August 2023 Patch Tuesday Updates are Now Available on Windows 11 and Windows 10
Microsoft has released today the August 2023 Patch Tuesday updates for Windows 11 and Windows 10. This month, Microsoft fixed 86 vulnerabilities in Windows, Office, and other components, and you can also expect the usual bug fixes and quality improvements.
After the July Patch Tuesday update for Windows 11 version 22H2 enabled the new “Moment 3” features on the latest version of Windows, we’ll likely need to wait until Windows 11 version 23H2 ships later this fall to see new features come to the OS. Microsoft already announced that the next annual update for Windows 11 will be released as an enablement package, which should guarantee a seamless update process for organizations
August 2023 Patch Tuesday updates fix over 80 vulnerabilities
As pointed out by the Zero Day Initiative, Microsoft released a total of 86 patches today, with fixes for six critical vulnerabilities. None of them are already being exploited by attackers, however.
Here are the most important vulnerabilities you should know about this month:
- CVE-2023-35385/36910/36911: These three Microsoft Message Queuing Remote Code Execution vulnerabilities could allow unauthenticated attackers to remotely execute code on the target server. However, the Windows message queuing service needs to be enabled to make systems vulnerable, and this feature can be enabled from the Control Panel.
- CVE-2023-29328/29330: These two Microsoft Teams Remote Code Execution vulnerabilities require attackers to trick victims into joining a Teams meeting which would enable them to perform remote code execution.
- CVE-2023-21709: This Microsoft Exchange Server Elevation of Privilege vulnerability could allow attackers in a network-based attack to brute force user account passwords to log in as other users.
Here’s the full list of CVEs Microsoft released this month:
| Product | Impact | Max Severity | Article | Download | Details |
| Microsoft .NET Framework 2.0 Service Pack 2 | Elevation of Privilege | Important | 5029654 | Monthly Rollup | CVE-2023-36899 |
| Microsoft .NET Framework 2.0 Service Pack 2 | Elevation of Privilege | Important | 5029569 | Security Only | CVE-2023-36899 |
| Microsoft .NET Framework 4.6.2 | Elevation of Privilege | Important | 5029654 | Monthly Rollup | CVE-2023-36899 |
| Microsoft .NET Framework 4.6.2 | Elevation of Privilege | Important | 5029569 | Security Only | CVE-2023-36899 |
| Microsoft .NET Framework 3.5 AND 4.8.1 | Elevation of Privilege | Important | 5029649 | Security Update | CVE-2023-36899 |
| Microsoft .NET Framework 3.5 AND 4.8.1 | Elevation of Privilege | Important | 5029655 | Security Update | CVE-2023-36899 |
| Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 | Elevation of Privilege | Important | 5029653 | Monthly Rollup | CVE-2023-36899 |
| Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 | Elevation of Privilege | Important | 5029568 | Security Only | CVE-2023-36899 |
| Microsoft .NET Framework 3.5 AND 4.7.2 | Elevation of Privilege | Important | 5029647 | Security Update | CVE-2023-36899 |
| Microsoft .NET Framework 3.5 AND 4.8 | Elevation of Privilege | Important | 5029650 | Security Update | CVE-2023-36899 |
| Microsoft .NET Framework 3.5 AND 4.8 | Elevation of Privilege | Important | 5029647 | Security Update | CVE-2023-36899 |
| Microsoft .NET Framework 3.5 AND 4.8 | Elevation of Privilege | Important | 5029655 | Security Update | CVE-2023-36899 |
| Microsoft .NET Framework 4.8 | Elevation of Privilege | Important | 5028952 | Security Update | CVE-2023-36899 |
