JPCERT-AT-2023-0019 JPCERT/CC 2023-09-13 <<< JPCERT/CC Alert 2023-09-13 >>> Microsoft Releases September 2023 Security Updates https://www.jpcert.or.jp/english/at/2023/at230019.html I. Overview Microsoft has released September 2023 Security Updates to address the vulnerabilities in their products. Remote attackers leveraging these vulnerabilities may be able to execute arbitrary code. It is recommended to check the information provided by Microsoft and apply the updates. Microsoft Corporation September 2023 Security Updates https://msrc.microsoft.com/update-guide/en-us/releaseNote/2023-Sep Microsoft Corporation Microsoft Security Updates for September 2023 (Monthly) (Japanese) https://msrc.microsoft.com/blog/2023/09/202309-security-update/ According to Microsoft, among the vulnerabilities, the following vulnerabilities have been confirmed to be exploited in the wild. Please consider applying the security update programs by referring to the information provided by Microsoft. CVE-2023-36761 Microsoft Word Information Disclosure Vulnerability https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36761 CVE-2023-36802 Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36802 II. Solution Please apply the security update programs through Microsoft Update, Windows Update, etc. as soon as possible. Microsoft Update Catalog https://www.catalog.update.microsoft.com/ Windows Update: FAQ https://support.microsoft.com/en-us/help/12373/windows-update-faq III. References Microsoft Corporation Release Notes https://msrc.microsoft.com/update-guide/releaseNote If you have any information regarding this alert, please contact JPCERT/CC. ====================================================================== JPCERT Coordination Center (Early Warning Group) MAIL: ew-info@jpcert.or.jp https://www.jpcert.or.jp/english/