{"id":32291,"date":"2023-10-11T15:23:05","date_gmt":"2023-10-11T15:23:05","guid":{"rendered":"https:\/\/www.esecurityplanet.com\/?p=32291"},"modified":"2023-11-14T16:11:28","modified_gmt":"2023-11-14T16:11:28","slug":"patch-tuesday-october-2023","status":"publish","type":"post","link":"https:\/\/www.esecurityplanet.com\/threats\/patch-tuesday-october-2023\/","title":{"rendered":"October 2023 Patch Tuesday Includes Three Zero-Days Flaws"},"content":{"rendered":"\n<p>Microsoft&#8217;s Patch Tuesday for October 2023 covers a total of 103 CVEs, including three zero-day vulnerabilities affecting WordPad, Skype and the HTTP\/2 &#8220;<a href=\"https:\/\/www.esecurityplanet.com\/threats\/rapid-reset-ddos-attack-http2-servers\/\">Rapid Reset<\/a>&#8221; DDoS vulnerability.<\/p>\n\n\n\n<p>The highest-rated of the vulnerabilities is <a href=\"https:\/\/msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2023-35349\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2023-35349<\/a>, a critical remote code execution vulnerability in the Microsoft Message Queuing (MSMQ) service with a CVSS score of 9.8.<\/p>\n\n\n\n<p>Immersive Labs principal security engineer Rob Reeves told <em>eSecurity Planet<\/em> that the attack doesn&#8217;t require credentials or authentication in order to execute code on the system. Still, he noted, &#8220;It would be considered unusual for an enterprise environment to expose the MSMQ service publicly on the internet, given a number of high-profile vulnerabilities in the service that have occurred historically, so it is reasonable to assume that to leverage this vulnerability in an attack, an attacker would have first successfully phished a target network and discovered the vulnerable service during enumeration.&#8221;<\/p>\n\n\n\n<p>&#8220;To mitigate this vulnerability, users should protect TCP Port 1801 from untrusted connections via the firewall where possible but should also look to apply the relevant patch to fully fix the issue,&#8221; Reeves added.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Zero-Day Vulnerabilities: HTTP\/2, WordPad, Skype<\/h2>\n\n\n\n<p>The zero-day flaws addressed by Microsoft are:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2023-36563\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2023-36563<\/a>, an information disclosure vulnerability in Microsoft WordPad with a CVSS score of 6.5<\/li>\n\n\n\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2023-41763\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2023-41763<\/a>, an elevation of privilege vulnerability in Skype for Business with a CVSS score of 5.3<\/li>\n\n\n\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2023-44487\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2023-44487<\/a>, an HTTP\/2 rapid reset attack with recommended workarounds<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">HTTP\/2 Flaw Leads to Record DDoS Attacks<\/h3>\n\n\n\n<p>The HTTP\/2 protocol flaw made headlines before the Patch Tuesday list was released, as Google, AWS and Cloudflare jointly announced that the flaw affected almost all web servers and has led to <a href=\"https:\/\/www.esecurityplanet.com\/threats\/rapid-reset-ddos-attack-http2-servers\/\">record-shattering DDoS attacks<\/a>.<\/p>\n\n\n\n<p>Immersive Labs lead cyber security engineer Natalie Silva told <em>eSecurity Planet<\/em> that the HTTP\/2 attack exploits a weakness in the protocol. &#8220;This attack method abuses the stream cancellation feature of HTTP\/2 to continuously send and cancel requests, overwhelming the target server or application and causing a Denial of Service (DoS) state,&#8221; she said.<\/p>\n\n\n\n<p>&#8220;The impact to customers can be significant, as it can lead to prolonged downtime, loss of access to services, and potential financial losses for businesses relying on the affected web servers,&#8221; Silva added. &#8220;It is crucial for organizations to apply the latest patches and updates from their web server vendors to mitigate this vulnerability and protect against such attacks.&#8221;<\/p>\n\n\n\n<p>The <a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2023-44487\" target=\"_blank\" rel=\"noreferrer noopener\">CVE record<\/a> contains links for mitigations and patches that web server vendors and open source projects are issuing for the vulnerability.