| Microsoft .NET Framework 3.5 AND 4.8.1 | Spoofing | Important | 5028948 | Security Update | CVE-2023-36873 |
| Microsoft .NET Framework 3.5 AND 4.8.1 | Spoofing | Important | 5029648 | Security Update | CVE-2023-36873 |
| Microsoft .NET Framework 3.5 AND 4.8.1 | Spoofing | Important | 5029650 | Security Update | CVE-2023-36873 |
| Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 | Spoofing | Important | 5029652 | Monthly Rollup | CVE-2023-36873 |
| Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 | Spoofing | Important | 5029567 | Security Only | CVE-2023-36873 |
| Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 | Spoofing | Important | 5029651 | Monthly Rollup | CVE-2023-36873 |
| Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 | Spoofing | Important | 5029566 | Security Only | CVE-2023-36873 |
| Microsoft .NET Framework 3.5 AND 4.8 | Spoofing | Important | 5029649 | Security Update | CVE-2023-36873 |
| Microsoft .NET Framework 3.5 AND 4.8 | Spoofing | Important | 5029648 | Security Update | CVE-2023-36873 |
| Microsoft .NET Framework 4.8 | Spoofing | Important | 5029653 | Monthly Rollup | CVE-2023-36873 |
| Microsoft .NET Framework 4.8 | Spoofing | Important | 5029568 | Security Only | CVE-2023-36873 |
| Microsoft .NET Framework 4.8 | Spoofing | Important | 5029652 | Monthly Rollup | CVE-2023-36873 |
| Microsoft .NET Framework 4.8 | Spoofing | Important | 5029567 | Security Only | CVE-2023-36873 |
| Microsoft .NET Framework 4.8 | Spoofing | Important | 5029651 | Monthly Rollup | CVE-2023-36873 |
| Microsoft .NET Framework 4.8 | Spoofing | Important | 5029566 | Security Only | CVE-2023-36873 |
| Azure DevOps Server 2019.0.1 | Spoofing | Important | Release Notes | Security Update | CVE-2023-36869 |
| Microsoft Dynamics 365 Business Central 2023 Release Wave 1 | Elevation of Privilege | Important | 5029765 | Security Update | CVE-2023-38167 |
| Microsoft Teams for Mac | Remote Code Execution | Critical | Release Notes | Security Update | CVE-2023-29328 |
| Microsoft Teams for Android | Remote Code Execution | Critical | Release Notes | Security Update | CVE-2023-29328 |
| Microsoft Teams for iOS | Remote Code Execution | Critical | Release Notes | Security Update | CVE-2023-29328 |
| Microsoft Visual Studio 2022 version 17.4 | Denial of Service | Important | Release Notes | Security Update | CVE-2023-38178 |
| Microsoft Visual Studio 2022 version 17.2 | Denial of Service | Important | Release Notes | Security Update | CVE-2023-38178 |
| Microsoft Visual Studio 2022 version 17.6 | Denial of Service | Important | Release Notes | Security Update | CVE-2023-38180 |
| Microsoft ODBC Driver 18 for SQL Server on Windows | Remote Code Execution | Important | Release Notes | Security Update | CVE-2023-38169 |
| Microsoft ODBC Driver 17 for SQL Server on Windows | Remote Code Execution | Important | Release Notes | Security Update | CVE-2023-38169 |
| Microsoft SQL Server 2019 for x64-based Systems (CU 21) | Remote Code Execution | Important | 5025808 | Security Update | CVE-2023-38169 |
| Microsoft ODBC Driver 18 for SQL Server on MacOS | Remote Code Execution | Important | Release Notes | Security Update | CVE-2023-38169 |
| Microsoft ODBC Driver 17 for SQL Server on Linux | Remote Code Execution | Important | Release Notes | Security Update | CVE-2023-38169 |
| Microsoft SQL Server 2022 for x64-based Systems (CU 5) | Remote Code Execution | Important | 5026806 | Security Update | CVE-2023-38169 |
| Microsoft ODBC Driver 17 for SQL Server on MacOS | Remote Code Execution | Important | Release Notes | Security Update | CVE-2023-38169 |
| Microsoft ODBC Driver 18 for SQL Server on Linux | Remote Code Execution | Important | Release Notes | Security Update | CVE-2023-38169 |
