Microsoft Released July 2023 Software Patches
Microsoft has released software updates to its software lineup as part of its July Patch Tuesday.
The software updates fix 132 security vulnerabilities, including six that are actively exploited. The breakdown of the vulnerabilities are as follows:
33 Elevation of Privilege Vulnerabilities
13 Security Feature Bypass Vulnerabilities
37 Remote Code Execution Vulnerabilities
19 Information Disclosure Vulnerabilities
22 Denial of Service Vulnerabilities
7 Spoofing Vulnerabilities
The six actively exploited vulnerabilities are as follows:
CVE-2023-32046 - an elevation of privilege vulnerability in Windows MSHTML
CVE-2023-32049 - Windows SmartScreen Security Feature Bypass Vulnerability
CVE-2023-36874 - an elevation of privilege vulnerability in Windows Error Reporting Service that allows attackers to gain administrator privileges
CVE-2023-36884 - remote code execution vulnerability in Office and Windows HTML, which is currently unpatched
ADV230001 - hackers have been taking advantage of a Windows Policy loophole to install malicious kernel-mode drivers, and Microsoft has revoke the developer certificates used
CVE-2023-35311 - Microsoft Outlook Security Feature Bypass Vulnerability
For CVE-2023-36884, users of Defender for Office and those using the "Block all Office applications from creating child processes" Attack Surface Reduction Rule should be protected from attacks. If not, Microsoft is currently recommending add the following application names to the HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION registry key as values of type REG_DWORD with data 1.
Excel.exe
Graph.exe
MSAccess.exe
MSPub.exe
PowerPoint.exe
Visio.exe
WinProj.exe
WinWord.exe
Wordpad.exe
Why Should You Care?
When a vulnerability is being “actively exploited”, it means hackers have already been looking for and are currently attacking devices that have the vulnerability, which makes the risk very high for a successful attack. Once an attack is successful, the hackers will continue to attack until they get what they want. This month’s updates include two elevation of privilege vulnerabilities and a remote code execution vulnerability. Elevation of privilege vulnerabilities allow an attacker to gain deeper access into a system once an attack is already successful, and remote code execution vulnerabilities allows an attacker to do whatever they want. These are very severe vulnerabilities and need to be patched as soon as possible.
What Should You Do?
Test the patches released today for any bugs and compatibility issues, prioritizing the actively exploited vulnerabilities. Then update on your own devices and your organization’s devices as soon as possible to mitigate these vulnerabilities.
References
https://www.bleepingcomputer.com/news/microsoft/microsoft-july-2023-patch-tuesday-warns-of-6-zero-days-132-flaws/