September update - August's testing of patches is deemed complete, and there have been no known issues reported by testing teams relating to any of the Hyland products.
The following is a summary of Microsoft's Security Bulletin Guide for August, 2023. Hyland has downloaded these patches and applied them to our R&D Infrastructure. We will be performing SCR, automated, and regression testing in environments containing these patches over the next month. If no issues have been found or reported, we will deem testing to be complete.
The testing is not all-inclusive; issues may still be found upon implementation. Follow best practices for testing and installing software updates/patches in a development environment before implementing the updates in a production environment. Where applicable, the updates are tested on all supported Windows platforms with the latest OnBase® version.
Tag | CVE | Base Score | CVSS Vector | Exploitability | FAQs? | Workarounds? | Mitigations? |
---|---|---|---|---|---|---|---|
Microsoft Office | ADV230003 | Exploitation Detected | No | No | No | ||
Memory Integrity System Readiness Scan Tool | ADV230004 | Exploitation Detected | No | No | No | ||
Microsoft Exchange Server | CVE-2023-21709 | 9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
Microsoft Teams | CVE-2023-29328 | 8.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
Microsoft Teams | CVE-2023-29330 | 8.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
Windows Kernel | CVE-2023-35359 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation More Likely | Yes | No | No |
Microsoft Exchange Server | CVE-2023-35368 | 8.8 | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
Microsoft Office Excel | CVE-2023-35371 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
Microsoft Office Visio | CVE-2023-35372 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
Windows Message Queuing | CVE-2023-35376 | 6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
Windows Message Queuing | CVE-2023-35377 | 6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
Windows Projected File System | CVE-2023-35378 | 7.0 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | Yes |
Windows Reliability Analysis Metrics Calculation Engine | CVE-2023-35379 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
Windows Kernel | CVE-2023-35380 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation More Likely | Yes | No | No |
Windows Fax and Scan Service | CVE-2023-35381 | 8.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
Windows Kernel | CVE-2023-35382 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation More Likely | Yes | No | No |
Windows Message Queuing | CVE-2023-35383 | 7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
Windows HTML Platform | CVE-2023-35384 | 5.4 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C | Exploitation More Likely | Yes | No | No |
Windows Message Queuing | CVE-2023-35385 | 9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | Yes |
Windows Kernel | CVE-2023-35386 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation More Likely | Yes | No | No |
Windows Bluetooth A2DP driver | CVE-2023-35387 | 8.8 | CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
Microsoft Exchange Server | CVE-2023-35388 | 8.0 | CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation More Likely | Yes | No | No |
Microsoft Dynamics | CVE-2023-35389 | 6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
.NET Core | CVE-2023-35390 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
ASP.NET and Visual Studio | CVE-2023-35391 | 7.1 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
Azure HDInsights | CVE-2023-35393 | 4.5 | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
Azure HDInsights | CVE-2023-35394 | 4.6 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
Microsoft Office Visio | CVE-2023-36865 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
Microsoft Office Visio | CVE-2023-36866 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
Azure DevOps | CVE-2023-36869 | 6.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
.NET Framework | CVE-2023-36873 | 7.4 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
Reliability Analysis Metrics Calculation Engine | CVE-2023-36876 | 7.1 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
Azure HDInsights | CVE-2023-36877 | 4.5 | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
Azure HDInsights | CVE-2023-36881 | 4.5 | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
Microsoft WDAC OLE DB provider for SQL | CVE-2023-36882 | 8.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | Yes |
Windows Group Policy | CVE-2023-36889 | 5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
Microsoft Office SharePoint | CVE-2023-36890 | 6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
Microsoft Office SharePoint | CVE-2023-36891 | 8.0 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
Microsoft Office SharePoint | CVE-2023-36892 | 8.0 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
Microsoft Office Outlook | CVE-2023-36893 | 6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
Microsoft Office SharePoint | CVE-2023-36894 | 6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
Microsoft Office Outlook | CVE-2023-36895 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
Microsoft Office Excel | CVE-2023-36896 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
Microsoft Office | CVE-2023-36897 | 8.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
Tablet Windows User Interface | CVE-2023-36898 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
ASP.NET | CVE-2023-36899 | 7.5 | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
Windows Common Log File System Driver | CVE-2023-36900 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation More Likely | Yes | No | No |
Windows System Assessment Tool | CVE-2023-36903 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
