The Windows October 2023 security updates fix three 0-day vulnerabilities

Martin Brinkmann
Oct 10, 2023
Updated • Oct 10, 2023
Windows Updates
|
10

The Windows Security Updates for October 2023 are now available. It is a big update for a number of reasons. First, because several Windows products have reached end of support. Second, because the update for Windows 11 includes new features, including Windows Copilot and the new Windows Backup app, that will be available to users of the operating system.

Our overview focuses on the security patches that Microsoft released for Windows. It is a monthly analysis of the Microsoft Patch Day that begins with an executive summary. A list of Windows products follows that lists how each version is affected by this month's security updates.

The guide lists other security and non security updates, links to official support websites and resources, and includes links to direct downloads and other download options.

You may check out the overview for September 2023 here.

Microsoft Windows Security Updates: October 2023

Here is a link to an Excel spreadsheet that lists information about the released security updates on the October 2023 Microsoft Patch Day. Activate the following link to download an archive file that contains the spreadsheet: windows-security-updates-october-2023

Executive Summary

  • Windows 11 version 21H2 is no longer supported. Upgrades to Windows 11 version 22H2 are available.
  • Windows Server 2012 and 2012 R2 have reached end of support today. Microsoft won't release security updates for these Server versions anymore, unless organizations purchase Extended Security Updates subscriptions or migrate their servers to Azure. Microsoft guarantees three years of additional security updates in this year.
  • Microsoft fixed 103 unique vulnerabilities in Microsoft products as well as two vulnerabilities in non-Microsoft products on this Patch Tuesday.
  • Windows clients have no known issues according to Microsoft.
  • Windows Server clients 2008, 2008 R2 and 2022 affected by known issues.

Each supported version of Windows and their critical vulnerabilities are listed below.

  • Windows 10 version 22H2: 73 vulnerabilities, 12 critical and 61 important.
    • Layer 2 Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2023-38166
    • Layer 2 Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2023-41765
    • Layer 2 Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2023-41767
    • Layer 2 Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2023-41768
    • Layer 2 Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2023-41769
    • Layer 2 Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2023-41770
    • Layer 2 Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2023-41771
    • Layer 2 Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2023-41773
    • Layer 2 Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2023-41774
    • Microsoft Message Queuing Remote Code Execution Vulnerability -- CVE-2023-35349
    • Microsoft Message Queuing Remote Code Execution Vulnerability -- CVE-2023-36697
    • Microsoft Virtual Trusted Platform Module Remote Code Execution Vulnerability -- CVE-2023-36718
  • Windows 11 version 21H2:  75 vulnerabilities, 12 critical and 63 important
    • same as Windows 10 version 22H2
  • Windows 11 version 22H2:  75 vulnerabilities, 12 critical and 63 important
    • same as Windows 10 version 22H2

Windows Server products

  • Windows Server 2008 R2 (extended support only): 56 vulnerabilities: 11 critical and 45 important
    • Layer 2 Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2023-38166
    • Layer 2 Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2023-41765
    • Layer 2 Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2023-41767
    • Layer 2 Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2023-41768
    • Layer 2 Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2023-41769
    • Layer 2 Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2023-41770
    • Layer 2 Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2023-41771
    • Layer 2 Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2023-41773
    • Layer 2 Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2023-41774
    • Microsoft Message Queuing Remote Code Execution Vulnerability -- CVE-2023-35349
    • Microsoft Message Queuing Remote Code Execution Vulnerability -- CVE-2023-36697
  • Windows Server 2012 R2: 61 vulnerabilities: 11 critical and 50 important
    • Same critical vulnerabilities as Server 2008 R2.
  • Windows Server 2016: 70 vulnerabilities: 12 critical and 58 important
    • Same critical vulnerabilities as Server 2008 R2, plus
    • Microsoft Virtual Trusted Platform Module Remote Code Execution Vulnerability -- CVE-2023-36718
  • Windows Server 2019: 78 vulnerabilities: 12 critical and 66 important
    • Same critical vulnerabilities as Server 2016
  •  Windows Server 2022: 79 vulnerabilities: 12 critical and 67 important.
    • Same critical vulnerabilities as Server 2016

The three 0-day vulnerabilities are:

  • CVE-2023-36563 -- Microsoft WordPad Information Disclosure Vulnerability
  • CVE-2023-41763 -- Skype for Business Elevation of Privilege Vulnerability
  • CVE-2023-44487 -- MITRE: CVE-2023-44487 HTTP/2 Rapid Reset Attack

Windows Security Updates

Windows 10 version 22H2

Updates and improvements:

Windows 11 Release version 

Updates and improvements:

Windows 11 version 22H2  

Updates and improvements:

Other updates

2023-10 Cumulative Security Update for Internet Explorer (KB5031355)

2023-10 Servicing Stack Update for Windows 10 Version 1507 (KB5031466)

2023-10 Dynamic Cumulative Update for Windows 11 (KB5031358)

2023-10 Servicing Stack Update for Windows 10 Version 21H2 and Windows 10 Version 22H2 (KB5031539)

2023-10 Cumulative Update for Windows 10 Version 1507 (KB5031377)

2023-10 Dynamic Update for Windows 10 Version 1507 (KB5031470)

2023-10 Dynamic Update for Windows 10 Version 1607 (KB5031471)

2023-10 Dynamic Update for Windows 10 Version 1809 (KB5031472)

2023-10 Dynamic Update for Windows 10 Version 21H2 (KB5031474)

2023-10 Dynamic Update for Windows 11 (KB5031475)

Server

2023-10 Security Only Quality Update for Windows Server 2008 (KB5031411)

2023-10 Security Monthly Quality Rollup for Windows Server 2008 (KB5031416)

2023-10 Security Only Quality Update for Windows Server 2012 R2 for x64-based Systems (KB5031407)

2023-10 Security Only Quality Update for Windows Server 2012 for x64-based Systems (KB5031427)

2023-10 Security Monthly Quality Rollup for Windows Server 2012 R2 (KB5031419)

2023-10 Security Monthly Quality Rollup for Windows Server 2012 (KB5031442)

2023-10 Security Monthly Quality Rollup for Windows Embedded Standard 7 and Windows Server 2008 R2  (KB5031408)

2023-10 Security Only Quality Update for Windows Embedded Standard 7 and Windows Server 2008 R2 (KB5031441)

2023-10 Servicing Stack Update for Windows Server 2012 for x64-based Systems (KB5031469)

2023-10 Servicing Stack Update for Windows Embedded Standard 7 and Windows Server 2008 R2 (KB5031658)

2023-10 Servicing Stack Update for Windows Server 2008 (KB5031659)

2023-10 Cumulative Update for Windows Server 2016 and Windows 10 Version 1607 (KB5031362)

2023-10 Cumulative Update for Windows Server 2019 and Windows 10 Version 1809 (KB5031361)

2023-10 Dynamic Update for Microsoft server operating system for x64-based Systems (KB5031473)

.NET

Microsoft .NET Framework 4.8.1 for Microsoft server operating system, version 22H2, Windows 11, Windows 10 Version 22H2, and Windows 10 Version 21H2 (KB5011048)

2023-10 Security and Quality Rollup for .NET Framework 4.8 for Windows Embedded Standard 7 and Windows Server 2008 R2 (KB5031001)

2023-10 Security and Quality Rollup for .NET Framework 4.8 for Windows Server 2012 for x64 (KB5031002)

2023-10 Security and Quality Rollup for .NET Framework 4.8 for Windows Server 2012 R2 for x64 (KB5031003)

2023-10 Security and Quality Rollup for .NET Framework 4.6.2 for Windows Embedded Standard 7, Windows Server 2008 R2, and Windows Server 2008 (KB5031006)

2023-10 Security and Quality Rollup for .NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Server 2012 for x64 (KB5031007)

2023-10 Security and Quality Rollup for .NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Server 2012 R2 for x64 (KB5031008)

2023-10 Security and Quality Rollup for .NET Framework 3.5.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded Standard 7 and Windows Server 2008 R2 (KB5031226)

2023-10 Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 (KB5031227)

2023-10 Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 R2 (KB5031228)

2023-10 Security and Quality Rollup for .NET Framework 2.0, 3.0, 4.6.2 for Windows Server 2008 (KB5031229)

2023-10 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 10 Version 22H2 and Windows 10 Version 21H2 (KB5030649)
2023-10 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 11 (KB5030650)

2023-10 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 22H2 and Windows 10 Version 21H2 (KB5030841)

2023-10 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 11 (KB5030842)

2023-10 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Microsoft server operating system version 21H2 for x64 (KB5030998)

2023-10 Cumulative Update for .NET Framework 3.5 and 4.8 for Microsoft server operating system, version 22H2 for x64 (KB5030999)

2023-10 Cumulative Update for .NET Framework 4.8 for Windows Server 2016 and Windows 10 Version 1607 (KB5031000)

2023-10 Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows Server 2019 and Windows 10 Version 1809 (KB5031005)

2023-10 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows Server 2019 and Windows 10 Version 1809 (KB5031010)

2023-10 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Microsoft server operating system version 21H2 for x64 (KB5031221)

2023-10 Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows Server 2019 and Windows 10 Version 1809 (KB5031222)

2023-10 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 21H2 (KB5031223)

2023-10 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 22H2 (KB5031224)

2023-10 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 11 (KB5031225)

2023-10 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 11 (KB5031323)

2023-10 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Microsoft server operating system, version 22H2 for x64 (KB5031605)

Known Issues

  • None in client products.