| Microsoft OLE DB Driver 18 for SQL Server | Remote Code Execution | Important | Release Notes | Security Update | CVE-2023-38169 |
| Microsoft OLE DB Driver 19 for SQL Server | Remote Code Execution | Important | Release Notes | Security Update | CVE-2023-38169 |
| .NET 7.0 | Information Disclosure | Important | 5029689 | Security Update | CVE-2023-35391 |
| HEVC Video Extensions | Remote Code Execution | Important | Description | Security Update | CVE-2023-38170 |
| HEVC Video Extension | Remote Code Execution | Important | VLSC | Security Update | CVE-2023-38170 |
| Visual Studio 2010 Tools for Office Runtime | Spoofing | Important | 5029497 | Security Update | CVE-2023-36897 |
| Windows Server 2012 R2 (Server Core installation) | Denial of Service | Important | 5029312 | Monthly Rollup | CVE-2023-38172 |
| Windows Server 2012 R2 (Server Core installation) | Denial of Service | Important | 5029304 | Security Only | CVE-2023-38172 |
| Windows Server 2012 R2 | Denial of Service | Important | 5029312 | Monthly Rollup | CVE-2023-38172 |
| Windows Server 2012 R2 | Denial of Service | Important | 5029304 | Security Only | CVE-2023-38172 |
| Windows Server 2012 (Server Core installation) | Denial of Service | Important | 5029295 | Monthly Rollup | CVE-2023-38172 |
| Windows Server 2012 (Server Core installation) | Denial of Service | Important | 5029308 | Security Only | CVE-2023-38172 |
| Windows Server 2012 | Denial of Service | Important | 5029295 | Monthly Rollup | CVE-2023-38172 |
| Windows Server 2012 | Denial of Service | Important | 5029308 | Security Only | CVE-2023-38172 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | Denial of Service | Important | 5029296 | Monthly Rollup | CVE-2023-38172 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | Denial of Service | Important | 5029307 | Security Only | CVE-2023-38172 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | Denial of Service | Important | 5029296 | Monthly Rollup | CVE-2023-38172 |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | Denial of Service | Important | 5029307 | Security Only | CVE-2023-38172 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | Denial of Service | Important | 5029318 | Monthly Rollup | CVE-2023-38172 |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | Denial of Service | Important | 5029301 | Security Only | CVE-2023-38172 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | Denial of Service | Important | 5029318 | Monthly Rollup | CVE-2023-38172 |
| Windows Server 2008 for x64-based Systems Service Pack 2 | Denial of Service | Important | 5029301 | Security Only | CVE-2023-38172 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | Denial of Service | Important | 5029318 | Monthly Rollup | CVE-2023-38172 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | Denial of Service | Important | 5029301 | Security Only | CVE-2023-38172 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | Denial of Service | Important | 5029318 | Monthly Rollup | CVE-2023-38172 |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | Denial of Service | Important | 5029301 | Security Only | CVE-2023-38172 |
| Windows Server 2016 (Server Core installation) | Denial of Service | Important | 5029242 | Security Update | CVE-2023-38172 |
| Windows Server 2016 | Denial of Service | Important | 5029242 | Security Update | CVE-2023-38172 |
| Windows 10 Version 1607 for x64-based Systems | Denial of Service | Important | 5029242 | Security Update | CVE-2023-38172 |
| Windows 10 Version 1607 for 32-bit Systems | Denial of Service | Important | 5029242 | Security Update | CVE-2023-38172 |
