This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

September 2023 Microsoft Security Guide

Freddie_Jimenez
Content Contributor
Content Contributor
‎10-19-2023 12:43 PM

 

October update - September's testing of patches is deemed complete, and there have been no known issues reported by testing teams relating to any of the Hyland products.

 

The following is a summary of Microsoft's Security Bulletin Guide for September, 2023. Hyland has downloaded these patches and applied them to our R&D Infrastructure. We will be performing SCR, automated, and regression testing in environments containing these patches over the next month. If no issues have been found or reported, we will deem testing to be complete.

 

The testing is not all-inclusive; issues may still be found upon implementation. Follow best practices for testing and installing software updates/patches in a development environment before implementing the updates in a production environment. Where applicable, the updates are tested on all supported Windows platforms with the latest OnBase® version.

 

September 2023 Security Updates

This release consists of the following 59 Microsoft CVEs:

TagCVEBase ScoreCVSS VectorExploitabilityFAQs?Workarounds?Mitigations?
Microsoft Azure Kubernetes ServiceCVE-2023-293327.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Azure DevOpsCVE-2023-331368.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:T/RC:CExploitation Less LikelyYesNoNo
Windows Cloud Files Mini Filter DriverCVE-2023-353557.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Microsoft Identity Linux BrokerCVE-2023-367364.4CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
3D ViewerCVE-2023-367397.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation UnlikelyYesNoNo
3D ViewerCVE-2023-367407.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation UnlikelyYesNoNo
Visual Studio CodeCVE-2023-367427.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Microsoft Exchange ServerCVE-2023-367448.0CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation More LikelyYesNoNo
Microsoft Exchange ServerCVE-2023-367458.0CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation More LikelyYesNoNo
Microsoft Exchange ServerCVE-2023-367568.0CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation More LikelyYesNoNo
Microsoft Exchange ServerCVE-2023-367578.0CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Visual StudioCVE-2023-367587.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Visual StudioCVE-2023-367596.7CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
3D ViewerCVE-2023-367607.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Microsoft Office WordCVE-2023-367616.2CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:CExploitation DetectedYesNoNo
Microsoft Office WordCVE-2023-367627.3CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:CExploitation UnlikelyYesNoNo
Microsoft Office OutlookCVE-2023-367637.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Microsoft Office SharePointCVE-2023-367648.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Microsoft OfficeCVE-2023-367657.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Microsoft Office ExcelCVE-2023-367667.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Microsoft OfficeCVE-2023-367674.3CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
3D BuilderCVE-2023-367707.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
3D BuilderCVE-2023-367717.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
3D BuilderCVE-2023-367727.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
3D BuilderCVE-2023-367737.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Microsoft Exchange ServerCVE-2023-367775.7CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:CExploitation More LikelyYesNoNo
.NET FrameworkCVE-2023-367887.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
.NET and Visual StudioCVE-2023-367927.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
.NET and Visual StudioCVE-2023-367937.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
.NET and Visual StudioCVE-2023-367947.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
.NET and Visual StudioCVE-2023-367967.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
.NET Core & Visual StudioCVE-2023-367996.5CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Microsoft Dynamics Finance & OperationsCVE-2023-368007.6CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows DHCP ServerCVE-2023-368015.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:CExploitation Less LikelyYesNoYes
Microsoft Streaming ServiceCVE-2023-368027.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation DetectedYesNoNo
Windows KernelCVE-2023-368035.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows GDICVE-2023-368047.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation More LikelyYesNoNo
Windows ScriptingCVE-2023-368057.0CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Microsoft DynamicsCVE-2023-368867.6CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows KernelCVE-2023-381397.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows KernelCVE-2023-381405.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows KernelCVE-2023-381417.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows KernelCVE-2023-381427.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation More LikelyYesNoNo
Windows Common Log File System DriverCVE-2023-381437.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation More LikelyYesNoNo
Windows Common Log File System DriverCVE-2023-381447.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation More LikelyYesNoNo
Windows ThemesCVE-2023-381468.8CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Microsoft Windows Codecs LibraryCVE-2023-381478.8CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows Internet Connection Sharing (ICS)CVE-2023-381488.8CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation More LikelyYesNoYes
Windows TCP/IPCVE-2023-381497.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:CExploitation Less LikelyNoYesYes
Windows KernelCVE-2023-381507.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows DHCP ServerCVE-2023-381525.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:CExploitation More LikelyYesNoYes
Azure DevOpsCVE-2023-381557.0CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:CExploitation Less LikelyYesNoNo
Azure HDInsightsCVE-2023-381567.2CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows TCP/IPCVE-2023-381605.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:CExploitation More LikelyYesNoNo
Windows GDICVE-2023-381617.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation More LikelyYesNoNo
Windows DHCP ServerCVE-2023-381627.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:CExploitation Less LikelyNoNoYes
Windows DefenderCVE-2023-381637.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Microsoft DynamicsCVE-2023-381647.6CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Microsoft OfficeCVE-2023-417645.5CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo

We are republising 21 non-Microsoft CVEs:

CNATagCVEFAQs?Workarounds?Mitigations?
Autodesk3D ViewerCVE-2022-41303YesNoNo
ChromeMicrosoft Edge (Chromium-based)CVE-2023-1999YesNoNo
ElectronVisual Studio CodeCVE-2023-39956YesNoNo
ChromeMicrosoft Edge (Chromium-based)CVE-2023-4761YesNoNo
ChromeMicrosoft Edge (Chromium-based)CVE-2023-4762YesNoNo
ChromeMicrosoft Edge (Chromium-based)CVE-2023-4763YesNoNo
ChromeMicrosoft Edge (Chromium-based)CVE-2023-4764YesNoNo
ChromeMicrosoft Edge (Chromium-based)CVE-2023-4863YesNoNo
ChromeMicrosoft Edge (Chromium-based)CVE-2023-4900YesNoNo
ChromeMicrosoft Edge (Chromium-based)CVE-2023-4901YesNoNo
ChromeMicrosoft Edge (Chromium-based)CVE-2023-4902YesNoNo
ChromeMicrosoft Edge (Chromium-based)CVE-2023-4903YesNoNo
ChromeMicrosoft Edge (Chromium-based)CVE-2023-4904YesNoNo
ChromeMicrosoft Edge (Chromium-based)CVE-2023-4905YesNoNo
ChromeMicrosoft Edge (Chromium-based)CVE-2023-4906YesNoNo
ChromeMicrosoft Edge (Chromium-based)CVE-2023-4907YesNoNo
ChromeMicrosoft Edge (Chromium-based)CVE-2023-4908YesNoNo
ChromeMicrosoft Edge (Chromium-based)CVE-2023-4909YesNoNo
ChromeMicrosoft Edge (Chromium-based)CVE-2023-5186YesNoNo
ChromeMicrosoft Edge (Chromium-based)CVE-2023-5187YesNoNo
ChromeMicrosoft Edge (Chromium-based)CVE-2023-5217YesNoNo

Security Update Guide Blog Posts

DateBlog Post
January 11, 2022Coming Soon: New Security Update Guide Notification System
February 9, 2021Continuing to Listen: Good News about the Security Update Guide API
January 13, 2021Security Update Guide Supports CVEs Assigned by Industry Partners
December 8, 2020Security Update Guide: Let’s keep the conversation going
November 9, 2020Vulnerability Descriptions in the New Version of the Security Update Guide

Relevant Resources

  • The new Hotpatching feature is now generally available. Please see Hotpatching feature for Windows Server Azure Edition virtual machines (VMs) for more information.
  • Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
  • Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.
  • A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
  • In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
  • Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.

Known Issues reported by Microsoft

You can see these in more detail from the Deployments tab by selecting Known Issues column in the Edit Columns panel.

For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).

KB ArticleApplies To
5002472SharePoint Server 2019 Core
5002474SharePoint Server Subscription Edition
5002494SharePoint Enterprise Server 2016
5002501SharePoint Enterprise Server 2016
5030216Windows Server 2022
5030261Windows Server 2008 R2 (Security-only update)
5030265Windows Server 2008 R2 (Monthly Rollup)
5030271Windows Server 2008 (Monthly Rollup)
5030286Windows Server 2008 (Security-only update)

Hyland Software - Microsoft Updates Statement

Hyland Software is dedicated to ensuring the monthly cumulative updates released by Microsoft® are compatible with OnBase®. On the second Tuesday of each month, the Quality Assurance Department of Hyland Software evaluates the cumulative fixes released and labeled as Critical or Important by Microsoft®. The details of the update provided by Microsoft are reviewed for interaction with OnBase® and installed when appropriate for testing its compatibility with OnBase®.

0 Kudos
1 Comment
Kiri_Yoshidaya
Confirmed Champ
Confirmed Champ
‎11-29-2023 06:21 PM
‎11-29-2023 06:21 PM

Hi,
It's already the end of November.
Are there any update?

0 Kudos
Copyright © 2024 Khoros, LLC