"October Patch Tuesday Addresses Three Zero-Days"
Microsoft has recently fixed three zero-day vulnerabilities in its latest security update round this month, all of which are being actively exploited in the wild. October’s Patch Tuesday fixed 104 vulnerabilities, only 12 of which were labeled “Critical.” The first zero-day bug, CVE-2023-41763, is an elevation of privilege vulnerability in Skype, which allows an attacker to send a specially crafted network call to a target Skype for Business server. The second zero-day is CVE-2023-36563, an information disclosure vulnerability in WordPad that allows disclosure of NTLM hashes. The final zero-day is the Rapid Reset denial of service vulnerability CVE-2023-44487, which has been exploited in the wild since August to help launch some of the biggest DDoS attacks ever seen.
Infosecurity reports: "October Patch Tuesday Addresses Three Zero-Days"