The Windows October 2023 security updates fix three 0-day vulnerabilities
The Windows Security Updates for October 2023 are now available. It is a big update for a number of reasons. First, because several Windows products have reached end of support. Second, because the update for Windows 11 includes new features, including Windows Copilot and the new Windows Backup app, that will be available to users of the operating system.
Our overview focuses on the security patches that Microsoft released for Windows. It is a monthly analysis of the Microsoft Patch Day that begins with an executive summary. A list of Windows products follows that lists how each version is affected by this month's security updates.
The guide lists other security and non security updates, links to official support websites and resources, and includes links to direct downloads and other download options.
You may check out the overview for September 2023 here.
Microsoft Windows Security Updates: October 2023
Here is a link to an Excel spreadsheet that lists information about the released security updates on the October 2023 Microsoft Patch Day. Activate the following link to download an archive file that contains the spreadsheet: windows-security-updates-october-2023
Executive Summary
- Windows 11 version 21H2 is no longer supported. Upgrades to Windows 11 version 22H2 are available.
- Windows Server 2012 and 2012 R2 have reached end of support today. Microsoft won't release security updates for these Server versions anymore, unless organizations purchase Extended Security Updates subscriptions or migrate their servers to Azure. Microsoft guarantees three years of additional security updates in this year.
- Microsoft fixed 103 unique vulnerabilities in Microsoft products as well as two vulnerabilities in non-Microsoft products on this Patch Tuesday.
- Windows clients have no known issues according to Microsoft.
- Windows Server clients 2008, 2008 R2 and 2022 affected by known issues.
Each supported version of Windows and their critical vulnerabilities are listed below.
- Windows 10 version 22H2: 73 vulnerabilities, 12 critical and 61 important.
- Layer 2 Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2023-38166
- Layer 2 Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2023-41765
- Layer 2 Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2023-41767
- Layer 2 Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2023-41768
- Layer 2 Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2023-41769
- Layer 2 Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2023-41770
- Layer 2 Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2023-41771
- Layer 2 Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2023-41773
- Layer 2 Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2023-41774
- Microsoft Message Queuing Remote Code Execution Vulnerability -- CVE-2023-35349
- Microsoft Message Queuing Remote Code Execution Vulnerability -- CVE-2023-36697
- Microsoft Virtual Trusted Platform Module Remote Code Execution Vulnerability -- CVE-2023-36718
- Windows 11 version 21H2: 75 vulnerabilities, 12 critical and 63 important
- same as Windows 10 version 22H2
- Windows 11 version 22H2: 75 vulnerabilities, 12 critical and 63 important
- same as Windows 10 version 22H2
Windows Server products
- Windows Server 2008 R2 (extended support only): 56 vulnerabilities: 11 critical and 45 important
- Layer 2 Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2023-38166
- Layer 2 Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2023-41765
- Layer 2 Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2023-41767
- Layer 2 Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2023-41768
- Layer 2 Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2023-41769
- Layer 2 Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2023-41770
- Layer 2 Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2023-41771
- Layer 2 Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2023-41773
- Layer 2 Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2023-41774
- Microsoft Message Queuing Remote Code Execution Vulnerability -- CVE-2023-35349
- Microsoft Message Queuing Remote Code Execution Vulnerability -- CVE-2023-36697
- Windows Server 2012 R2: 61 vulnerabilities: 11 critical and 50 important
- Same critical vulnerabilities as Server 2008 R2.
- Windows Server 2016: 70 vulnerabilities: 12 critical and 58 important
- Same critical vulnerabilities as Server 2008 R2, plus
- Microsoft Virtual Trusted Platform Module Remote Code Execution Vulnerability -- CVE-2023-36718
- Windows Server 2019: 78 vulnerabilities: 12 critical and 66 important
- Same critical vulnerabilities as Server 2016
- Windows Server 2022: 79 vulnerabilities: 12 critical and 67 important.
- Same critical vulnerabilities as Server 2016
The three 0-day vulnerabilities are:
- CVE-2023-36563 -- Microsoft WordPad Information Disclosure Vulnerability
- CVE-2023-41763 -- Skype for Business Elevation of Privilege Vulnerability
- CVE-2023-44487 -- MITRE: CVE-2023-44487 HTTP/2 Rapid Reset Attack
Windows Security Updates
Windows 10 version 22H2
- Support Page: KB5031356
Updates and improvements:
- Security updates
- All non-security changes of the September 26 Preview update.