<\/p>\n\n\n\n<p><strong>Also read:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong><a href=\"https:\/\/www.esecurityplanet.com\/networks\/how-to-stop-ddos-attacks-tips-for-fighting-ddos-attacks\/\">How to Stop DDoS Attacks in Three Stages<\/a><\/strong><\/li>\n\n\n\n<li><strong><a href=\"https:\/\/www.esecurityplanet.com\/networks\/how-to-prevent-ddos-attacks\/\">How to Prevent DDoS Attacks: 5 Steps for DDoS Prevention<\/a><\/strong><\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">WordPad Flaw Could Disclose NTLM Hashes<\/h3>\n\n\n\n<p>The Microsoft WordPad flaw, which could disclose NTLM hashes, requires the attacker to be logged into the system and either to run a specially crafted application or to trick a local user into opening a malicious file.<\/p>\n\n\n\n<p>Ivanti vice president of security products Chris Goettl noted that while the CVSS score is a relatively low 6.5, &#8220;proof-of-concept code has been disclosed and there are exploits detected in the wild. This CVE should be treated as a higher severity than Important due to the risk of exploit.&#8221;<\/p>\n\n\n\n<p>Rapid7 lead software engineer Adam Barnett <a href=\"https:\/\/www.rapid7.com\/blog\/post\/2023\/10\/10\/patch-tuesday-october-2023\/\" target=\"_blank\" rel=\"noreferrer noopener\">pointed out<\/a>, &#8220;It may or may not be a coincidence that Microsoft announced last month that WordPad is no longer being updated, and will be removed in a future version of Windows, although no specific timeline has yet been given. Unsurprisingly, Microsoft recommends Word as a replacement for WordPad.&#8221;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Skype for Business Flaw Could Expose IP Address, Ports<\/h3>\n\n\n\n<p>Regarding the Skype for Business flaw, Microsoft explained, &#8220;An attacker could make a specially crafted network call to the target Skype for Business server, which could cause the parsing of an http request made to an arbitrary address. This could disclose IP addresses or port numbers or both to the attacker.&#8221;<\/p>\n\n\n\n<p>In some cases, the company advised, the information exposed could provide the attacker with access to internal networks. Ivanti&#8217;s Goettl noted that, as with the WordPad flaw, the CVE should be treated as a higher severity than its rating due to the risk of exploit.<\/p>\n\n\n\n<p><strong>See the Top <a href=\"https:\/\/www.esecurityplanet.com\/products\/patch-management-software\/\">Patch<\/a> and <a href=\"https:\/\/www.esecurityplanet.com\/products\/vulnerability-management-software\/\">Vulnerability Management<\/a> products<\/strong><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">9 Critical Layer 2 Tunneling Vulnerabilities<\/h2>\n\n\n\n<p>Nine critical remote code execution flaws were identified in the Layer 2 tunneling protocol, all with a CVSS score of 8.1: <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2023-38166\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2023-38166<\/a>, <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2023-41765\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2023-41765<\/a>, <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2023-41767\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2023-41767<\/a>, <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2023-41768\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2023-41768<\/a>, <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2023-41769\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2023-41769<\/a>, <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2023-41770\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2023-41770<\/a>, <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2023-41771\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2023-41771<\/a>, <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2023-41773\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2023-41773<\/a>, and <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2023-41774\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2023-41774<\/a>.<\/p>\n\n\n\n<p>All nine vulnerabilities, Action1 president and co-founder Mike Walters <a href=\"https:\/\/www.action1.com\/patch-tuesday-october-2023\/\" target=\"_blank\" rel=\"noreferrer noopener\">noted<\/a>, &#8220;possess a network-based attack vector, have a high level of complexity for successful exploitation, do not require any special privileges, and demand no user interaction.&#8221;<\/p>\n\n\n\n<p>&#8220;To successfully exploit these vulnerabilities, an attacker must overcome a race condition,&#8221; Walters added. &#8220;An unauthenticated attacker could achieve this by sending a carefully crafted protocol message to a Routing and Remote Access Service (RRAS) server, potentially leading to remote code execution (RCE) on the targeted RRAS server computer.&#8221;<\/p>\n\n\n\n<p>Immersive Labs senior director of threat research Kev Breen also highlighted <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2023-36778\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2023-36778<\/a>, a remote code execution vulnerability in Microsoft Exchange Server flagged as &#8220;exploitation more likely,&#8221; with a CVSS score of 8.0.<\/p>\n\n\n\n<p>&#8220;The patch notes indicate that an attacker must be authenticated and local to the network; this means that an attacker must already have gained access to a host in the network,&#8221; Breen said. &#8220;This is typically achieved through social engineering attacks with <a href=\"https:\/\/www.esecurityplanet.com\/networks\/how-to-prevent-spear-phishing-attacks\/\">spear phishing<\/a> to gain initial access to a host before searching for other internal vulnerable targets. Just because your Exchange Server doesn&#8217;t have internet-facing authentication doesn&#8217;t mean it&#8217;s protected.&#8221;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">EOL for Server 2012, Win 11 21H2<\/h2>\n\n\n\n<p>Ivanti&#8217;s Goettl also noted that this Patch Tuesday includes the final updates for Windows 11 21H2 and Microsoft Server 2012\/2012 R2. &#8220;End-of-life software poses a risk to an organization,&#8221; he said. &#8220;No public updates will be available for these OS versions going forward. For Windows 11 users, this means upgrading to a new Windows 11 brand. For Server 2012\/2012 R2 it is highly recommended to subscribe to ESU or migrate to a newer server edition.&#8221;<\/p>\n\n\n\n<p><strong>Read next:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/www.esecurityplanet.com\/networks\/how-to-secure-a-network\/\"><strong>Network Protection: How to Secure a Network<\/strong><\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.esecurityplanet.com\/threats\/weekly-recap-oct-9-2023\/\"><strong>Weekly Vulnerability Recap \u2013 October 9, 2023 \u2013 Zero-Days Strike Android, Microsoft, Apple, Cisco &amp; More<\/strong><\/a><\/li>\n<\/ul>\n\n\n\n<!-- ICP Plugin: Start --><div class=\"icp-list icp-list-main icp-list-body-top3 row\">\n    \n        <!--\n            ICP Plugin - body top3\n            ----------\n            Category: \n            Country: HK\n        -->\n    <\/div>\n<!-- ICP Plugin: End -->\n\n\n<div id=\"ta-campaign-widget-66d7047767efb-popup-wrapper\" class=\"ta-campaign-widget__popup-wrapper\">\n    \n<div\n    style=\"\n        --ta-campaign-plugin-primary: #3545ed;\n        --ta-campaign-plugin-button-text: #fff;\n        --ta-campaign-plugin-button-hover-background: #3231b4;\n        --ta-campaign-plugin-button-hover-text: #fff;\n        --ta-campaign-plugin-button-toggle-background: #3231b4;\n        --ta-campaign-plugin-button-toggle-text: #3231B4;\n    \"\n    data-ajax-url=\"https:\/\/www.esecurityplanet.com\/wp\/wp-admin\/admin-ajax.php\">\n    <div\n        id=\"ta-campaign-widget-66d7047767efb\"\n        class=\"ta-campaign-widget ta-campaign-widget--popup\"\n        data-campaign-fields='{\"properties\":{\"campaign_type\":\"popup\",\"campaign_category\":false,\"sailthru_list\":[\"cybersecurity-insider\"],\"popup_type\":\"exit_intent\",\"appearance\":{\"colors\":{\"primary_color\":\"#3545ed\",\"button\":{\"button_text_color\":\"#fff\",\"hover\":{\"button_hover_background_color\":\"#3231b4\",\"button_hover_text_color\":\"#fff\"},\"toggle\":{\"button_toggle_background_color\":\"#3231b4\",\"button_toggle_text_color\":\"#3231B4\"}}},\"custom_scss\":\"\"},\"behavior\":{\"opt_in_enabled\":true},\"language\":{\"tagline\":\"Get the Free Cybersecurity Newsletter\",\"subtagline\":\"\",\"content\":\"Strengthen your organization&#39;s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday\",\"email_placeholder\":\"Work Email Address\",\"opt_in\":\"By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time.