Patch Tuesday is 20: Curl fix lands, Skype’s under attack and there’s a wormable pre-auth RCE in the mix

A CVSS 9.8, pre-auth RCE that lets an attacker execute arbitrary code without user interaction is wormable on systems where Message Queuing is enabled.

Catherine Sarisky

Oct 11, 2023 - 2 min read

“Our goal is simple: Get our customers secure and keep them secure,” Microsoft Chief Executive Steve Ballmer said: “Our commitment is to protect our customers from the growing wave of criminal attacks.”

It was October 2003: The second Iraq war was seven months old. Your humble scribe was hosting house parties to a soundscape of Spacek and D’Angelo. Concorde was still flying. And Stevie B was launching Patch Tuesday. Yes, Patch Tuesday is 20* this month. Here’s what it brings:

October Patch Tuesday, 2023

First up, that patch for curl and libcurl bug CVE-2023-38545 has landed, with the release of 8.4.0.

This post is for subscribers only

Subscribe now and have access to all our stories, enjoy exclusive content and stay up to date with constant updates.

Subscribe now

Already a member? Sign in