| Windows 10 for x64-based Systems | Denial of Service | Important | 5029259 | Security Update | CVE-2023-38172 |
| Windows 10 for 32-bit Systems | Denial of Service | Important | 5029259 | Security Update | CVE-2023-38172 |
| Windows 10 Version 22H2 for 32-bit Systems | Denial of Service | Important | 5029244 | Security Update | CVE-2023-38172 |
| Windows 10 Version 22H2 for ARM64-based Systems | Denial of Service | Important | 5029244 | Security Update | CVE-2023-38172 |
| Windows 10 Version 22H2 for x64-based Systems | Denial of Service | Important | 5029244 | Security Update | CVE-2023-38172 |
| Windows 11 Version 22H2 for x64-based Systems | Denial of Service | Important | 5029263 | Security Update | CVE-2023-38172 |
| Windows 11 Version 22H2 for ARM64-based Systems | Denial of Service | Important | 5029263 | Security Update | CVE-2023-38172 |
| Windows 10 Version 21H2 for x64-based Systems | Denial of Service | Important | 5029244 | Security Update | CVE-2023-38172 |
| Windows 10 Version 21H2 for ARM64-based Systems | Denial of Service | Important | 5029244 | Security Update | CVE-2023-38172 |
| Windows 10 Version 21H2 for 32-bit Systems | Denial of Service | Important | 5029244 | Security Update | CVE-2023-38172 |
| Windows 11 version 21H2 for ARM64-based Systems | Denial of Service | Important | 5029253 | Security Update | CVE-2023-38172 |
| Windows 11 version 21H2 for x64-based Systems | Denial of Service | Important | 5029253 | Security Update | CVE-2023-38172 |
| Windows Server 2022 (Server Core installation) | Denial of Service | Important | 5029250 | Security Update | CVE-2023-38172 |
| Windows Server 2022 (Server Core installation) | Denial of Service | Important | 5029367 | Security Hotpatch Update | CVE-2023-38172 |
| Windows Server 2022 | Denial of Service | Important | 5029250 | Security Update | CVE-2023-38172 |
| Windows Server 2022 | Denial of Service | Important | 5029367 | Security Hotpatch Update | CVE-2023-38172 |
| Windows Server 2019 (Server Core installation) | Denial of Service | Important | 5029247 | Security Update | CVE-2023-38172 |
| Windows Server 2019 | Denial of Service | Important | 5029247 | Security Update | CVE-2023-38172 |
| Windows 10 Version 1809 for ARM64-based Systems | Denial of Service | Important | 5029247 | Security Update | CVE-2023-38172 |
| Windows 10 Version 1809 for x64-based Systems | Denial of Service | Important | 5029247 | Security Update | CVE-2023-38172 |
| Windows 10 Version 1809 for 32-bit Systems | Denial of Service | Important | 5029247 | Security Update | CVE-2023-38172 |
| Azure HDInsights | Spoofing | Important | Release Notes | Security Update | CVE-2023-36881 |
| Microsoft Exchange Server 2019 Cumulative Update 12 | Remote Code Execution | Important | 5029388 | Security Update | CVE-2023-35368 |
| Microsoft Exchange Server 2016 Cumulative Update 23 | Remote Code Execution | Important | 5029388 | Security Update | CVE-2023-35368 |
| Microsoft Exchange Server 2019 Cumulative Update 13 | Remote Code Execution | Important | 5029388 | Security Update | CVE-2023-35368 |
| Microsoft Office 2019 for 32-bit editions | Remote Code Execution | Important | Click to Run | Security Update | CVE-2023-35372 |
| Microsoft Office 2019 for 64-bit editions | Remote Code Execution | Important | Click to Run | Security Update | CVE-2023-35372 |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Remote Code Execution | Important | Click to Run | Security Update | CVE-2023-35372 |
| Microsoft Office LTSC 2021 for 32-bit editions | Remote Code Execution | Important | Click to Run | Security Update | CVE-2023-35372 |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Remote Code Execution | Important | Click to Run | Security Update | CVE-2023-35372 |
