Patch Tuesday is 20: Curl fix lands, Skype’s under attack and there’s a wormable pre-auth RCE in the mix

A CVSS 9.8, pre-auth RCE that lets an attacker execute arbitrary code without user interaction is wormable on systems where Message Queuing is enabled.

Edward Targett

11 oct. 2023 • 2 min read

“Our goal is simple: Get our customers secure and keep them secure,” Microsoft Chief Executive Steve Ballmer said: “Our commitment is to protect our customers from the growing wave of criminal attacks.”

It was October 2003: The second Iraq war was seven months old. Your humble scribe was hosting house parties to a soundscape of Spacek and D’Angelo. Concorde was still flying. And Stevie B was launching Patch Tuesday. Yes, Patch Tuesday is 20* this month. Here’s what it brings:

October Patch Tuesday, 2023

First up, that patch for curl and libcurl bug CVE-2023-38545 has landed, with the release of 8.4.0.

Patch Tuesday is 20: Curl fix lands, Skype’s under attack and there’s a wormable pre-auth RCE in the mix

October Patch Tuesday, 2023

Latest News

UN accused of AI 'power grab' and 'bureaucratic empire building'

SPL trials airborne 5G connectivity system

SAP expects “triple-digit” million savings from AI, boosts redundancies to 10,000