{"id":54064,"date":"2023-10-10T21:59:59","date_gmt":"2023-10-10T21:59:59","guid":{"rendered":"https:\/\/www.darkreading.com\/vulnerabilities-threats\/microsoft-patch-tuesday-haunted-zero-days-wormable-bug"},"modified":"2023-10-10T21:59:59","modified_gmt":"2023-10-10T21:59:59","slug":"microsoft-patch-tuesday-haunted-by-zero-days-wormable-bug","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/microsoft-patch-tuesday-haunted-by-zero-days-wormable-bug\/","title":{"rendered":"Microsoft Patch Tuesday Haunted by Zero-Days, Wormable Bug"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt32c10a001a02b06e\/6525c2f431e77c11d38c276f\/jack_o_lantern_pumpkin-Andrey_Armyagov-Alamy.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p>Microsoft flagged two zero-day security vulnerabilities under active attack in October&#8217;s Patch Tuesday update, which affect Microsoft WordPad and Skype for Business. The release also features a critical-rated, wormable bug in Message Queuing that could instill terror for admins of vulnerable systems.<\/p>\n<p>The two bugs are part of a cadre of 103 total CVEs addressed by the computing giant this month. The patches run the gamut of Microsoft&#8217;s portfolio, including Azure, ASP.NET, Core, and Visual Studio; Exchange Server; Office, Microsoft Dynamics, and Windows.<\/p>\n<p>Appropriately for October, the number of critical-rated vulnerabilities comes in at an unlucky 13; and notably, a full 20% of the fixes in the update relate to Microsoft Message Queuing (MSMQ).<\/p>\n<h2 class=\"regular-text\">October 2023 Bugs Under Active Exploit<\/h2>\n<p>Falling into the hair-raising active exploit camp, the first issue under attack in the wild is <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-36563\" target=\"_blank\" rel=\"noopener\">CVE-2023-36563<\/a>, an information-disclosure bug in the WordPad word processing program that could open the door to <a href=\"https:\/\/www.darkreading.com\/vulnerabilities-threats\/sneaky-windows-folder-poisoning-attack-steals-access-rights\" target=\"_blank\" rel=\"noopener\">NTLM relay attacks<\/a> by exposing NTLM hashes.<\/p>\n<p>&#8220;To exploit this vulnerability, an attacker must first gain access to the system,&#8221; explained Mike Walters, president and co-founder of Action1, in <a href=\"https:\/\/www.action1.com\/patch-tuesday-october-2023\/\" target=\"_blank\" rel=\"noopener\">October Patch Tuesday commentary<\/a>. &#8220;Subsequently, they would run a specially crafted application designed to take advantage of the vulnerability and seize control of the affected system.&#8221;<\/p>\n<p>He added, &#8220;Alternatively, the attacker could persuade a local user to open a malicious file. This persuasion might involve enticing the user to click a link, often via email or instant message, and then convincing them to open the specially crafted file.&#8221;<\/p>\n<p>As far as mitigation goes, &#8220;Microsoft doesn&#8217;t list any Preview Pane vector, so user interaction is required,&#8221; said Dustin Childs, researcher for <a href=\"https:\/\/www.zerodayinitiative.com\/blog\/2023\/10\/10\/the-october-2023-security-update-review\" target=\"_blank\" rel=\"noopener\">Trend Micro&#8217;s Zero Day Initiative, in a blog<\/a>. &#8220;In addition to applying this patch, you should consider blocking outbound NTLM over SMB on Windows 11. This new feature hasn&#8217;t received much attention, but it could significantly hamper NTLM-relay exploits.&#8221;<\/p>\n<p>Meanwhile, <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-41763\" target=\"_blank\" rel=\"noopener\">CVE-2023-41763<\/a> in Skype for Business is ready to haunt admin dreams. It&#8217;s listed as an elevation-of-privilege issue, but Childs pointed out that it should be treated as an information disclosure problem.<\/p>\n<p>&#8220;An attacker could exploit this vulnerability by initiating a specially crafted network call to the targeted Skype for Business server,&#8221; Walters said. &#8220;This action could lead to the parsing of an HTTP request sent to an arbitrary address, potentially revealing IP addresses and port numbers.&#8221;<\/p>\n<p>He added that some sensitive information may be exposed, including in some cases data that could grant access to internal networks. However, it won&#8217;t allow the attacker to modify the exposed data or restrict access to the affected resource.<\/p>\n<h2 class=\"regular-text\">20 Microsoft Message Queuing Vulnerabilities<\/h2>\n<p>Also putting the shivers into cybersecurity defenders this month are a full 20 different MSMQ vulnerabilities, which together represent an outsized percentage of the total October fixes. One of them, <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-35349\" target=\"_blank\" rel=\"noopener\">CVE-2023-35349<\/a>, earns the distinction of being the scariest (i.e., most severe) issue of the month; it carries a CVSS critical score of 9.8 out of 10.