Security advisories and updates

Microsoft Office Updates

You find Office update information here.

How to download and install the October 2023 security updates

The October 2023 security updates will be installed automatically on most non-managed devices. Windows Update is an integrated component of the Windows operating system. It is configured to install security updates automatically by default. While users may change this, most devices that are are unmanaged keep the default option.

Windows administrators of these devices may run a check for updates to install them early. We recommend to create system backups before the installation of these updates as a fallback option in case things go wrong.

The free Paragon Backup & Recovery Community Edition backup tool is just one option here.

  1. Select Start, type Windows Update and load the Windows Update item that is displayed.
  2. Select check for updates to run a manual check for updates.

Direct update downloads

Below are resource pages with direct download links, if you prefer to download the updates to install them manually.

Windows 10 version 22H2

  • KB5031356  -- 2023-10 Cumulative Update for Windows 10 Version 21H2

Windows 11 Release version

  • KB5031358 -- 2023-10 Cumulative Update for Windows 11
Windows 11 version 22H2
  • KB5031354 -- 2023-10 Cumulative Update for Windows 11 version 22H2

Additional resources

Summary
The Windows October 2023 security updates are now available
Article Name
The Windows October 2023 security updates are now available
Description
An overview of the October 2023 security updates for Microsoft's Windows operating system.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Related content

Microsoft releases the April 2024 Security Updates for Windows
Update

Overview of the March 2024 Windows Security Updates

The Windows Security Updates for February 2024 are here

Microsoft confirms 0x80070643 error during Windows update installation

Fix 0x80070643 - Error Install Failure when trying to install Windows Update

The first Windows security updates of 2024 are here

Previous Post: «
Next Post: «

Comments

  1. Gruko said on October 12, 2023 at 7:44 am
    Reply

    Hello,
    I’m writing about the Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 11 (KB5031323).
    The Microsoft catalog web page for KB5031323 is wrong. The download button is connected to the September update.
    :)

  2. intromug said on October 11, 2023 at 3:12 pm
    Reply

    Http/2 rapid reset vulnerability only affect enterprise servers, but not for client end users PC.

  3. N/A said on October 11, 2023 at 10:38 am
    Reply

    “Please wait until we brick your computer while updating”

  4. N/A said on October 11, 2023 at 10:37 am
    Reply

    “Please wait until we brick your computer with updates”

  5. AC Slater said on October 11, 2023 at 10:13 am
    Reply

    My, my, my. Would you look at all of the Remote Code Execution Vulnerabilities!

    Good old predictable M$, as always.

  6. Franck said on October 11, 2023 at 6:00 am
    Reply

    Thank you for the great article and information Martin!

  7. VioletMoon said on October 11, 2023 at 3:32 am
    Reply

    It’s too early to tell, and I’m an optimist!

    But, “The Windows October 2023 security updates fix three 0-day vulnerabilities” and introduces over 15 issues that prevent booting, prevents installed programs from running, and introduces 7 heretofore privacy exploits impossible to block, etc.

    It’s not pretty. I won’t take the chance on a production machine or . . . any other. Too much work making full images and restoring, etc. I can wait a few weeks.

  8. Paul(us) said on October 10, 2023 at 8:08 pm
    Reply

    Martin, you wrought “Here is a link to an Excel spreadsheet that lists information about the released security updates on the October 2023 Microsoft Patch Day. Activate the following link to download an archive file that contains the spreadsheet:”
    But I can’t find a link.

    1. Martin Brinkmann said on October 10, 2023 at 8:45 pm
      Reply

      Can you retry, it should be there now!

      1. Paul(us) said on October 10, 2023 at 10:38 pm
        Reply

        Yes, thanks Martin, I can now download the 2023-10-10 – Microsoft Windows Security Updates – October-2023.zip without any problem.

        This spreadsheet.xlsx along with your article is very helpful in understanding what I was doing when I updated my Windows 10 pro o.s. to version 22H2 build 19.045.3570.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.

Advertisement

Spread the Word

Advertisement

Advertisement

Recently Updated

Latest from Softonic

Advertisement

About gHacks

Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.

The name and logo of Ghacks are copyrights or trademarks of SOFTONIC INTERNATIONAL S.A.
Copyright SOFTONIC INTERNATIONAL S.A. © 2005- 2024 - All rights reserved