As part of its scheduled batch of Patch Tuesday security fixes, Redmond’s security response team flagged the two zero-days — CVE-2023-36761 and CVE-2023-36802 — in the “exploitation detected” category and urged Windows sysadmins to urgently apply available fixes.

The most serious of the two bugs is described as a privilege escalation flaw in Microsoft Streaming Service Proxy that carries a CVSS severity score of 7.8/10.

“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” Microsoft cautioned.