Microsoft Releases October 2023 Patches for 103 Flaws, Including 2 Active Exploits


Microsoft’s Patch Tuesday updates for October 2023 have been issued, addressing a total of 103 holes in its software, two of which have been actively exploited in the wild. Thirteen of the 103 defects are classified as Critical, while the remaining 90 are classified as Important. This is in addition to the 18 security flaws fixed in its Chromium-based Edge browser since the second Tuesday of September.

The following are the two zero-day vulnerabilities that have been weaponized: CVE-2023-36563 (CVSS score: 6.5) - A vulnerability in Microsoft WordPad that could lead to the release of NTLM hashes. CVE-2023-41763 (CVSS score: 5.3) - A Skype for Business privilege escalation vulnerability that potentially expose sensitive information such as IP addresses or port numbers (or both).

Read More…