\",\"subscribe_button\":\"Subscribe\"}},\"identifier\":\"66d7047767efb\",\"campaign_id\":26045,\"campaign_type\":\"popup\",\"popup_type\":\"exit_intent\",\"newsletters\":[\"cybersecurity-insider\"],\"behavior\":{\"opt_in_enabled\":true},\"appearance\":{\"colors\":{\"primary\":\"#3545ed\",\"button\":{\"text\":\"#fff\",\"hover\":{\"background\":\"#3231b4\",\"text\":\"#fff\"},\"toggle\":{\"background\":\"#3231b4\",\"text\":\"#3231B4\"}}},\"custom_css\":\"\"},\"language\":{\"tagline\":\"Get the Free Cybersecurity Newsletter\",\"subtagline\":\"\",\"content\":\"Strengthen your organization&#39;s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday\",\"email_placeholder\":\"Work Email Address\",\"opt_in\":\"By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time.\",\"subscribe_button\":\"Subscribe\"}}'>\n\n                <div class=\"ta-campaign-widget__exit\">\n            <svg class=\"w-8\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.5\" viewBox=\"0 0 24 24\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" aria-hidden=\"true\">\n                <path stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M6 18L18 6M6 6l12 12\"><\/path>\n            <\/svg>\n        <\/div>\n        \n        <div class=\"ta-campaign-widget__wrapper\">\n            <div class=\"ta-campaign-widget__header mb-6\">\n                                <h3 class=\"ta-campaign-widget__tagline\">\n                    Get the Free Cybersecurity Newsletter                <\/h3>\n                \n                \n                                <p class=\"ta-campaign-widget__content mt-6\">\n                    Strengthen your organization's IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday                <\/p>\n                            <\/div>\n\n            <form class=\"ta-campaign-widget__form\">\n                <div class=\"ta-campaign-widget__input mb-4\"  data-field=\"email\">\n                    <label\n                        class=\"sr-only\"\n                        for=\"email-66d7047767efb\">\n                        Email Address\n                    <\/label>\n                    <input\n                        class=\"ta-campaign-widget__input__text\"\n                        placeholder=\"Work Email Address\"\n                        id=\"email-66d7047767efb\"\n                        name=\"email\"\n                        type=\"email\">\n                <\/div>\n\n                                <div class=\"ta-campaign-widget__checkbox mb-4\" data-field=\"opt_in\">\n                    <div class=\"flex items-start\">\n                        <input\n                            id=\"opt-in-66d7047767efb\"\n                            class=\"ta-campaign-widget__checkbox__input mr-2\"\n                            name=\"opt-in\"\n                            type=\"checkbox\"\/>\n                        <label\n                            class=\"ta-campaign-widget__checkbox__label\"\n                            for=\"opt-in-66d7047767efb\">\n                            By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time.                        <\/label>\n                    <\/div>\n                <\/div>\n                \n                <button class=\"ta-campaign-widget__button\" type=\"submit\" >\n                    Subscribe                <\/button>\n            <\/form>\n        <\/div>\n    <\/div>\n<\/div>\n\n<style>\n<\/style><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft\u2019s October 2023 Patch Tuesday covers 103 CVEs, including three zero-day flaws. Review our breakdown of this Patch Tuesday.