Microsoft Released July 2023 Software Patches

Microsoft has released software updates to its software lineup as part of its July Patch Tuesday.

The software updates fix 132 security vulnerabilities, including six that are actively exploited. The breakdown of the vulnerabilities are as follows:

• 33 Elevation of Privilege Vulnerabilities

• 13 Security Feature Bypass Vulnerabilities

• 37 Remote Code Execution Vulnerabilities

• 19 Information Disclosure Vulnerabilities

• 22 Denial of Service Vulnerabilities

• 7 Spoofing Vulnerabilities

The six actively exploited vulnerabilities are as follows:

• CVE-2023-32046 - an elevation of privilege vulnerability in Windows MSHTML

• CVE-2023-32049 - Windows SmartScreen Security Feature Bypass Vulnerability

• CVE-2023-36874 - an elevation of privilege vulnerability in Windows Error Reporting Service that allows attackers to gain administrator privileges

• CVE-2023-36884 - remote code execution vulnerability in Office and Windows HTML, which is currently unpatched

• ADV230001 - hackers have been taking advantage of a Windows Policy loophole to install malicious kernel-mode drivers, and Microsoft has revoke the developer certificates used

• CVE-2023-35311 - Microsoft Outlook Security Feature Bypass Vulnerability

For CVE-2023-36884, users of Defender for Office and those using the "Block all Office applications from creating child processes" Attack Surface Reduction Rule should be protected from attacks. If not, Microsoft is currently recommending add the following application names to the HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION registry key as values of type REG_DWORD with data 1.

• Excel.exe

• Graph.exe

• MSAccess.exe

• MSPub.exe

• PowerPoint.exe

• Visio.exe

• WinProj.exe

• WinWord.exe

• Wordpad.exe

Why Should You Care?

When a vulnerability is being “actively exploited”, it means hackers have already been looking for and are currently attacking devices that have the vulnerability, which makes the risk very high for a successful attack. Once an attack is successful, the hackers will continue to attack until they get what they want. This month’s updates include two elevation of privilege vulnerabilities and a remote code execution vulnerability. Elevation of privilege vulnerabilities allow an attacker to gain deeper access into a system once an attack is already successful, and remote code execution vulnerabilities allows an attacker to do whatever they want. These are very severe vulnerabilities and need to be patched as soon as possible.

What Should You Do?

Test the patches released today for any bugs and compatibility issues, prioritizing the actively exploited vulnerabilities. Then update on your own devices and your organization’s devices as soon as possible to mitigate these vulnerabilities.

References

• https://www.bleepingcomputer.com/news/microsoft/microsoft-july-2023-patch-tuesday-warns-of-6-zero-days-132-flaws/