Windows 11 Release version
- Support Page: KB5031358
Updates and improvements:
- Security updates
- All non-security changes of the September 26 Preview update.
Windows 11 version 22H2
- Support Page: KB5031354
Updates and improvements:
- Security updates
- All non-security changes of the September 26 Preview update. This includes all Moment 4 update features.
Other updates
2023-10 Cumulative Security Update for Internet Explorer (KB5031355)
2023-10 Servicing Stack Update for Windows 10 Version 1507 (KB5031466)
2023-10 Dynamic Cumulative Update for Windows 11 (KB5031358)
2023-10 Servicing Stack Update for Windows 10 Version 21H2 and Windows 10 Version 22H2 (KB5031539)
2023-10 Cumulative Update for Windows 10 Version 1507 (KB5031377)
2023-10 Dynamic Update for Windows 10 Version 1507 (KB5031470)
2023-10 Dynamic Update for Windows 10 Version 1607 (KB5031471)
2023-10 Dynamic Update for Windows 10 Version 1809 (KB5031472)
2023-10 Dynamic Update for Windows 10 Version 21H2 (KB5031474)
2023-10 Dynamic Update for Windows 11 (KB5031475)
Server
2023-10 Security Only Quality Update for Windows Server 2008 (KB5031411)
2023-10 Security Monthly Quality Rollup for Windows Server 2008 (KB5031416)
2023-10 Security Only Quality Update for Windows Server 2012 R2 for x64-based Systems (KB5031407)
2023-10 Security Only Quality Update for Windows Server 2012 for x64-based Systems (KB5031427)
2023-10 Security Monthly Quality Rollup for Windows Server 2012 R2 (KB5031419)
2023-10 Security Monthly Quality Rollup for Windows Server 2012 (KB5031442)
2023-10 Security Monthly Quality Rollup for Windows Embedded Standard 7 and Windows Server 2008 R2 (KB5031408)
2023-10 Security Only Quality Update for Windows Embedded Standard 7 and Windows Server 2008 R2 (KB5031441)
2023-10 Servicing Stack Update for Windows Server 2012 for x64-based Systems (KB5031469)
2023-10 Servicing Stack Update for Windows Embedded Standard 7 and Windows Server 2008 R2 (KB5031658)
2023-10 Servicing Stack Update for Windows Server 2008 (KB5031659)
2023-10 Cumulative Update for Windows Server 2016 and Windows 10 Version 1607 (KB5031362)
2023-10 Cumulative Update for Windows Server 2019 and Windows 10 Version 1809 (KB5031361)
2023-10 Dynamic Update for Microsoft server operating system for x64-based Systems (KB5031473)
.NET
Microsoft .NET Framework 4.8.1 for Microsoft server operating system, version 22H2, Windows 11, Windows 10 Version 22H2, and Windows 10 Version 21H2 (KB5011048)
2023-10 Security and Quality Rollup for .NET Framework 4.8 for Windows Embedded Standard 7 and Windows Server 2008 R2 (KB5031001)
2023-10 Security and Quality Rollup for .NET Framework 4.8 for Windows Server 2012 for x64 (KB5031002)
2023-10 Security and Quality Rollup for .NET Framework 4.8 for Windows Server 2012 R2 for x64 (KB5031003)
2023-10 Security and Quality Rollup for .NET Framework 4.6.2 for Windows Embedded Standard 7, Windows Server 2008 R2, and Windows Server 2008 (KB5031006)
2023-10 Security and Quality Rollup for .NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Server 2012 for x64 (KB5031007)
2023-10 Security and Quality Rollup for .NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Server 2012 R2 for x64 (KB5031008)
2023-10 Security and Quality Rollup for .NET Framework 3.5.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded Standard 7 and Windows Server 2008 R2 (KB5031226)
2023-10 Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 (KB5031227)
2023-10 Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 R2 (KB5031228)
2023-10 Security and Quality Rollup for .NET Framework 2.0, 3.0, 4.6.2 for Windows Server 2008 (KB5031229)
2023-10 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 10 Version 22H2 and Windows 10 Version 21H2 (KB5030649)
2023-10 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 11 (KB5030650)
2023-10 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 22H2 and Windows 10 Version 21H2 (KB5030841)
2023-10 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 11 (KB5030842)
2023-10 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Microsoft server operating system version 21H2 for x64 (KB5030998)
2023-10 Cumulative Update for .NET Framework 3.5 and 4.8 for Microsoft server operating system, version 22H2 for x64 (KB5030999)
2023-10 Cumulative Update for .NET Framework 4.8 for Windows Server 2016 and Windows 10 Version 1607 (KB5031000)
