These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:
CVE-2023-24936
· Title: .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
· Version: 3.0
· Reason for revision: In the Security Updates table, added all supported versions of all supported versions of .NET Framework, Visual Studio 2022 version 17.0, Visual Studio 2022 version 17.2, and Visual Studio 2022 version 17.4 because these products are also affected by this vulnerability. Microsoft strongly recommends that customers running any of these products install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.
· Originally released: June 13, 2023
· Last updated: July 13, 2023
· Aggregate CVE Severity Rating: Moderate
CVE-2023-27909
· Title: AutoDesk: CVE-2023-27909 Out-Of-Bounds Write Vulnerability in Autodesk® FBX® SDK 2020 or prior
· Version: 2.0
· Reason for revision: In the Security Updates table, added all supported versions of 3D Viewer, Microsoft Office 2019, Microsoft Office LTSC 2021, and Microsoft 365 Apps for Enterprise because these products are also affected by this vulnerability. Microsoft strongly recommends that customers running any of these products install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.
· Originally released: June 13, 2023
· Last updated: September 14, 2023
· Aggregate CVE Severity Rating: Important
CVE-2023-27911
· Title: AutoDesk: CVE-2023-27911 Heap buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior
· Version: 2.0
· Reason for revision: In the Security Updates table, added all supported versions of 3D Viewer, Microsoft Office 2019, Microsoft Office LTSC 2021, and Microsoft 365 Apps for Enterprise because these products are also affected by this vulnerability. Microsoft strongly recommends that customers running any of these products install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.
· Originally released: June 13, 2023
· Last updated: September 14, 2023
· Aggregate CVE Severity Rating: Important
CVEs have been published or revised in the Security Update Guide September 14, 2023
+63Daniel - Microsoft MVP Consumer Security (2012-2016) Windows 10 Pro x64 for Workstations 22H2 on my Alienware 17R2 and Windows 11 Pro x64 for Workstations on my Alienware 17R5 Laptops with Webroot SecureAnywhere Complete Beta Tester for PC & Android Samsung Galaxy A16 5G OS 16.
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.