Microsoft Patch Tuesday Update – September 2023

Today is the second Tuesday of September 2023 and it’s Time to check out the latest security updates from Microsoft.

Today (12/Sep/2023) is the second Tuesday of this month and as part of the September 2023 Microsoft Patch Tuesday Update the company has released a bunch of cumulative updates to resolve vulnerabilities in its operating systems and other products, like the Microsoft Office productivity suite, while also addressing a series of other bugs related to performance and usability. Let’s look at the highlights of Microsoft Patch Tuesday update September 2023 for Windows 11 and Windows 10.

What is Patch Tuesday?
Microsoft Patch Tuesday Update, the colloquial term for Microsoft’s Update Tuesday that falls on the second Tuesday of every month. 

Microsoft Patch Tuesday update September 2023

Today’s patch comes with fixes for more than 66 vulnerabilities in Windows, Office, and other components, Where five flaws are classified as ‘Critical’ as they allow privilege elevation, spoofing, or remote code execution, 54 are rated as important in severity and one is rated as moderate. Also, Microsoft has addressed two zero-day publicly exploited vulnerabilities fixed in this month’s updates.

As per the release notes, the September 2023 Microsoft Patch Tuesday Update fixed 17 Elevation of Privilege security issues, 4 security Feature Bypass Vulnerabilities, 24 Remote Code Execution bugs, 9 Information Disclosure vulnerabilities, 3 Denial of Service Vulnerabilities, and 5 Spoofing Vulnerabilities.

September 2023 Patch Tuesday comes with fixes for 66 vulnerabilities, five of these vulnerabilitiesare rated as Critical and 54 as Important and one is rated Moderate in severity.

The two actively exploited zero-day vulnerabilities in today’s updates are

CVE-2023-36802 – Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability

  • CVE-2023-36802: Important-rated vulnerability with a CVSS score of 7.8
  • Affected Component: Microsoft Streaming Service Proxy, related to Microsoft Stream
  • Proof-of-concept not publicly released as of now
  • Potential Exploitation: Grants attacker SYSTEM privileges
  • Exploited in the wild as a zero-day
  • Discovery Credits:
    • Valentina Palmiotti from IBM X-Force
    • Quan Jin and ze0r from DBAPPSecurity WeBin Lab
    • Microsoft Security Response Center (MSRC) and Microsoft Threat Intelligence are involved in reporting

CVE-2023-36761 – Microsoft Word Information Disclosure Vulnerability

  • CVE-2023-36761: Important-rated vulnerability with a CVSS score of 6.2
  • Affected Component: Microsoft Office Word
  • Vulnerability Type: Information disclosure, specifically NTLM hashes
  • Exploitation Method: Utilizing the preview pane when opening a document
  • Potential Consequence: Attacker gains access to NTLM hashes, important for account access
  • Exploitation Use Cases: Cracking the hashes or employing them in an NTLM relay attack
  • Flaw Details: Publicly disclosed

According to Microsoft, CVE-2023-23397 was exploited as a zero-day by a Russia-based threat actor.

Also, there is CVE-2023-36744CVE-2023-36745 and CVE-2023-36756 are RCE vulnerabilities affecting Microsoft Exchange. Successful exploitation of these vulnerabilities requires an attacker to authenticate with LAN access and have valid credentials for an Exchange user.

CVE-2023-38143 and CVE-2023-38144 are EoP vulnerabilities in the Windows Common Log File System (CLFS) Driver. ” An authenticated attacker could exploit these vulnerabilities to gain SYSTEM privileges.

Update for Windows client versions

The following client versions of Windows have known issues: Windows 10, Windows 11

Windows 10 version 21H2 and 22H2: 16 vulnerabilities, 1 critical and 15 important.

  • Internet Connection Sharing (ICS) Remote Code Execution Vulnerability — CVE-2023-38148

Windows 11 version 22H2:  18 vulnerabilities, 1 critical and 17 important.

Same as Windows 10 version 22H2, Internet Connection Sharing (ICS) Remote Code Execution Vulnerability — CVE-2023-38148

Recent updates from other companies

Third-party vendors such as Citrix, Fortinet, Google, Cisco, and SAP have released updates since last month’s Patch Tuesday.

Windows security updates September 2023

September 2023 (Patch Tuesday) Windows security updates are the following:

  • KB5030219 (OS Build 22621.2283) for the latest Windows 11 version 22H2
  • KB5030217 (OS Build 22000.2416) for the latest Windows 11 version 21H2
  • KB5030211 (OS Builds 19045.3448) for the latest Windows 10 version 21H2
  • KB5030214 (OS Build 17763.4851) for the latest Windows 10 version 1809

All these updates only include minor patches and security fixes, rather than any new features.

