Patch Tuesday is 20: Curl fix lands, Skype’s under attack and there’s a wormable pre-auth RCE in the mix

A CVSS 9.8, pre-auth RCE that lets an attacker execute arbitrary code without user interaction is wormable on systems where Message Queuing is enabled.

Patch Tuesday is 20: Curl fix lands, Skype’s under attack and there’s a wormable pre-auth RCE in the mix

“Our goal is simple: Get our customers secure and keep them secure,” Microsoft Chief Executive Steve Ballmer said: “Our commitment is to protect our customers from the growing wave of criminal attacks.” 

It was October 2003: The second Iraq war was seven months old. Your humble scribe was hosting house parties to a soundscape of Spacek and D’Angelo. Concorde was still flying. And Stevie B was launching Patch Tuesday. Yes, Patch Tuesday is 20* this month. Here’s what it brings:

October Patch Tuesday, 2023

First up, that patch for curl and libcurl bug CVE-2023-38545 has landed, with the release of 8.4.0.