Alert: Microsoft Security Updates – September 2023
Microsoft has released security updates to address vulnerabilities in multiple products, including but not limited to:
Microsoft Office
Microsoft Outlook
Microsoft Exchange Server
Azure Kubernetes Service
Microsoft Visual Studio – multiple versions and platforms
.NET 7.0 and 6.0
Windows 10 and 11 – multiple platforms
The released updates for Microsoft products, include security patches for 2 zero-day vulnerabilities:
CVE-2023-36761 - Microsoft Word Information Disclosure Vulnerability
CVE-2023-36802 - Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability
Security Risks
If the identified vulnerabilities in Microsoft products are not patched, authenticated attackers can remotely gain control of vulnerable systems and run malicious code with elevated privileges.
The National Cyber Security Authority (NCSA) recommends users and administrators:
1. apply the latest security patches, as soon as possible, to prevent unauthorized control over unpatched systems.
2. upgrade immediately to the latest supported version of installed Microsoft software in order to continue receiving technical support and security patches.
The following Microsoft software products reached their end-of-life and need to be upgraded immediately:
Windows Vista, XP, 8 and 7
Windows Server 2003, 2003 RE, 2008, 2008 RE, 2008 SP2
Exchange Server 2003, 2007, 2010, 2013
Microsoft SQL Server 2005, 2008, 2012
Microsoft Office 20133.
3. Before any updating task, ensure you have a current tested backup of your data.
For further information and support, please contact the National Cyber Security Authority (NCSA) by emailing rwcsirt@ncsa.gov.rw or calling us on 9009.