| Microsoft Office LTSC 2021 for 64-bit editions | Remote Code Execution | Important | Click to Run | Security Update | CVE-2023-35372 |
| .NET 6.0 | Information Disclosure | Important | 5029688 | Security Update | CVE-2023-35391 |
| ASP.NET Core 2.1 | Information Disclosure | Important | Release Notes | Security Update | CVE-2023-35391 |
| Microsoft Dynamics 365 (on-premises) version 9.1 | Remote Code Execution | Important | 5026501 | Security Update | CVE-2023-35389 |
| Microsoft Dynamics 365 (on-premises) version 9.0 | Remote Code Execution | Important | 5026500 | Security Update | CVE-2023-35389 |
| Windows Server 2012 R2 (Server Core installation) | Security Feature Bypass | Important | 5029243 | IE Cumulative | CVE-2023-35384 |
| Windows Server 2012 R2 | Security Feature Bypass | Important | 5029243 | IE Cumulative | CVE-2023-35384 |
| Microsoft Excel 2013 Service Pack 1 (64-bit editions) | Remote Code Execution | Important | 5002451 | Security Update | CVE-2023-36896 |
| Microsoft Excel 2013 Service Pack 1 (32-bit editions) | Remote Code Execution | Important | 5002451 | Security Update | CVE-2023-36896 |
| Microsoft Excel 2013 RT Service Pack 1 | Remote Code Execution | Important | 5002451 | Security Update | CVE-2023-36896 |
| Microsoft Excel 2016 (64-bit edition) | Remote Code Execution | Important | 5002463 | Security Update | CVE-2023-36896 |
| Microsoft Excel 2016 (32-bit edition) | Remote Code Execution | Important | 5002463 | Security Update | CVE-2023-36896 |
| Microsoft Office LTSC for Mac 2021 | Remote Code Execution | Important | CVE-2023-36896 | ||
| Microsoft Office Online Server | Remote Code Execution | Important | 5002435 | Security Update | CVE-2023-36896 |
| Microsoft Office 2019 for Mac | Remote Code Execution | Important | CVE-2023-36896 | ||
| Microsoft Office 2013 Service Pack 1 (64-bit editions) | Remote Code Execution | Critical | 5002445 | Security Update | CVE-2023-36895 |
| Microsoft Office 2013 Service Pack 1 (32-bit editions) | Remote Code Execution | Critical | 5002445 | Security Update | CVE-2023-36895 |
| Microsoft Office 2013 RT Service Pack 1 | Remote Code Execution | Critical | 5002445 | Security Update | CVE-2023-36895 |
| Microsoft Office 2016 (64-bit edition) | Remote Code Execution | Critical | 5002464 | Security Update | CVE-2023-36895 |
| Microsoft Office 2016 (32-bit edition) | Remote Code Execution | Critical | 5002464 | Security Update | CVE-2023-36895 |
| Microsoft Outlook 2013 RT Service Pack 1 | Spoofing | Important | 5002449 | Security Update | CVE-2023-36893 |
| Microsoft SharePoint Server Subscription Edition | Information Disclosure | Important | 5002437 | Security Update | CVE-2023-36894 |
| Microsoft SharePoint Server 2019 | Information Disclosure | Important | 5002436 | Security Update | CVE-2023-36894 |
| Microsoft SharePoint Server 2019 | Information Disclosure | Important | 5002422 | Security Update | CVE-2023-36894 |
| Microsoft SharePoint Enterprise Server 2016 | Information Disclosure | Important | 5002453 | Security Update | CVE-2023-36894 |
| Microsoft SharePoint Enterprise Server 2016 | Information Disclosure | Important | 5002398 | Security Update | CVE-2023-36894 |
| Microsoft Outlook 2013 Service Pack 1 (64-bit editions) | Spoofing | Important | 5002449 | Security Update | CVE-2023-36893 |
| Microsoft Outlook 2013 Service Pack 1 (32-bit editions) | Spoofing | Important | 5002449 | Security Update | CVE-2023-36893 |
| Microsoft Outlook 2016 (64-bit edition) | Spoofing | Important | 5002459 | Security Update | CVE-2023-36893 |