<\/p>\n<p>The bug allows unauthenticated remote code execution (RCE) without user interaction, meaning that the issue is wormable on systems where Message Queuing is enabled.<\/p>\n<p>MSMQ is used to allow applications across multiple servers or hosts to communicate with each other and allow for communications to be stored and queued as required. It is not enabled by default, but Microsoft Exchange Server can enable it during installation, according to Rob Reeves, principal security engineer at Immersive Labs.<\/p>\n<p>&#8220;It is highly likely that a successful attack will afford the attacker with SYSTEM-level permissions on the target or allow for kernel exploitation,&#8221; he said in emailed Patch Tuesday commentary. &#8220;It would be considered unusual for an enterprise environment to expose the MSMQ service publicly on the Internet &#8230; so it is reasonable to assume that to leverage this vulnerability in an attack, an attacker would have first successfully phished a target network and discovered the vulnerable service during enumeration.&#8221;<\/p>\n<p>Users should patch immediately, but can also mitigate the problem by blocking communications on TCP Port 1801 from untrusted connections via the firewall, Reeves added.<\/p>\n<p>Childs noted that the other MSMQ bugs are a mix of RCE issues that do require user interaction, and DoS flaws that do not.<\/p>\n<p>&#8220;Microsoft doesn&#8217;t state if successful exploitation would simply stop the service or blue screen the entire system,&#8221; he noted. &#8220;They also don&#8217;t note if the system would automatically recover once the DoS exploit ends. There have been many Message Queuing bugs fixed this year, so now is a great time to audit your enterprise to determine your exposure.&#8221;<\/p>\n<h2 class=\"regular-text\">Other Microsoft Bugbears to Prioritize This Month<\/h2>\n<p>As far as other security monsters to be on the lookout for, <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-36434\" target=\"_blank\" rel=\"noopener\">CVE-2023-36434<\/a> in Windows IIS Server stands out, according to ZDI&#8217;s Childs. An attacker who successfully exploits the bug could log on to an affected IIS server as another user.<\/p>\n<p>The elevation-of-privilege vulnerability was labeled &#8220;important&#8221; by Microsoft, because a threat actor would need to already be present in the network to use it, but it carries a CVSS 9.8 rating.<\/p>\n<p>&#8220;These days, brute force attacks can be easily automated,&#8221; Childs noted. &#8220;If you&#8217;re running IIS, you should treat this as a critical update and patch quickly.&#8221;<\/p>\n<p>Action1&#8217;s Walters meanwhile highlighted a group of nine RCE vulnerabilities in the Layer 2 Tunneling Protocol, which all have a CVSS score of 8.1 (<a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-41774\" target=\"_blank\" rel=\"noopener\">CVE-2023-41774<\/a>, <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-41773\" target=\"_blank\" rel=\"noopener\">CVE-2023-41773<\/a>, <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-41771\" target=\"_blank\" rel=\"noopener\">CVE-2023-41771<\/a>, <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-41770\" target=\"_blank\" rel=\"noopener\">CVE-2023-41770<\/a>, <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-41769\" target=\"_blank\" rel=\"noopener\">CVE-2023-41769<\/a>, <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-41768\" target=\"_blank\" rel=\"noopener\">CVE-2023-41768<\/a>, <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-41767\" target=\"_blank\" rel=\"noopener\">CVE-2023-41767<\/a>, <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-41765\" target=\"_blank\" rel=\"noopener\">CVE-2023-41765<\/a>, and <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-38166\" target=\"_blank\" rel=\"noopener\">CVE-2023-38166<\/a>).<\/p>\n<p>&#8220;They possess a network-based attack vector, have a high level of complexity for successful exploitation, do not require any special privileges, and demand no user interaction,&#8221; he said. &#8220;Their exploitation is notably intricate &#8230; To successfully exploit these vulnerabilities, an attacker must overcome a race condition. An unauthenticated attacker could achieve this by sending a carefully crafted protocol message to a Routing and Remote Access Service (RRAS) server.