ºÚÁÏÉç

Security Bulletin text on the screen with a wolf in the background
Security Bulletin text on the screen with a wolf in the background
Back to blog

Actively Exploited Zero-day Vulnerabilities Patched in Microsoft’s September 2023 Patch Tuesday

On September 12, 2023, Microsoft published their September 2023 Security Update with patches for 59 vulnerabilities. Among these 59 vulnerabilities, Arctic Wolf has highlighted two in this bulletin that were reported by Microsoft to be under active exploitation.??
Security Bulletin text on the screen with a wolf in the background
6 min read

On September 12, 2023, Microsoft published their September 2023 Security Update with patches for 59 vulnerabilities. Among these 59 vulnerabilities, Arctic Wolf has highlighted two in this bulletin that were reported by Microsoft to be under active exploitation.??

Impacted Product #1: Windows?

Windows Server 2022, Windows Server 2019
Windows 10 Version 22H2, Windows 11 Version 22H2, Windows 10 Version 21H2, Windows 11 Version 21H2, Windows 10 Version 1809?

Vulnerabilities Impacting Windows:??

? CVSS 7.8 – High? Actively exploited?

Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability – A threat actor with low privileges could exploit this vulnerability to gain SYSTEM privileges.??

  • Note: This vulnerability was added to CISA¡¯s Known Exploited Vulnerabilities catalog.?

Impacted Product #2: Microsoft Office?

Microsoft Word 2013 Service Pack 1, Microsoft Word 2013 RT Service Pack 1, Microsoft Word 2016?
Microsoft Office LTSC 2021, Microsoft Office 2019??
Microsoft 365 Apps for Enterprise?

Vulnerabilities Impacting Microsoft Office:?

? CVSS: 6.2 – Medium? Actively exploited?

Microsoft Word Information Disclosure Vulnerability – A threat actor could exploit this vulnerability to read the NTLM hashes of user¡¯s passwords. The preview pane is a possible attack vector for this vulnerability.?

  • Note: This vulnerability was added to CISA¡¯s Known Exploited Vulnerabilities catalog.?

Recommendations?

Recommendation: Apply Security Updates to Impacted Products?

Arctic Wolf strongly recommends applying the available security updates to all impacted products to prevent potential exploitation.?

Note: Please follow your organization’s patching and testing guidelines to avoid operational impact.?

Product? CVE? Update?
Microsoft Word 2013? CVE-2023-36761? Security Update: ?
Microsoft Word 2016? CVE-2023-36761? Security Update: ?
Microsoft 365 Apps for Enterprise? CVE-2023-36761? Security Update: ?
Microsoft Office 2019? CVE-2023-36761? Security Update: ?
Microsoft Office LTSC 2021? CVE-2023-36761? Security Update: ?
Windows 10 Version 22H2?? CVE-2023-36802? Security Update: ?
Windows 10 Version 21H2? CVE-2023-36802? Security Update: ?
Windows 11 Version 22H2? CVE-2023-36802? Security Update: ?
Windows 11 version 21H2? CVE-2023-36802? Security Update: ?
Windows Server 2022? CVE-2023-36802? Security Update:
Azure HotPatch: ?
Windows Server 2019?? CVE-2023-36802? Security Update: ?
Windows 10 Version 1809? CVE-2023-36802? Security Update: ?

References?

  • ?
  • ?
Popular Topics
View all posts
Share this post:

What to read next

Back to Blog
Arctic Wolf Blog Featured Image
6 min read

Microsoft Patch Tuesday: April 2026?

April 14, 2026

View Post
Arctic Wolf Blog Featured Image
2 min read

CVE-2026-35616: Fortinet Releases Hotfix for Critical Exploited Vulnerability in FortiClient EMS

April 6, 2026

View Post
Arctic Wolf Blog Featured Image
2 min read

CVE-2026-2699 & CVE-2026-2701: Progress ShareFile Storage Zones Controller Pre-Auth RCE Chain

April 6, 2026

View Post
Arctic Wolf Blog Featured Image
4 min read

Supply Chain Attack Impacts Widely Used Axios npm Package

March 31, 2026

View Post