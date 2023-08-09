Microsoft Corp. has issued software updates to address over 70 security vulnerabilities in its Windows operating systems and related products. Among the fixes, six were classified as “critical,” which means they can be exploited by malware or attackers to install software on vulnerable Windows systems without any user assistance.

One of the vulnerabilities addressed is CVE-2023-36884, which involves bypassing the Windows Search Security feature. Microsoft also released ADV230003, a defense-in-depth update to prevent exploitation of this vulnerability. Since it has already been exploited in the wild as a zero-day vulnerability, organizations are advised to prioritize patching and applying the defense-in-depth update.

Another vulnerability, CVE-2023-38180, has been actively exploited and affects .NET and Visual Studio. It leads to a denial-of-service condition on vulnerable servers. Although the attacker needs to be on the same network, they do not require user privileges on the target system.

The update also includes fixes for six vulnerabilities in Microsoft Exchange Server, one of which is CVE-2023-21709. This elevation of privilege flaw has a high CVSSv3 score but is categorized as important rather than critical by Microsoft. It can be exploited through brute-force attacks against valid user accounts, particularly those with weak passwords.

Additionally, a remote code execution bug in the Microsoft Message Queuing service (CVE-2023-36910) poses a critical risk to systems running Windows 10, 11, and Server 2008-2022. Although Microsoft considers it less likely to be exploited, any device with the message queuing service enabled is still at risk.

In a separate release, Adobe issued a critical security update for Acrobat and Reader, resolving around 30 vulnerabilities. There have been no reported exploits targeting these flaws. The company also provided security updates for Adobe Commerce and Adobe Dimension.

As with any updates, if users encounter difficulties during installation, they are encouraged to share their experiences and seek assistance from others who may have encountered similar issues.

Additional resources for further information on these updates include the SANS Internet Storm Center and AskWoody.com.