<\/p>\n","protected":false},"author":166,"featured_media":32294,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_gazelle_contributing_experts":"","footnotes":""},"categories":[15],"tags":[2369,3790,532,3414,23006,730,4218,5277],"b2b_audience":[35],"b2b_industry":[],"b2b_product":[382,402,31780,31789,31782,31775,392],"class_list":["post-32291","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-threats","tag-cloud-security","tag-cybersecurity","tag-microsoft","tag-network-security","tag-patch-management","tag-security","tag-vulnerabilities","tag-web-security","b2b_audience-implementation-and-support","b2b_product-application-security-vulnerability-management","b2b_product-ddos","b2b_product-patch-management","b2b_product-phishing-and-spear-phishing","b2b_product-threat-intelligence","b2b_product-web-applications-security","b2b_product-web-security"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>October 2023 Patch Tuesday Includes Three Zero-Days Flaws<\/title>\n<meta name=\"description\" content=\"Microsoft\u2019s October 2023 Patch Tuesday covers 103 CVEs, including three zero-day flaws. Review our breakdown of this Patch Tuesday.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.esecurityplanet.com\/threats\/patch-tuesday-october-2023\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"October 2023 Patch Tuesday Includes Three Zero-Days Flaws\" \/>\n<meta property=\"og:description\" content=\"Microsoft\u2019s October 2023 Patch Tuesday covers 103 CVEs, including three zero-day flaws. Review our breakdown of this Patch Tuesday.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.esecurityplanet.com\/threats\/patch-tuesday-october-2023\/\" \/>\n<meta property=\"og:site_name\" content=\"eSecurity Planet\" \/>\n<meta property=\"article:published_time\" content=\"2023-10-11T15:23:05+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-11-14T16:11:28+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/10\/esp_20231011-patch-tuesday-october-2023.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1400\" \/>\n\t<meta property=\"og:image:height\" content=\"900\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Jeff Goldman\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@eSecurityPlanet\" \/>\n<meta name=\"twitter:site\" content=\"@eSecurityPlanet\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jeff Goldman\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/patch-tuesday-october-2023\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/patch-tuesday-october-2023\/\"},\"author\":{\"name\":\"Jeff Goldman\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/814377f0182cc43200a4581fba4ec795\"},\"headline\":\"October 2023 Patch Tuesday Includes Three Zero-Days Flaws\",\"datePublished\":\"2023-10-11T15:23:05+00:00\",\"dateModified\":\"2023-11-14T16:11:28+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/patch-tuesday-october-2023\/\"},\"wordCount\":1030,\"publisher\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/patch-tuesday-october-2023\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/10\/esp_20231011-patch-tuesday-october-2023.jpg\",\"keywords\":[\"cloud security\",\"cybersecurity\",\"Microsoft\",\"network security\",\"Patch Management\",\"security\",\"vulnerabilities\",\"Web security\"],\"articleSection\":[\"Threats\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/patch-tuesday-october-2023\/\",\"url\":\"https:\/\/www.esecurityplanet.com\/threats\/patch-tuesday-october-2023\/\",\"name\":\"October 2023 Patch Tuesday Includes Three Zero-Days Flaws\",\"isPartOf\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/patch-tuesday-october-2023\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/patch-tuesday-october-2023\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/10\/esp_20231011-patch-tuesday-october-2023.jpg\",\"datePublished\":\"2023-10-11T15:23:05+00:00\",\"dateModified\":\"2023-11-14T16:11:28+00:00\",\"description\":\"Microsoft\u2019s October 2023 Patch Tuesday covers 103 CVEs, including three zero-day flaws. Review our breakdown of this Patch Tuesday.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/patch-tuesday-october-2023\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.esecurityplanet.com\/threats\/patch-tuesday-october-2023\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/patch-tuesday-october-2023\/#primaryimage\",\"url\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/10\/esp_20231011-patch-tuesday-october-2023.jpg\",\"contentUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/10\/esp_20231011-patch-tuesday-october-2023.jpg\",\"width\":1400,\"height\":900,\"caption\":\"Image: \u0414\u043c\u0438\u0442\u0440\u0438\u0439 \u041d\u043e\u0433\u0430\u0435\u0432\/Adobe Stock\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/patch-tuesday-october-2023\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.esecurityplanet.