Microsoft closes vulnerabilities in WordPad and Skype for Business

With the new Patch Tuesday, Microsoft is addressing 103 vulnerabilities in its products.

Of the 103 vulnerabilities that have been patched, Microsoft says three are classed as very critical. These vulnerabilities are reportedly already being actively exploited by hackers.

First and foremost is CVE-2023-36563, a vulnerability for WordPad. Through this vulnerability, hackers can steal NTLM hashes from user accounts. This allows affected systems to be taken over.

Stealing these hashes can take place in two ways. First, hackers may already have access to a system and manage to take complete control of the system. Second, hackers can get users to open a malicious file themselves.

Since Microsoft itself discovered the vulnerability, no further details were disclosed.

Skype for Business and zero-day vulnerabilities

The second vulnerability concerns Skype for Business. CVE-2023-41763 allows hackers to obtain sensitive information by making a prepared network call to a Skype for Business server. With the IP addresses or port numbers obtained in this way, they can gain access to internal networks.

The third patched critical and actively exploited vulnerability is CVE-2023-44487. This vulnerability is a zero-day vulnerability that triggers a DDoS problem. More specifically, this zero-day causes an “HTTP/2 Rapid Reset.

Other important patches include CVE-2023-35349 in Microsoft Message Queuing and CVE-2023-36434 in Windows IIS Server. The first vulnerability allows hackers to potentially run code remotely. The second vulnerability allows hackers to gain access to a system via brute-force attacks.

Latest security update for Windows 11 21H2

Additionally, the latest Patch Tuesday update is the security update for users running a system based on the Home and Pro versions of Windows 11 21H2. This Windows version has now reached end-of-service status and therefore will no longer receive security updates. Windows 11 22H2 will still get all security and non-security updates.

Tip: Latest Microsoft Patch Tuesday fixes two actively abused exploits

Top story

OT security: how AI is both a threat and a protector

OT (Operational Technology) attacks can have major real-world consequences. Globally critical seaports can be...

Erik van Klinken 3 days ago

Tech calendar

Microsoft closes vulnerabilities in WordPad and Skype for Business

Skype for Business and zero-day vulnerabilities

Latest security update for Windows 11 21H2

Stay tuned, subscribe!

Free VMware ESXi hypervisor returns

MITRE CVE database saved after last minute reversal

CISA saves MITRE’s CVE database at the 11th hour

Google lets AI agents do the data work in BigQuery and Looker

Data analysts still heavily reliant on spreadsheets

What is the new AI project Red Hat InstructLab?

Tableau Pulse uses generative AI to create data analysis on its own

VeeamON 2025

GITEX ASIA

SAS Innovate 2025

.NEXT 2025

LambdaConf 2025

Qlik Connect 2025

Try the latest high-end Synology backup system for free

Enhance your data protection strategy for 2025

Strengthen your cybersecurity with DNS best practices

Are you data and AI ready?

Cloud Account Executive – Slack

AI & Data Architect