Microsoft’s September 2023 Patch Tuesday Addresses 61 CVEs (C

Microsoft’s September 2023 Patch Tuesday Addresses 61 CVEs (CVE-2023-36761)

Microsoft patched 61 CVEs in its September Patch Tuesday release, with five rated critical, 55 rated important and one rated moderate.

Remote code execution (RCE) vulnerabilities accounted for 39.3% of the vulnerabilities patched this month, followed by elevation of privilege (EoP) vulnerabilities at 27.9%. Of the 61 CVEs patched this month, two vulnerabilities were exploited in the wild as zero-day vulnerabilities.

CVE-2023-36761 is an information disclosure vulnerability in Microsoft Word. According to Microsoft, it has been exploited in the wild as a zero-day and was publicly disclosed prior to a patch being available.

CVE-2023-36802 is an EoP vulnerability in the Microsoft Streaming Service Proxy. According to Microsoft, it has been exploited in the wild as a zero-day.

For more information about the September 2023 Patch Tuesday release, including the availability of Tenable product coverage, please visit our blog.

Cyber Exposure Alerts

Vulnerability Watch

Forum Discussion

Microsoft’s September 2023 Patch Tuesday Addresses 61 CVEs (C

Recent Discussions

FAQ on Exploited Zero-Day Flaws in Cisco ASA and FTD Devices (CVE-2025-20333, CVE-2025-20362)

Microsoft’s September 2025 Patch Tuesday Addresses 80 CVEs (CVE-2025-55234)

Frequently Asked Questions About Chinese State-Sponsored Actors Compromising Global Networks

CVE-2025-7775: Citrix NetScaler ADC and Gateway Zero-Day RCE Vulnerability Exploited in the Wild

CVE-2025-25256: Proof of Concept Released for Fortinet FortiSIEM Command Injection Vulnerability

Americas

Europe

Asia / Australia