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"October 2023 Patch Tuesday Includes Three Zero-Days Flaws\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#website\",\"url\":\"https:\/\/www.esecurityplanet.com\/\",\"name\":\"eSecurity Planet\",\"description\":\"Industry-leading guidance and analysis for how to keep your business secure.\",\"publisher\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.esecurityplanet.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\",\"name\":\"eSecurityPlanet\",\"url\":\"https:\/\/www.esecurityplanet.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png\",\"contentUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png\",\"width\":1134,\"height\":375,\"caption\":\"eSecurityPlanet\"},\"image\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/eSecurityPlanet\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/814377f0182cc43200a4581fba4ec795\",\"name\":\"Jeff Goldman\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2021\/08\/jeff-goldman-150x150.jpg\",\"contentUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2021\/08\/jeff-goldman-150x150.jpg\",\"caption\":\"Jeff Goldman\"},\"description\":\"eSecurity Planet contributor Jeff Goldman has been a technology journalist for more than 20 years and an eSecurity Planet contributor since 2009. He's also written extensively about wireless and broadband infrastructure and semiconductor engineering. He started his career at MTV, but soon decided that technology writing was a more promising path.\",\"url\":\"https:\/\/www.esecurityplanet.com\/author\/jeff-goldman\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"October 2023 Patch Tuesday Includes Three Zero-Days Flaws","description":"Microsoft\u2019s October 2023 Patch Tuesday covers 103 CVEs, including three zero-day flaws. Review our breakdown of this Patch Tuesday.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.esecurityplanet.com\/threats\/patch-tuesday-october-2023\/","og_locale":"en_US","og_type":"article","og_title":"October 2023 Patch Tuesday Includes Three Zero-Days Flaws","og_description":"Microsoft\u2019s October 2023 Patch Tuesday covers 103 CVEs, including three zero-day flaws. Review our breakdown of this Patch Tuesday.","og_url":"https:\/\/www.esecurityplanet.com\/threats\/patch-tuesday-october-2023\/","og_site_name":"eSecurity Planet","article_published_time":"2023-10-11T15:23:05+00:00","article_modified_time":"2023-11-14T16:11:28+00:00","og_image":[{"width":1400,"height":900,"url":"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/10\/esp_20231011-patch-tuesday-october-2023.jpg","type":"image\/jpeg"}],"author":"Jeff Goldman","twitter_card":"summary_large_image","twitter_creator":"@eSecurityPlanet","twitter_site":"@eSecurityPlanet","twitter_misc":{"Written by":"Jeff Goldman","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.esecurityplanet.com\/threats\/patch-tuesday-october-2023\/#article","isPartOf":{"@id":"https:\/\/www.esecurityplanet.com\/threats\/patch-tuesday-october-2023\/"},"author":{"name":"Jeff Goldman","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/814377f0182cc43200a4581fba4ec795"},"headline":"October 2023 Patch Tuesday Includes Three Zero-Days Flaws","datePublished":"2023-10-11T15:23:05+00:00","dateModified":"2023-11-14T16:11:28+00:00","mainEntityOfPage":{"@id":"https:\/\/www.esecurityplanet.com\/threats\/patch-tuesday-october-2023\/"},"wordCount":1030,"publisher":{"@id":"https:\/\/www.esecurityplanet.com\/#organization"},"image":{"@id":"https:\/\/www.esecurityplanet.com\/threats\/patch-tuesday-october-2023\/#primaryimage"},"thumbnailUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/10\/esp_20231011-patch-tuesday-october-2023.jpg","keywords":["cloud security","cybersecurity","Microsoft","network security","Patch Management","security","vulnerabilities","Web security"],"articleSection":["Threats"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.esecurityplanet.com\/threats\/patch-tuesday-october-2023\/","url":"https:\/\/www.esecurityplanet.com\/threats\/patch-tuesday-october-2023\/","name":"October 2023 Patch Tuesday Includes Three Zero-Days Flaws","isPartOf":{"@id":"https:\/\/www.esecurityplanet.