| Microsoft Outlook 2016 (32-bit edition) | Spoofing | Important | 5002459 | Security Update | CVE-2023-36893 |
| Azure DevOps Server 2022.0.1 | Spoofing | Important | Release Notes | Security Update | CVE-2023-36869 |
| Azure DevOps Server 2020.1.2 | Spoofing | Important | Release Notes | Security Update | CVE-2023-36869 |
| Azure DevOps Server 2019.1.2 | Spoofing | Important | Release Notes | Security Update | CVE-2023-36869 |
| Memory Integrity System Readiness Scan Tool | Defense in Depth | Moderate | Release Notes | Update | ADV230004 |
| Microsoft Word 2013 Service Pack 1 (64-bit editions) | Defense in Depth | Moderate | 5002445 | Security Update | ADV230003 |
| Microsoft Word 2013 Service Pack 1 (32-bit editions) | Defense in Depth | Moderate | 5002445 | Security Update | ADV230003 |
| Microsoft Word 2013 RT Service Pack 1 | Defense in Depth | Moderate | 5002445 | Security Update | ADV230003 |
| Microsoft Publisher 2013 Service Pack 1 (64-bit editions) | Defense in Depth | Moderate | 5002391 | Security Update | ADV230003 |
| Microsoft Publisher 2013 Service Pack 1 (32-bit editions) | Defense in Depth | Moderate | 5002391 | Security Update | ADV230003 |
| Microsoft Office 2013 Service Pack 1 (64-bit editions) | Defense in Depth | Moderate | 5002439 | Security Update | ADV230003 |
| Microsoft Office 2013 Service Pack 1 (32-bit editions) | Defense in Depth | Moderate | 5002439 | Security Update | ADV230003 |
| Microsoft Office 2013 RT Service Pack 1 | Defense in Depth | Moderate | 5002439 | Security Update | ADV230003 |
| Microsoft Project 2016 (64-bit edition) | Defense in Depth | Moderate | 5002328 | Security Update | ADV230003 |
| Microsoft Project 2016 (32-bit edition) | Defense in Depth | Moderate | 5002328 | Security Update | ADV230003 |
| Microsoft Publisher 2016 (64-bit edition) | Defense in Depth | Moderate | 5002462 | Security Update | ADV230003 |
| Microsoft Publisher 2016 (32-bit edition) | Defense in Depth | Moderate | 5002462 | Security Update | ADV230003 |
| Microsoft Word 2016 (64-bit edition) | Defense in Depth | Moderate | 5002464 | Security Update | ADV230003 |
| Microsoft Word 2016 (32-bit edition) | Defense in Depth | Moderate | 5002464 | Security Update | ADV230003 |
| Microsoft Visio 2016 (64-bit edition) | Defense in Depth | Moderate | 5002418 | Security Update | ADV230003 |
| Microsoft Visio 2016 (32-bit edition) | Defense in Depth | Moderate | 5002418 | Security Update | ADV230003 |
| Microsoft PowerPoint 2016 (64-bit edition) | Defense in Depth | Moderate | 4504720 | Security Update | ADV230003 |
| Microsoft PowerPoint 2016 (32-bit edition) | Defense in Depth | Moderate | 4504720 | Security Update | ADV230003 |
| Microsoft Office 2016 (64-bit edition) | Defense in Depth | Moderate | 5002465 | Security Update | ADV230003 |
| Microsoft Office 2016 (32-bit edition) | Defense in Depth | Moderate | 5002465 | Security Update | ADV230003 |
| Microsoft Visio 2013 Service Pack 1 (64-bit editions) | Defense in Depth | Moderate | 5002417 | Security Update | ADV230003 |
| Microsoft Visio 2013 Service Pack 1 (32-bit editions) | Defense in Depth | Moderate | 5002417 | Security Update | ADV230003 |
| Microsoft PowerPoint 2013 RT Service Pack 1 | Defense in Depth | Moderate | 5002399 | Security Update | ADV230003 |
| Microsoft PowerPoint 2013 Service Pack 1 (64-bit editions) | Defense in Depth | Moderate | 5002399 | Security Update | ADV230003 |
| Microsoft PowerPoint 2013 Service Pack 1 (32-bit editions) | Defense in Depth | Moderate | 5002399 | Security Update | ADV230003 |
| Microsoft Publisher 2013 Service Pack 1 RT | Defense in Depth | Moderate | 5002391 | Security Update | ADV230003 |