&#8221;<\/p>\n<p>An RCE vulnerability in Microsoft Windows Data Access Components (WDAC) OLE DB provider for SQL Server (<a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-36577\" target=\"_blank\" rel=\"noopener\">CVE-2023-36577<\/a>, CVSS 8.8) caught the eye of Jason Kikta, CISO and senior vice president at Automox.<br \/>&#8220;Microsoft WDAC OLE DB Provider for SQL Server is a set of components designed to facilitate efficient data access from Microsoft SQL Server databases to endpoints,&#8221; he said in a Patch Tuesday advisory. &#8220;It&#8217;s a key element of the WDAC that allows developers to create applications capable of communicating with almost any data source, including SQL Server. This vulnerability may allow an attacker to execute arbitrary code on a targeted system by convincing a user to connect to a malicious database.&#8221;<\/p>\n<p>He noted, &#8220;These attacks can be mitigated by configuring the environment to connect only to trusted servers and enforcing certificate validation.&#8221;<br \/>And finally, Chris Goettl, vice president of security products at Ivanti, flagged the fact that October Patch Tuesday includes the last updates for Windows 11 21H2 and Microsoft Server 2012\/2012 R2.<\/p>\n<p>&#8220;The latter go into Extended Security Support (ESU) starting with a November release, and Microsoft also announced the keys used to enable these updates will be managed as part of Azure Arc. They should be released next week,&#8221; he said in emailed commentary.<\/p>\n<p>&#8220;End-of-life software poses a risk to an organization,&#8221; he warned. &#8220;No public updates will be available for these OS versions going forward. For Windows 11 users this means upgrading to a new Windows 11 branch. For Server 2012\\2012 R2 it is highly recommended to subscribe to ESU or migrate to a newer server edition.&#8221;<\/p>\n<p>This month&#8217;s release also includes a patch for the <a href=\"https:\/\/www.darkreading.com\/cloud\/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event\" target=\"_blank\" rel=\"noopener\">just-disclosed HTTP\/2 Rapid Reset distributed denial of service (DDoS) bug<\/a>, as well as one for an external Chromium flaw that affects Microsoft Edge.<\/p>\n<p>Read More <a href=\"https:\/\/www.darkreading.com\/vulnerabilities-threats\/microsoft-patch-tuesday-haunted-zero-days-wormable-bug\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>October&#8217;s CVE update is here. Here&#8217;s which security vulnerabilities to patch now to exorcise your Microsoft systems demons.Read More <a href=\"https:\/\/www.darkreading.com\/vulnerabilities-threats\/microsoft-patch-tuesday-haunted-zero-days-wormable-bug\">HERE<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[151],"tags":[],"class_list":["post-54064","post","type-post","status-publish","format-standard","hentry","category-darkreading-ti"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v28.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Microsoft Patch Tuesday Haunted by Zero-Days, Wormable Bug 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/microsoft-patch-tuesday-haunted-by-zero-days-wormable-bug\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Microsoft Patch Tuesday Haunted by Zero-Days, Wormable Bug 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/microsoft-patch-tuesday-haunted-by-zero-days-wormable-bug\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-10-10T21:59:59+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt32c10a001a02b06e\/6525c2f431e77c11d38c276f\/jack_o_lantern_pumpkin-Andrey_Armyagov-Alamy.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-patch-tuesday-haunted-by-zero-days-wormable-bug\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-patch-tuesday-haunted-by-zero-days-wormable-bug\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Microsoft Patch Tuesday Haunted by Zero-Days, Wormable Bug\",\"datePublished\":\"2023-10-10T21:59:59+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-patch-tuesday-haunted-by-zero-days-wormable-bug\\\/\"},\"wordCount\":1271,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-patch-tuesday-haunted-by-zero-days-wormable-bug\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt32c10a001a02b06e\\\/6525c2f431e77c11d38c276f\\\/jack_o_lantern_pumpkin-Andrey_Armyagov-Alamy.jpg\",\"articleSection\":[\"DarkReading |TI\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-patch-tuesday-haunted-by-zero-days-wormable-bug\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-patch-tuesday-haunted-by-zero-days-wormable-bug\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-patch-tuesday-haunted-by-zero-days-wormable-bug\\\/\",\"name\":\"Microsoft Patch Tuesday Haunted by Zero-Days, Wormable Bug 