Patch Tuesday is 20: Curl fix lands, Skype’s under attack and there’s a wormable pre-auth RCE in the mix

A CVSS 9.8, pre-auth RCE that lets an attacker execute arbitrary code without user interaction is wormable on systems where Message Queuing is enabled.

Edward Targett

Oct 11, 2023 - 2 min read

“Our goal is simple: Get our customers secure and keep them secure,” Microsoft Chief Executive Steve Ballmer said: “Our commitment is to protect our customers from the growing wave of criminal attacks.”

It was October 2003: The second Iraq war was seven months old. Your humble scribe was hosting house parties to a soundscape of Spacek and D’Angelo. Concorde was still flying. And Stevie B was launching Patch Tuesday. Yes, Patch Tuesday is 20* this month. Here’s what it brings:

October Patch Tuesday, 2023

First up, that patch for curl and libcurl bug CVE-2023-38545 has landed, with the release of 8.4.0.

Get the full story: Subscribe for free

Get the story, a weekly newsletter (you can turn that off if you want) and support independent journalism. Subscribe today.

Subscribe now

Already a member? Sign in