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.esecurityplanet.com\/threats\/patch-tuesday-october-2023\/#primaryimage"},"image":{"@id":"https:\/\/www.esecurityplanet.com\/threats\/patch-tuesday-october-2023\/#primaryimage"},"thumbnailUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/10\/esp_20231011-patch-tuesday-october-2023.jpg","datePublished":"2023-10-11T15:23:05+00:00","dateModified":"2023-11-14T16:11:28+00:00","description":"Microsoft\u2019s October 2023 Patch Tuesday covers 103 CVEs, including three zero-day flaws. Review our breakdown of this Patch Tuesday.","breadcrumb":{"@id":"https:\/\/www.esecurityplanet.com\/threats\/patch-tuesday-october-2023\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.esecurityplanet.com\/threats\/patch-tuesday-october-2023\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esecurityplanet.com\/threats\/patch-tuesday-october-2023\/#primaryimage","url":"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/10\/esp_20231011-patch-tuesday-october-2023.jpg","contentUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/10\/esp_20231011-patch-tuesday-october-2023.jpg","width":1400,"height":900,"caption":"Image: \u0414\u043c\u0438\u0442\u0440\u0438\u0439 \u041d\u043e\u0433\u0430\u0435\u0432\/Adobe Stock"},{"@type":"BreadcrumbList","@id":"https:\/\/www.esecurityplanet.com\/threats\/patch-tuesday-october-2023\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.esecurityplanet.com\/"},{"@type":"ListItem","position":2,"name":"October 2023 Patch Tuesday Includes Three Zero-Days Flaws"}]},{"@type":"WebSite","@id":"https:\/\/www.esecurityplanet.com\/#website","url":"https:\/\/www.esecurityplanet.com\/","name":"eSecurity Planet","description":"Industry-leading guidance and analysis for how to keep your business secure.","publisher":{"@id":"https:\/\/www.esecurityplanet.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.esecurityplanet.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.esecurityplanet.com\/#organization","name":"eSecurityPlanet","url":"https:\/\/www.esecurityplanet.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/","url":"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png","contentUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png","width":1134,"height":375,"caption":"eSecurityPlanet"},"image":{"@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/eSecurityPlanet"]},{"@type":"Person","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/814377f0182cc43200a4581fba4ec795","name":"Jeff Goldman","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/image\/","url":"https:\/\/assets.esecurityplanet.com\/uploads\/2021\/08\/jeff-goldman-150x150.jpg","contentUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2021\/08\/jeff-goldman-150x150.jpg","caption":"Jeff Goldman"},"description":"eSecurity Planet contributor Jeff Goldman has been a technology journalist for more than 20 years and an eSecurity Planet contributor since 2009. He's also written extensively about wireless and broadband infrastructure and semiconductor engineering. He started his career at MTV, but soon decided that technology writing was a more promising path.","url":"https:\/\/www.esecurityplanet.com\/author\/jeff-goldman\/"}]}},"_links":{"self":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts\/32291"}],"collection":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/users\/166"}],"replies":[{"embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/comments?post=32291"}],"version-history":[{"count":4,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts\/32291\/revisions"}],"predecessor-version":[{"id":32835,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts\/32291\/revisions\/32835"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/media\/32294"}],"wp:attachment":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/media?parent=32291"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/categories?post=32291"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/tags?post=32291"},{"taxonomy":"b2b_audience","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_audience?post=32291"},{"taxonomy":"b2b_industry","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_industry?post=32291"},{"taxonomy":"b2b_product","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_product?post=32291"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}