Note: Windows 11 was released with a number of new features and improvements as a free upgrade for eligible Windows 10 devices. Here is how to upgrade to Windows 11 for free.

Windows 11

For Windows 11 version 22H2, there is a new Cumulative Update KB5030219 that advances the build number to 22621.2283 and addresses security issues for your Windows operating system.

This update brings several key improvements to Windows 11. It resolves issues with the Resultant Set of Policy (RSoP) report when enabling optional updates and introduces a new policy for better control over their installation.

Additionally, it enhances the search experience by adding highlights and refining the search bar’s behavior. Users will also notice improved Narrator accuracy in identifying search results.

These changes collectively aim to significantly enhance the overall user experience, particularly for those who frequently utilize Windows search.

You can read the complete changelog here.

Windows 10

KB5030211 patch for Windows 10 version 22H2 Advance build number 19045.3448 and focuses on security fixes and minor improvements.

This update brings several valuable enhancements to Windows 10. It introduces a new Windows Backup app for efficient app and file management, ensuring easy recovery.

Improved location detection enhances weather, news, and traffic information accuracy. Notable additions include notification badging for Microsoft accounts on the Start menu and support for daylight saving time changes in Israel.

Additionally, fixes have been implemented for the search box and the Group Policy Service, addressing delays in policy processing and network availability.

This update also resolves a settings synchronization issue, even when toggled in the Windows backup page within the Settings app.

You can read the complete changelog here Microsoft support.

Microsoft Security update download September 2023

All these Windows 10 September 2023 Patch Tuesday updates are automatically downloaded and installed via Windows update. Or you force Windows update from settings, Windows update and check for updates to download and install the latest patch updates immediately.

windows 11 KB5030219 update

Microsoft has published download links for Windows update offline installers if you prefer manual installation over Windows Update.

Windows 10 KB5030214 (for version 1809) Offline Download links

If you are Looking for Windows 10 version 22H2 ISO image, click here.

Or Check How to Upgrade to Windows 10 version 22H2 Using the media creation tool.

If you face any difficulty while installing these updates, Check the Windows 10 Update troubleshooting guide to fix the Windows 10 update KB5030211 stuck downloading, failed to install with different errors, etc.

FAQ on Patch Tuesday update

What is Patch Tuesday?

  • Patch Tuesday is the colloquial term for Microsoft’s Update Tuesday which falls on the second Tuesday of every month.

When is Patch Tuesday?

  • Patch Tuesday falls on the second Tuesday of each month. The upcoming Patch Tuesday is on 10 October 2023.

What is patching and why is it important?

  • Patches are nothing but pieces of software code that are written to fix a bug in a software application that might lead to a vulnerability.

What kind of patch updates are released during Patch Tuesday?

  • Predominantly security patch updates of varying severity like Critical, Important, Moderate and low are labeled and released.

What are CVE IDs?

  • CVE ID – Common Vulnerabilities and Exposure ID is a format in which each vulnerability is disclosed and cataloged in the National Vulnerability Database (NVD).

Also Read

2 thoughts on “Microsoft Patch Tuesday Update – September 2023”

  1. Michelle Ford

    I only have a basic-moderate understanding of dos/software/updates. It normally only takes about an hour for me to find a fix.
    I am unable to locate the update patch to fix 2021-05 Cumulative Update for Windows 10 Version 2004 for x64-based Systems (KB5003173) for OS build 19041.630.
    I am getting an error message: “Your device is missing important security and quality fixes.” (0x80073701).
    I am now getting rather frustrated, as I have literally spent over 5 hours searching the web and have followed a multitude of “fixes” and none have worked, including the manual download of the update from .
    Inability to successfully install this update (after it says 100% installed), is preventing the installation of the Windows 10 version 20H2 update (which is automatically showing the same error).
    I live off grid, in a remote rural area and unable to get technical assistance readily. Would appreciate assistance.

    1. Steve Ballmer

      Have you tried to install windows updates on clean boot?
      Clean boot fix the problem if any third-party service conflict prevents apply these updates.

      In addition, make sure to disable third-party antivirus, disconnect VPN (If configured), Check you have enough free disk space,

      Disconnect the internet connection and try install the offline package.

      Let us know if need more help, feel free to contact

Leave a Comment

Related posts

Scroll to Top