These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:
ADV190023
· Title: Microsoft Guidance for Enabling LDAP Channel Binding and LDAP Signing
· Version: 4.3
· Reason for revision: With the release of the January 9, 2024 security updates, the auditing changes added in August 2023 are now available on Windows Server 2019. You do not need to install MSIs or create policies as mentioned in Step 3 of Recommended Actions.
· Originally released: August 13, 2019
· Last updated: January 9, 2024
· Aggregate CVE Severity Rating: None
CVE-2023-29349
· Title: Microsoft ODBC and OLE DB Remote Code Execution Vulnerability
· Version: 2.0
· Reason for revision: In the Security Updates table, added Microsoft Visual Studio 2019 version 16.11, Visual Studio 2022 version 17.2, Visual Studio 2022 version 17.4, Visual Studio 2022 version 17.6, and Visual Studio 2022 version 17.8 because these products are also affected by this vulnerability. Microsoft strongly recommends that customers running any of these products install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.
· Originally released: June 15, 2023
· Last updated: January 9, 2024
· Aggregate CVE Severity Rating: Important
CVE-2023-29356
· Title: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
· Version: 2.0
· Reason for revision: In the Security Updates table, added Microsoft Visual Studio 2019 version 16.11, Visual Studio 2022 version 17.2, Visual Studio 2022 version 17.4, Visual Studio 2022 version 17.6, and Visual Studio 2022 version 17.8 because these products are also affected by this vulnerability. Microsoft strongly recommends that customers running any of these products install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.
· Originally released: June 15, 2023
· Last updated: January 9, 2024
· Aggregate CVE Severity Rating: Important
CVE-2023-32025
· Title: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
· Version: 2.0
· Reason for revision: In the Security Updates table, added Microsoft Visual Studio 2019 version 16.11, Visual Studio 2022 version 17.2, Visual Studio 2022 version 17.4, Visual Studio 2022 version 17.6, and Visual Studio 2022 version 17.8 because these products are also affected by this vulnerability. Microsoft strongly recommends that customers running any of these products install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.
· Originally released: June 15, 2023
· Last updated: January 9, 2024
· Aggregate CVE Severity Rating: Important
CVE-2023-32026
· Title: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
· Version: 2.0
· Reason for revision: In the Security Updates table, added Microsoft Visual Studio 2019 version 16.11, Visual Studio 2022 version 17.2, Visual Studio 2022 version 17.4, Visual Studio 2022 version 17.6, and Visual Studio 2022 version 17.8 because these products are also affected by this vulnerability. Microsoft strongly recommends that customers running any of these products install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.
· Originally released: June 15, 2023
· Last updated: January 9, 2024
· Aggregate CVE Severity Rating: Important
CVE-2023-32027
· Title: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
· Version: 2.0
· Reason for revision: In the Security Updates table, added Microsoft Visual Studio 2019 version 16.11, Visual Studio 2022 version 17.2, Visual Studio 2022 version 17.4, Visual Studio 2022 version 17.6, and Visual Studio 2022 version 17.8 because these products are also affected by this vulnerability. Microsoft strongly recommends that customers running any of these products install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.
· Originally released: June 15, 2023
· Last updated: January 9, 2024
· Aggregate CVE Severity Rating: Important
CVE-2023-32028
· Title: Microsoft SQL OLE DB Remote Code Execution Vulnerability
· Version: 2.0
· Reason for revision: In the Security Updates table, added Microsoft Visual Studio 2019 version 16.11, Visual Studio 2022 version 17.2, Visual Studio 2022 version 17.4, Visual Studio 2022 version 17.6, and Visual Studio 2022 version 17.8 because these products are also affected by this vulnerability. Microsoft strongly recommends that customers running any of these products install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.
· Originally released: June 15, 2023
· Last updated: January 9, 2024
· Aggregate CVE Severity Rating: Important
CVE-2023-36042
· Title: Visual Studio Denial of Service Vulnerability
· Version: 2.0
· Reason for revision: In the Security Updates table, added .NET Framework 3.5 and 4.8.1 installed on all supported versions of the following: Windows 10 version 21H2, Windows 10 version 22H2, Windows Server 2022, Windows 11 version 21H2, Windows 11 version 22H2, Windows 11 version 23H2, and Windows Server Windows Server 2022, 23H2 Edition (Server Core installation) as .NET Framework 4.8.1 is affected by this vulnerability. Microsoft recommends that customers install the January 2024 updates to be fully protected from this vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.
· Originally released: November 14, 2023
· Last updated: January 9, 2024
· Aggregate CVE Severity Rating: Important
CVEs have been published or revised in the Security Update Guide January 10, 2024
+63Be the first to reply!
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.