Posts: 13,295
Threads: 9,036
Thanks Received: 8,861 in 7,016 posts
Thanks Given: 9,809
Joined: 12 September 18
11 October 23, 08:35
Quote:The Windows Security Updates for October 2023 are now available. It is a big update for a number of reasons. First, because several Windows products have reached end of support. Second, because the update for Windows 11 includes new features, including Windows Copilot and the new Windows Backup app, that will be available to users of the operating system.
Our overview focuses on the security patches that Microsoft released for Windows. It is a monthly analysis of the Microsoft Patch Day that begins with an executive summary. A list of Windows products follows that lists how each version is affected by this month's security updates.
The guide lists other security and non security updates, links to official support websites and resources, and includes links to direct downloads and other download options.
You may check out the overview for September 2023 here.
Microsoft Windows Security Updates: October 2023
![[Image: windows-updates-october-2023.png]](https://www.ghacks.net/wp-content/uploads/2023/10/windows-updates-october-2023.png)
Here is a link to an Excel spreadsheet that lists information about the released security updates on the October 2023 Microsoft Patch Day. Activate the following link to download an archive file that contains the spreadsheet: windows-security-updates-october-2023
Executive Summary- Windows 11 version 21H2 is no longer supported. Upgrades to Windows 11 version 22H2 are available.
- Windows Server 2012 and 2012 R2 have reached end of support today. Microsoft won't release security updates for these Server versions anymore, unless organizations purchase Extended Security Updates subscriptions or migrate their servers to Azure. Microsoft guarantees three years of additional security updates in this year.
- Microsoft fixed 103 unique vulnerabilities in Microsoft products as well as two vulnerabilities in non-Microsoft products on this Patch Tuesday.
- Windows clients have no known issues according to Microsoft.
- Windows Server clients 2008, 2008 R2 and 2022 affected by known issues.
Each supported version of Windows and their critical vulnerabilities are listed below.- Windows 10 version 22H2: 73 vulnerabilities, 12 critical and 61 important.
- Layer 2 Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2023-38166
- Layer 2 Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2023-41765
- Layer 2 Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2023-41767
- Layer 2 Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2023-41768
- Layer 2 Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2023-41769
- Layer 2 Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2023-41770
- Layer 2 Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2023-41771
- Layer 2 Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2023-41773
- Layer 2 Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2023-41774
- Microsoft Message Queuing Remote Code Execution Vulnerability -- CVE-2023-35349
- Microsoft Message Queuing Remote Code Execution Vulnerability -- CVE-2023-36697
- Microsoft Virtual Trusted Platform Module Remote Code Execution Vulnerability -- CVE-2023-36718
- Windows 11 version 21H2: 75 vulnerabilities, 12 critical and 63 important
- same as Windows 10 version 22H2
- Windows 11 version 22H2: 75 vulnerabilities, 12 critical and 63 important
- same as Windows 10 version 22H2
Windows Server products- Windows Server 2008 R2 (extended support only): 56 vulnerabilities: 11 critical and 45 important
- Layer 2 Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2023-38166
- Layer 2 Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2023-41765
- Layer 2 Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2023-41767
- Layer 2 Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2023-41768
- Layer 2 Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2023-41769
- Layer 2 Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2023-41770
- Layer 2 Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2023-41771
- Layer 2 Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2023-41773
- Layer 2 Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2023-41774
- Microsoft Message Queuing Remote Code Execution Vulnerability -- CVE-2023-35349
- Microsoft Message Queuing Remote Code Execution Vulnerability -- CVE-2023-36697
- Windows Server 2012 R2: 61 vulnerabilities: 11 critical and 50 important
- Same critical vulnerabilities as Server 2008 R2.
- Windows Server 2016: 70 vulnerabilities: 12 critical and 58 important
- Same critical vulnerabilities as Server 2008 R2, plus
- Microsoft Virtual Trusted Platform Module Remote Code Execution Vulnerability -- CVE-2023-36718
- Windows Server 2019: 78 vulnerabilities: 12 critical and 66 important
- Same critical vulnerabilities as Server 2016
- Windows Server 2022: 79 vulnerabilities: 12 critical and 67 important.
- Same critical vulnerabilities as Server 2016
The three 0-day vulnerabilities are:- CVE-2023-36563 -- Microsoft WordPad Information Disclosure Vulnerability
- CVE-2023-41763 -- Skype for Business Elevation of Privilege Vulnerability
- CVE-2023-44487 -- MITRE: CVE-2023-44487 HTTP/2 Rapid Reset Attack
...
Continue Reading
The Windows October 2023 security updates fix three 0-day vulnerabilities
![[-]](https://www.geeks.fyi/images/collapse.png "[-]")
