Microsoft has released its Patch Tuesday updates for October 2023, addressing a total of 103 flaws in its software, two of which have come under active exploitation in the wild.
Of the 103 flaws, 13 are rated Critical and 90 are rated Important in severity. This is apart from 18 security vulnerabilities addressed in its Chromium-based Edge browser since the second Tuesday of September.
The two vulnerabilities that been weaponized as zero-days are as follows –
- CVE-2023-36563 (CVSS score: 6.5) – An information disclosure vulnerability in Microsoft WordPad that could result in the leak of NTLM hashes
- CVE-2023-41763 (CVSS score: 5.3) – A privilege escalation vulnerability in Skype for Business that could lead to exposure of sensitive information such as IP addresses or port numbers (or both), enabling threat actors to gain access to internal networks