France: Multiple Vulnerabilities Detected in Microsoft Products

The Computer Emergency Response Team of France (CERT-FR) has issued an advisory regarding multiple vulnerabilities identified in various Microsoft products. These vulnerabilities could potentially lead to security bypass, data confidentiality breaches, denial of service, remote arbitrary code execution, identity theft, and privilege escalation.

The affected systems and products include:

• 3D Builder
• 3D Viewer
• Dynamics 365 for Finance and Operations
• Microsoft Defender Security Intelligence Updates
• Microsoft Dynamics 365 (on-premises) version 9.0
• Microsoft Dynamics 365 (on-premises) version 9.1
• Microsoft Exchange Server 2016 Cumulative Update 23
• Microsoft Exchange Server 2019 Cumulative Update 12
• Microsoft Exchange Server 2019 Cumulative Update 13
• Microsoft Identity Linux Broker
• Microsoft SharePoint Enterprise Server 2016
• Microsoft SharePoint Server 2019
• Microsoft SharePoint Server Subscription Edition
• Microsoft Visual Studio 2017 version 15.9 (includes 15.0 – 15.8)
• Microsoft Visual Studio 2019 version 16.11 (includes 16.0 – 16.10)
• Microsoft Visual Studio 2022 version 17.2
• Microsoft Visual Studio 2022 version 17.4
• Microsoft Visual Studio 2022 version 17.6
• Microsoft Visual Studio 2022 version 17.7
• Visual Studio Code

These vulnerabilities have the potential to impact a wide range of systems and applications, posing significant risks to users.

Solution: Users and organizations are advised to refer to the security bulletin provided by Microsoft for obtaining the necessary patches and updates. Detailed information about each vulnerability and mitigation measures can be found in the documentation linked below.

Documentation:

• Microsoft Security Bulletin – September 12, 2023
• Microsoft Security Bulletin – CVE-2023-38164 – September 12, 2023
• Microsoft Security Bulletin – CVE-2023-36886 – September 12, 2023
• Microsoft Security Bulletin – CVE-2022-41303 – September 12, 2023
• Microsoft Security Bulletin – CVE-2023-36739 – September 12, 2023
• Microsoft Security Bulletin – CVE-2023-36745 – September 12, 2023
• Microsoft Security Bulletin – CVE-2023-36756 – September 12, 2023
• Microsoft Security Bulletin – CVE-2023-36757 – September 12, 2023
• Microsoft Security Bulletin – CVE-2023-36744 – September 12, 2023
• Microsoft Security Bulletin – CVE-2023-36740 – September 12, 2023
• Microsoft Security Bulletin – CVE-2023-39956 – September 12, 2023
• Microsoft Security Bulletin – CVE-2023-36799 – September 12, 2023
• Microsoft Security Bulletin – CVE-2023-36758 – September 12, 2023
• Microsoft Security Bulletin – CVE-2023-36800 – September 12, 2023
• Microsoft Security Bulletin – CVE-2023-36759 – September 12, 2023
• Microsoft Security Bulletin – CVE-2023-36760 – September 12, 2023
• Microsoft Security Bulletin – CVE-2023-36772 – September 12, 2023
• Microsoft Security Bulletin – CVE-2023-36796 – September 12, 2023
• Microsoft Security Bulletin – CVE-2023-36742 – September 12, 2023
• Microsoft Security Bulletin – CVE-2023-36736 – September 12, 2023
• Microsoft Security Bulletin – CVE-2023-36792 – September 12, 2023
• Microsoft Security Bulletin – CVE-2023-36793 – September 12, 2023
• Microsoft Security Bulletin – CVE-2023-36794 – September 12, 2023
• Microsoft Security Bulletin – CVE-2023-36762 – September 12, 2023
• Microsoft Security Bulletin – CVE-2023-36773 – September 12, 2023
• Microsoft Security Bulletin – CVE-2023-38163 – September 12, 2023
• Microsoft Security Bulletin – CVE-2023-36764 – September 12, 2023
• [Microsoft Security Bulletin – CVE-2023-36770 – September 12, 2023](https://msrc.microsoft.com/update-guide

https://www.cert.ssi.gouv.fr/avis/CERTFR-2023-AVI-0743/