by in
.
It’s like putting a band-aid on a broken arm, Microsoft’s August 2023 Patch Tuesday is a small measure to stop cyberattackers, but it won’t be enough to protect against the more serious exploits like zero-day vulnerabilities.
Summary: The August 2023 Microsoft security updates are out with 74 CVE-numbered bugs fixed, two of which are Exploitation Detected and have no CVE numbers. The first relates to Microsoft’s Mark of the Web (MotW) labelling system and was a zero-day until patched in July 2023. The second is an update to the Memory Integrity System Readiness Scan Tool which Microsoft has published without a RSRC section. In addition to the 74 CVE-numbered bugs, there are three with high cybersecurity danger scores on the CVSS scale, one of which is an Exchange bug that gives attackers a way to attack and recover passwords for other users, and two Teams vulnerabilities, both of which can lead directly to remote code execution if lured into joining a booby-trapped Teams meeting. It is recommended to patch early and often, and to be wary of online invitations.