2023-10 Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows Server 2019 and Windows 10 Version 1809 (KB5031005)
2023-10 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows Server 2019 and Windows 10 Version 1809 (KB5031010)
2023-10 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Microsoft server operating system version 21H2 for x64 (KB5031221)
2023-10 Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows Server 2019 and Windows 10 Version 1809 (KB5031222)
2023-10 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 21H2 (KB5031223)
2023-10 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 22H2 (KB5031224)
2023-10 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 11 (KB5031225)
2023-10 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 11 (KB5031323)
2023-10 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Microsoft server operating system, version 22H2 for x64 (KB5031605)
Known Issues
- None in client products.
Security advisories and updates
- ADV 990001 -- Latest Servicing Stack Updates
Microsoft Office Updates
You find Office update information here.
How to download and install the October 2023 security updates
The October 2023 security updates will be installed automatically on most non-managed devices. Windows Update is an integrated component of the Windows operating system. It is configured to install security updates automatically by default. While users may change this, most devices that are are unmanaged keep the default option.
Windows administrators of these devices may run a check for updates to install them early. We recommend to create system backups before the installation of these updates as a fallback option in case things go wrong.
The free Paragon Backup & Recovery Community Edition backup tool is just one option here.
- Select Start, type Windows Update and load the Windows Update item that is displayed.
- Select check for updates to run a manual check for updates.
Direct update downloads
Below are resource pages with direct download links, if you prefer to download the updates to install them manually.
Windows 10 version 22H2
- KB5031356 -- 2023-10 Cumulative Update for Windows 10 Version 21H2
Windows 11 Release version
- KB5031358 -- 2023-10 Cumulative Update for Windows 11
- KB5031354 -- 2023-10 Cumulative Update for Windows 11 version 22H2
Additional resources
- October 2023 Security Updates release notes
- List of software updates for Microsoft products
- List of the latest Windows Updates and Services Packs
- Security Updates Guide
- Microsoft Update Catalog site
- Our in-depth Windows update guide
- How to install optional updates on Windows 10
- Windows 11 Update History
- Windows 10 Update History
Hello,
I’m writing about the Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 11 (KB5031323).
The Microsoft catalog web page for KB5031323 is wrong. The download button is connected to the September update.
:)
Http/2 rapid reset vulnerability only affect enterprise servers, but not for client end users PC.
“Please wait until we brick your computer while updating”
“Please wait until we brick your computer with updates”
My, my, my. Would you look at all of the Remote Code Execution Vulnerabilities!
Good old predictable M$, as always.
Thank you for the great article and information Martin!
It’s too early to tell, and I’m an optimist!
But, “The Windows October 2023 security updates fix three 0-day vulnerabilities” and introduces over 15 issues that prevent booting, prevents installed programs from running, and introduces 7 heretofore privacy exploits impossible to block, etc.
It’s not pretty. I won’t take the chance on a production machine or . . . any other. Too much work making full images and restoring, etc. I can wait a few weeks.
Martin, you wrought “Here is a link to an Excel spreadsheet that lists information about the released security updates on the October 2023 Microsoft Patch Day. Activate the following link to download an archive file that contains the spreadsheet:”
But I can’t find a link.
Can you retry, it should be there now!
Yes, thanks Martin, I can now download the 2023-10-10 – Microsoft Windows Security Updates – October-2023.zip without any problem.
This spreadsheet.xlsx along with your article is very helpful in understanding what I was doing when I updated my Windows 10 pro o.s. to version 22H2 build 19.045.3570.