| Microsoft Project 2013 Service Pack 1 (64-bit editions) | Defense in Depth | Moderate | 4484489 | Security Update | ADV230003 |
| Microsoft Project 2013 Service Pack 1 (32-bit editions) | Defense in Depth | Moderate | 4484489 | Security Update | ADV230003 |
| Azure Arc-Enabled Servers | Elevation of Privilege | Important | Release Notes | Security Update | CVE-2023-38176 |
| Microsoft Visual Studio 2019 version 16.11 (includes 16.0 – 16.10) | Spoofing | Important | Release Notes | Security Update | CVE-2023-36897 |
| Microsoft Visual Studio 2017 version 15.9 (includes 15.0 – 15.8) | Spoofing | Important | Release Notes | Security Update | CVE-2023-36897 |
| Windows Defender Antimalware Platform | Elevation of Privilege | Important | Release Notes | Security Update | CVE-2023-38175 |
| Microsoft Teams for Desktop | Remote Code Execution | Critical | Release Notes | Security Update | CVE-2023-29328 |
| Microsoft Edge (Chromium-based) | Release Notes | Security Update | CVE-2023-4078 | ||
| Microsoft Edge for Android | Spoofing | Moderate | Release Notes | Security Update | CVE-2023-38173 |
| Microsoft Edge (Chromium-based) Extended Stable | Release Notes | Security Update | CVE-2023-3730 | ||
| Microsoft Edge for iOS | Spoofing | Moderate | Release Notes | Security Update | CVE-2023-36883 |
Quality and experience updates
For users running Windows 11 version 22H2, today’s KB5029263 patch includes the following quality improvements:
- Brightness settings should be more accurate
- Microsoft fixed an issue causing certain display and audio devices to go missing after systems resume from sleep.
- Users connecting to the Internet via VPN on a wireless mesh network should no longer experience poor network performance.
- A bug causing widgets to unexpectedly unpin from the taskbar has also been fixed.
For Windows 10 users, the KB5029244 update is now available on the versions 21H2 and 22H2 of the OS. It includes the following improvements:
- Microsoft fixed an issue causing certain display and audio devices to go missing after systems resume from sleep.
- Microsoft addressed an issue causing some VPN clients to fail to establish a connection.
- Users should no longer have an issue with the Search app opening in full screen and blocking additional Start Menu actions.
- Microsoft has also fixed an issue affecting hybrid joined devices with Windows Hello for Business PIN or biometric credentials. Users could not sign in to them if they were not connected to the internet.
Windows Update testing and best practices
Organizations looking to deploy this month’s patches should conduct thorough testing before deploying them widely on production systems. That said, applying the patches widely shouldn’t be delayed longer than necessary as hackers start to work out how to weaponize newly reported vulnerabilities.
A best practice is to make sure you have backed up systems before applying updates. Every month, users experience issues with Windows updates that lead to systems not booting, application and hardware compatibility issues, or even data loss in extreme cases.
There are backup tools built into Windows and Windows Server that you can use to restore systems in the event a patch causes a problem. The backup features in Windows can be used to restore an entire system, or files and folders on a granular basis.
If you have any problems with this month’s patches, please let us know in the comments below. Other readers might be able to share their experiences in how to roll back problematic updates or mitigate issues caused by patches that are important to have in place.