Microsoft Enhances Stability of Business Systems

In October, Microsoft issued updates to correct a total of 104 vulnerabilities, which included the elimination of three actively operated zero-day vulnerabilities. Out of all the errors that were fixed, 45 were categorized as remote code execution (RCE) vulnerabilities, with only 12 of them being marked as critical.

Here is the distribution of the corrected vulnerabilities by category:

  • Increase in privileges: 26
  • Bypass of security systems: 3
  • Remote code execution: 45
  • Disclosure of information: 12
  • Denial of Service (DOS): 17
  • Others: 1

It is important to note that the total number of threats does not include a vulnerability in Chromium, which was tracked as cve-2023-5346 and was transferred to Microsoft Edge after Google fixed it on October 3.

In addition, Microsoft addressed three actively operated zero-day vulnerabilities this month, two of which were published. A vulnerability is classified as a zero-day if it is published or actively operated without an official fix.

One of the vulnerabilities is cve-2023-41763, which affects Skype for Business and has a CVSS score of 5.3. This vulnerability allows an attacker to view certain confidential information, but not all resources in the vulnerable component can be disclosed. The hacker cannot make changes to the disclosed information or limit access to the resource. Exploiting this vulnerability can enable attackers to penetrate internal networks, as Skype is typically accessible to the public Internet. The vulnerability has been publicly disclosed.

The second vulnerability, cve-2023-36563, affects Microsoft WordPad and involves the disclosure of information that can be used to steal NTLM drift when opening a document in WordPad. To exploit this vulnerability, the attacker needs initial access to the system. Once inside, the cybercriminal can launch a specially crafted application to take control of the affected system. The hacker may also trick a local user into opening a malicious file through

/Reports, release notes, official announcements.