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-patch-tuesday-haunted-by-zero-days-wormable-bug\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-patch-tuesday-haunted-by-zero-days-wormable-bug\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt32c10a001a02b06e\\\/6525c2f431e77c11d38c276f\\\/jack_o_lantern_pumpkin-Andrey_Armyagov-Alamy.jpg\",\"datePublished\":\"2023-10-10T21:59:59+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-patch-tuesday-haunted-by-zero-days-wormable-bug\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-patch-tuesday-haunted-by-zero-days-wormable-bug\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-patch-tuesday-haunted-by-zero-days-wormable-bug\\\/#primaryimage\",\"url\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt32c10a001a02b06e\\\/6525c2f431e77c11d38c276f\\\/jack_o_lantern_pumpkin-Andrey_Armyagov-Alamy.jpg\",\"contentUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt32c10a001a02b06e\\\/6525c2f431e77c11d38c276f\\\/jack_o_lantern_pumpkin-Andrey_Armyagov-Alamy.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-patch-tuesday-haunted-by-zero-days-wormable-bug\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Microsoft Patch Tuesday Haunted by Zero-Days, Wormable Bug\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Microsoft Patch Tuesday Haunted by Zero-Days, Wormable Bug 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/microsoft-patch-tuesday-haunted-by-zero-days-wormable-bug\/","og_locale":"en_US","og_type":"article","og_title":"Microsoft Patch Tuesday Haunted by Zero-Days, Wormable Bug 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/microsoft-patch-tuesday-haunted-by-zero-days-wormable-bug\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-10-10T21:59:59+00:00","og_image":[{"url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt32c10a001a02b06e\/6525c2f431e77c11d38c276f\/jack_o_lantern_pumpkin-Andrey_Armyagov-Alamy.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/microsoft-patch-tuesday-haunted-by-zero-days-wormable-bug\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-patch-tuesday-haunted-by-zero-days-wormable-bug\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Microsoft Patch Tuesday Haunted by Zero-Days, Wormable Bug","datePublished":"2023-10-10T21:59:59+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-patch-tuesday-haunted-by-zero-days-wormable-bug\/"},"wordCount":1271,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-patch-tuesday-haunted-by-zero-days-wormable-bug\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt32c10a001a02b06e\/6525c2f431e77c11d38c276f\/jack_o_lantern_pumpkin-Andrey_Armyagov-Alamy.jpg","articleSection":["DarkReading |TI"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/microsoft-patch-tuesday-haunted-by-zero-days-wormable-bug\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/microsoft-patch-tuesday-haunted-by-zero-days-wormable-bug\/","url":"https:\/\/www.threatshub.org\/blog\/microsoft-patch-tuesday-haunted-by-zero-days-wormable-bug\/","name":"Microsoft Patch Tuesday Haunted by Zero-Days, Wormable Bug 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-patch-tuesday-haunted-by-zero-days-wormable-bug\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-patch-tuesday-haunted-by-zero-days-wormable-bug\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt32c10a001a02b06e\/6525c2f431e77c11d38c276f\/jack_o_lantern_pumpkin-Andrey_Armyagov-Alamy.jpg","datePublished":"2023-10-10T21:59:59+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-patch-tuesday-haunted-by-zero-days-wormable-bug\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/microsoft-patch-tuesday-haunted-by-zero-days-wormable-bug\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/microsoft-patch-tuesday-haunted-by-zero-days-wormable-bug\/#primaryimage","url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt32c10a001a02b06e\/6525c2f431e77c11d38c276f\/jack_o_lantern_pumpkin-Andrey_Armyagov-Alamy.jpg","contentUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt32c10a001a02b06e\/6525c2f431e77c11d38c276f\/jack_o_lantern_pumpkin-Andrey_Armyagov-Alamy.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/microsoft-patch-tuesday-haunted-by-zero-days-wormable-bug\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Microsoft Patch Tuesday Haunted by Zero-Days, Wormable Bug"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/54064","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=54064"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/54064\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=54064"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=54064"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=54064"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}