-2023-38180, affects Visual Studio and.NET and could enable an adversary to carry out denial of service. Patch Tuesday for August contained six major fixes, including CVE-2023-36895, an RCE vulnerability in the Outlook email client.