: Today’s Patch Tuesday summary: this month’s release addresses 61 vulnerabilities from Microsoft: TWO zero days (one with PoC!), five critical.
Plus many important third-party vulnerabilities: Android, Google Chrome, Firefox, Ivanti, SCADA, Citrix, Splunk, Notepad++, Juniper, Apple, Skype, WinRAR, Intel, AMD, and Siemens.
Quick summary:
Windows: 61 vulnerabilities: two zero-days: CVE-2023-36761 and CVE-2023-36802 five critical: CVE-2023-38148, CVE-2023-36796, CVE-2023-36793, CVE-2023-36792, CVE-2023-29332 Android: two sets of fixed vulnerabilities, one zero-day CVE-2023-35674 Adobe: zero-day CVE-2023-26369 Chrome: 9 vulnerabilities Ivanti: seven critical vulnerabilities SCADA: zero-day CVE-2023-39476 (CVSS 9.8) Citrix: CVE-2023-3519, part of extensive malware campaign Splunk: several serious vulnerabilities Notepad++: four critical vulnerabilities Juniper: four serious vulnerabilities Apple: two zero-daysCVE-2023-41064 and CVE-2023-41061 Skype: vulnerability revealing user’s IP address WinRAR: serious vulnerabilities CVE-2023-40477 and CVE-2023-38831 Intel: CVE-2022-40982, aka “Downfall” AMD: CVE-2023-20569 aka “Inception" Siemens: over 30 vulnerabilities Sorry, can’t post the full details here due to the max post size limit, so go to the Action1 Vulnerability Digest page: https://www.action1.com/patch-tuesday-september-2023/?vmr (it is updated in real-time as we learn more)
Other sources:
Zero Day Initiative. https://www.zerodayinitiative.com/blog/2023/9/12/the-september-2023-security-update-review
Bleeping Computer: https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5030219-cumulative-update-released-with-24-fixes-changes/