: Today's Patch Tuesday summary: this month's release addresses 61 vulnerabilities from Microsoft: TWO zero days (one with PoC!), five critical.
Plus many important third-party vulnerabilities: Android, Google Chrome, Firefox, Ivanti, SCADA, Citrix, Splunk, Notepad++, Juniper, Apple, Skype, WinRAR, Intel, AMD, and Siemens.
Quick summary:
Windows: 61 vulnerabilities:
two zero-days: CVE-2023-36761 and CVE-2023-36802
five critical: CVE-2023-38148, CVE-2023-36796, CVE-2023-36793, CVE-2023-36792, CVE-2023-29332
Android: two sets of fixed vulnerabilities, one zero-day CVE-2023-35674
Adobe: zero-day CVE-2023-26369
Chrome: 9 vulnerabilities
Ivanti: seven critical vulnerabilities
SCADA: zero-day CVE-2023-39476 (CVSS 9.8)
Citrix: CVE-2023-3519, part of extensive malware campaign
Splunk: several serious vulnerabilities
Notepad++: four critical vulnerabilities
Juniper: four serious vulnerabilities
Apple: two zero-daysCVE-2023-41064 and CVE-2023-41061
Skype: vulnerability revealing user's IP address
WinRAR: serious vulnerabilities CVE-2023-40477 and CVE-2023-38831
Intel: CVE-2022-40982, aka "Downfall"
AMD: CVE-2023-20569 aka “Inception"
Siemens: over 30 vulnerabilities
Sorry, can’t post the full details here due to the max post size limit, so go to the Action1 Vulnerability Digest page: https://www.action1.com/patch-tuesday-september-2023/?vmr (it is updated in real-time as we learn more)
Plus many important third-party vulnerabilities: Android, Google Chrome, Firefox, Ivanti, SCADA, Citrix, Splunk, Notepad++, Juniper, Apple, Skype, WinRAR, Intel, AMD, and Siemens.