Contribute to the Windows forum!

Click here to learn more 💡

Windows 11 Forum Top Contributors:

Ramesh Srinivasan - Kapil Arya MVP - neilpzz - RAJU.MSC.MATHEMATICS - _AW_ ✅

Ask a new question

Microsoft October 2023 Security Updates

October 2023 Security Updates

This release consists of the following 103 Microsoft CVEs:

Tag CVE Base Score CVSS Vector Exploitability FAQs? Workarounds? Mitigations?

Windows RDP CVE-2023-29348

Windows Message Queuing CVE-2023-35349

Azure SDK CVE-2023-36414

Azure SDK CVE-2023-36415

Microsoft Dynamics CVE-2023-36416

SQL Server CVE-2023-36417

Azure Real Time Operating System CVE-2023-36418

Azure CVE-2023-36419

SQL Server CVE-2023-36420

Microsoft Dynamics CVE-2023-36429

Windows Message Queuing CVE-2023-36431

Microsoft Dynamics CVE-2023-36433

Windows IIS CVE-2023-36434

Microsoft QUIC CVE-2023-36435

Windows HTML Platform CVE-2023-36436

Windows TCP/IP CVE-2023-36438

Windows HTML Platform CVE-2023-36557

Azure DevOps CVE-2023-36561

Microsoft WordPad CVE-2023-36563

Microsoft Windows Search Component CVE-2023-36564

Microsoft Office CVE-2023-36565

Microsoft Common Data Model SDK CVE-2023-36566

Windows Deployment Services CVE-2023-36567

Microsoft Office CVE-2023-36568

Microsoft Office CVE-2023-36569

Windows Message Queuing CVE-2023-36570

Windows Message Queuing CVE-2023-36571

Windows Message Queuing CVE-2023-36572

Windows Message Queuing CVE-2023-36573

Windows Message Queuing CVE-2023-36574

Windows Message Queuing CVE-2023-36575

Windows Kernel CVE-2023-36576

Microsoft WDAC OLE DB provider for SQL CVE-2023-36577

Windows Message Queuing CVE-2023-36578

Windows Message Queuing CVE-2023-36579

Windows Message Queuing CVE-2023-36581

Windows Message Queuing CVE-2023-36582

Windows Message Queuing CVE-2023-36583

Windows Mark of the Web (MOTW) CVE-2023-36584

Windows Active Template Library CVE-2023-36585

Windows Message Queuing CVE-2023-36589

Windows Message Queuing CVE-2023-36590

Windows Message Queuing CVE-2023-36591

Windows Message Queuing CVE-2023-36592

Windows Message Queuing CVE-2023-36593

Microsoft Graphics Component CVE-2023-36594

Windows Remote Procedure Call CVE-2023-36596

SQL Server CVE-2023-36598

Windows TCP/IP CVE-2023-36602

Windows TCP/IP CVE-2023-36603

Windows Named Pipe File System CVE-2023-36605

Windows Message Queuing CVE-2023-36606

Windows Message Queuing CVE-2023-36697

Windows Kernel CVE-2023-36698

Windows Resilient File System (ReFS) CVE-2023-36701

Windows Microsoft DirectMusic CVE-2023-36702

Windows DHCP Server CVE-2023-36703

Windows Setup Files Cleanup CVE-2023-36704

Windows Deployment Services CVE-2023-36706

Windows Deployment Services CVE-2023-36707

Windows AllJoyn API CVE-2023-36709

Microsoft Windows Media Foundation CVE-2023-36710

Windows Runtime C++ Template Library CVE-2023-36711

Windows Kernel CVE-2023-36712

Windows Common Log File System Driver CVE-2023-36713

Windows TPM CVE-2023-36717

Windows Virtual Trusted Platform Module CVE-2023-36718

Windows Mixed Reality Developer Tools CVE-2023-36720

Windows Error Reporting CVE-2023-36721

Active Directory Domain Services CVE-2023-36722

Windows Container Manager Service CVE-2023-36723

Windows Power Management Service CVE-2023-36724

Windows NT OS Kernel CVE-2023-36725

Windows IKE Extension CVE-2023-36726

SQL Server CVE-2023-36728

Windows Named Pipe File System CVE-2023-36729

SQL Server CVE-2023-36730

Windows Win32K CVE-2023-36731

Windows Win32K CVE-2023-36732

Azure CVE-2023-36737 7

Windows Win32K CVE-2023-36743

Windows Win32K CVE-2023-36776

Microsoft Exchange Server CVE-2023-36778

Skype for Business CVE-2023-36780

SQL Server CVE-2023-36785

Skype for Business CVE-2023-36786

Skype for Business CVE-2023-36789

Windows RDP CVE-2023-36790

Windows Client/Server Runtime Subsystem CVE-2023-36902

Microsoft Graphics Component CVE-2023-38159

Windows Layer 2 Tunneling Protocol CVE-2023-38166

Microsoft QUIC CVE-2023-38171

Skype for Business CVE-2023-41763

Windows Layer 2 Tunneling Protocol CVE-2023-41765

Client Server Run-time Subsystem (CSRSS) CVE-2023-41766

Windows Layer 2 Tunneling Protocol CVE-2023-41767

Windows Layer 2 Tunneling Protocol CVE-2023-41768

Windows Layer 2 Tunneling Protocol CVE-2023-41769

Windows Layer 2 Tunneling Protocol CVE-2023-41770

Windows Layer 2 Tunneling Protocol CVE-2023-41771

Windows Win32K CVE-2023-41772

Windows Layer 2 Tunneling Protocol CVE-2023-41773

Windows Layer 2 Tunneling Protocol CVE-2023-41774

We are republising 2 non-Microsoft CVEs:

CNA Tag CVE FAQs? Workarounds? Mitigations?

MITRE Corporation HTTP/2 CVE-2023-44487

Chrome Microsoft Edge (Chromium-based) CVE-2023-5346

Security Update Guide Blog Posts

Date Blog Post

October 12, 2022 Improvements in Security Update Notifications Delivery - And a New Delivery Method

January 11, 2022 Coming Soon: New Security Update Guide Notification System

February 9, 2021 Continuing to Listen: Good News about the Security Update Guide API

January 13, 2021 Security Update Guide Supports CVEs Assigned by Industry Partners

December 8, 2020 Security Update Guide: Let’s keep the conversation going

November 9, 2020 Vulnerability Descriptions in the New Version of the Security Update Guide

Relevant Resources

The new Hotpatching feature is now generally available. Please see Hotpatching feature for Windows Server Azure Edition virtual machines (VMs) for more information.
Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.
A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.

Known Issues

You can see these in more detail from the Deployments tab by selecting Known Issues column in the Edit Columns panel.

For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).

KB Article Applies To

5031364 Windows Server 2022

5031408 Windows Server 2008 R2 (Monthly Rollup)

5031411 Windows Server 2008 (Security-only update)

5031416 Windows Server 2008 (Monthly Rollup)

5031441 Windows Server 2008 R2 (Security-only update)

Released: Oct 10, 2023

October 2023 Security Updates - Release Notes - Security Update Guide - Microsoft

This thread is locked. You can vote as helpful, but you cannot reply or subscribe to this thread.

2 people found this helpful

Was this discussion helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this discussion?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this discussion?

Thanks for your feedback.

Replies (0)

Discussion Info

Last updated March 1, 2024 Views 2,472 Applies to: