Microsoft September 2023 Security Updates

NICK ADSL UK · 12 Sep 2023

September 2023 Security Updates
This release consists of the following 59 Microsoft CVEs:
Tag CVE Base Score CVSS Vector Exploitability FAQs? Workarounds? Mitigations?
Microsoft Azure Kubernetes Service CVE-2023-29332
Azure DevOps CVE-2023-33136
Windows Cloud Files Mini Filter Driver CVE-2023-35355
Microsoft Identity Linux Broker CVE-2023-36736
3D Viewer CVE-2023-36739
3D Viewer CVE-2023-36740
Visual Studio Code CVE-2023-36742
Microsoft Exchange Server CVE-2023-36744
Microsoft Exchange Server CVE-2023-36745
Microsoft Exchange Server CVE-2023-36756
Microsoft Exchange Server CVE-2023-36757
Visual Studio CVE-2023-36758
Visual Studio CVE-2023-36759
3D Viewer CVE-2023-36760
Microsoft Office Word CVE-2023-36761
Microsoft Office Word CVE-2023-36762
Microsoft Office Outlook CVE-2023-36763
Microsoft Office SharePoint CVE-2023-36764
Microsoft Office CVE-2023-36765
Microsoft Office Excel CVE-2023-36766
Microsoft Office CVE-2023-36767
3D Builder CVE-2023-36770
3D Builder CVE-2023-36771
3D Builder CVE-2023-36772
3D Builder CVE-2023-36773
Microsoft Exchange Server CVE-2023-36777
.NET Framework CVE-2023-36788
.NET and Visual Studio CVE-2023-36792
.NET and Visual Studio CVE-2023-36793
.NET and Visual Studio CVE-2023-36794
.NET and Visual Studio CVE-2023-36796
.NET Core & Visual Studio CVE-2023-36799
Microsoft Dynamics Finance & Operations CVE-2023-36800
Windows DHCP Server CVE-2023-36801
Microsoft Streaming Service CVE-2023-36802
Windows Kernel CVE-2023-36803
Windows GDI CVE-2023-36804
Windows Scripting CVE-2023-36805
Microsoft Dynamics CVE-2023-36886
Windows Kernel CVE-2023-38139
Windows Kernel CVE-2023-38140
Windows Kernel CVE-2023-38141
Windows Kernel CVE-2023-38142
Windows Common Log File System Driver CVE-2023-38143
Windows Common Log File System Driver CVE-2023-38144
Windows Themes CVE-2023-38146
Microsoft Windows Codecs Library CVE-2023-38147
Windows Internet Connection Sharing (ICS) CVE-2023-38148
Windows TCP/IP CVE-2023-38149
Windows Kernel CVE-2023-38150
Windows DHCP Server CVE-2023-38152
Azure DevOps CVE-2023-38155
Azure HDInsights CVE-2023-38156
Windows TCP/IP CVE-2023-38160
Windows GDI CVE-2023-38161
Windows DHCP Server CVE-2023-38162
Windows Defender CVE-2023-38163
Microsoft Dynamics CVE-2023-38164
Microsoft Office CVE-2023-41764
We are republising 6 non-Microsoft CVEs:
CNA Tag CVE FAQs? Workarounds? Mitigations?
Autodesk 3D Viewer CVE-2022-41303 Yes No No
Electron Visual Studio Code CVE-2023-39956 Yes No No
Chrome Microsoft Edge (Chromium-based) CVE-2023-4761 Yes No No
Chrome Microsoft Edge (Chromium-based) CVE-2023-4762 Yes No No
Chrome Microsoft Edge (Chromium-based) CVE-2023-4763 Yes No No
Chrome Microsoft Edge (Chromium-based) CVE-2023-4764 Yes No No
Security Update Guide Blog Posts
Date Blog Post
January 11, 2022 Coming Soon: New Security Update Guide Notification System
February 9, 2021 Continuing to Listen: Good News about the Security Update Guide API
January 13, 2021 Security Update Guide Supports CVEs Assigned by Industry Partners
December 8, 2020 Security Update Guide: Let’s keep the conversation going
November 9, 2020 Vulnerability Descriptions in the New Version of the Security Update Guide
Relevant Resources

The new Hotpatching feature is now generally available. Please see Hotpatching feature for Windows Server Azure Edition virtual machines (VMs) for more information.
Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.
A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.

Known Issues
You can see these in more detail from the Deployments tab by selecting Known Issues column in the Edit Columns panel.

For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).

KB Article Applies To
5002472 SharePoint Server 2019 Core
5002474 SharePoint Server Subscription Edition
5002494 SharePoint Enterprise Server 2016
5002501 SharePoint Enterprise Server 2016
5030216 Windows Server 2022
5030261 Windows Server 2008 R2 (Security-only update)
5030265 Windows Server 2008 R2 (Monthly Rollup)
5030271 Windows Server 2008 (Monthly Rollup)
5030286 Windows Server 2008 (Security-only update)
Released: Sep 12, 2023
September 2023 Security Updates - Release Notes - Security Update Guide - Microsoft