Windows Cloud Files Mini Filter Driver | CVE-2023-36904 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
Windows Wireless Wide Area Network Service | CVE-2023-36905 | 5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
Windows Cryptographic Services | CVE-2023-36906 | 5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
Windows Cryptographic Services | CVE-2023-36907 | 5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
Role: Windows Hyper-V | CVE-2023-36908 | 5.7 | CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
Windows Message Queuing | CVE-2023-36909 | 6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
Windows Message Queuing | CVE-2023-36910 | 9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | Yes |
Windows Message Queuing | CVE-2023-36911 | 9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | Yes |
Windows Message Queuing | CVE-2023-36912 | 7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | No | No | No |
Windows Message Queuing | CVE-2023-36913 | 6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
Windows Smart Card | CVE-2023-36914 | 5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
Windows Kernel | CVE-2023-38154 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Unlikely | Yes | No | No |
Microsoft Edge (Chromium-based) | CVE-2023-38157 | 6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
Dynamics Business Central Control | CVE-2023-38167 | 7.2 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
SQL Server | CVE-2023-38169 | 8.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C | Exploitation Less Likely | Yes | No | No |
Microsoft Windows Codecs Library | CVE-2023-38170 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
Windows Message Queuing | CVE-2023-38172 | 7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | No | No | No |
Windows Defender | CVE-2023-38175 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
Azure Arc | CVE-2023-38176 | 7.0 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
.NET Core | CVE-2023-38178 | 7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | No | No | No |
ASP .NET | CVE-2023-38180 | 7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C | Exploitation More Likely | No | No | No |
Microsoft Exchange Server | CVE-2023-38181 | 8.8 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
Microsoft Exchange Server | CVE-2023-38182 | 8.0 | CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation More Likely | Yes | No | No |
Windows LDAP - Lightweight Directory Access Protocol | CVE-2023-38184 | 7.5 | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
Microsoft Exchange Server | CVE-2023-38185 | 8.8 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
Windows Mobile Device Management | CVE-2023-38186 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
Azure HDInsights | CVE-2023-38188 | 4.5 | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
Windows Message Queuing | CVE-2023-38254 | 6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C | Exploitation Less Likely | Yes | No | No |
CNA | Tag | CVE | FAQs? | Workarounds? | Mitigations? |
---|---|---|---|---|---|
Advanced Micro Devices Inc. | Microsoft Windows | CVE-2023-20569 | Yes | No | No |
Chrome | Microsoft Edge (Chromium-based) | CVE-2023-4068 | Yes | No | No |
Chrome | Microsoft Edge (Chromium-based) | CVE-2023-4069 | Yes | No | No |
Chrome | Microsoft Edge (Chromium-based) | CVE-2023-4070 | Yes | No | No |
Chrome | Microsoft Edge (Chromium-based) | CVE-2023-4071 | Yes | No | No |
Chrome | Microsoft Edge (Chromium-based) | CVE-2023-4072 | Yes | No | No |
Chrome | Microsoft Edge (Chromium-based) | CVE-2023-4073 | Yes | No | No |
Chrome | Microsoft Edge (Chromium-based) | CVE-2023-4074 | Yes | No | No |
Chrome | Microsoft Edge (Chromium-based) | CVE-2023-4075 | Yes | No | No |
Chrome | Microsoft Edge (Chromium-based) | CVE-2023-4076 | Yes | No | No |
Chrome | Microsoft Edge (Chromium-based) | CVE-2023-4077 | Yes | No | No |
Chrome | Microsoft Edge (Chromium-based) | CVE-2023-4078 | Yes | No | No |
Date | Blog Post |
---|---|
January 11, 2022 | Coming Soon: New Security Update Guide Notification System |
February 9, 2021 | Continuing to Listen: Good News about the Security Update Guide API |
January 13, 2021 | Security Update Guide Supports CVEs Assigned by Industry Partners |
December 8, 2020 | Security Update Guide: Let’s keep the conversation going |
November 9, 2020 | Vulnerability Descriptions in the New Version of the Security Update Guide |
You can see these in more detail from the Deployments tab by selecting Known Issues column in the Edit Columns panel.
For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).
KB Article | Applies To |
---|---|
5002398 | SharePoint Enterprise Server 2016 Language Pack |
5002422 | SharePoint Server 2019 Language Pack |
5002436 | SharePoint Server 2019 |
5002437 | SharePoint Server Subscription Edition |
5002453 | SharePoint Enterprise Server 2016 |
5029244 | Windows 10, version 21H2, Windows 10, version 22H2 |
5029247 | Windows 10, version 1809, Windows Server 2019 |
5029250 | Windows Server 2022 |
5029263 | Windows 11, version 22H2 |
5029296 | Windows Server 2008 R2 (Monthly Rollup) |
5029301 | Windows Server 2008 (Security-only update) |
5029307 | Windows Server 2008 R2 (Security-only update) |
5029318 | Windows Server 2008 (Monthly Rollup) |
5029388 | Exchange Server 2019, and 2016 |
Hyland Software - Microsoft Updates Statement
Hyland Software is dedicated to ensuring the monthly cumulative updates released by Microsoft® are compatible with OnBase®. On the second Tuesday of each month, the Quality Assurance Department of Hyland Software evaluates the cumulative fixes released and labeled as Critical or Important by Microsoft®. The details of the update provided by Microsoft are reviewed for interaction with OnBase® and installed when appropriate for testing its compatibility with OnBase®.