It’s that time of the month again. For the July 2023 Patch Tuesday, Microsoft has issued security updates for 130 vulnerabilities. Nine of the vulnerabilities are rated as critical and four of them are known to be actively exploited.
The Cybersecurity & Infrastructure Security Agency (CISA) has already added these four vulnerabilities to the catalog of known to be exploited vulnerabilities.
The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. The actively exploited vulnerabilities are listed as:
CVE-2023-32049 (CVSS score 8.8 out of 10): a Windows SmartScreen Security Feature Bypass vulnerability. The user would have to click on a specially crafted URL to be compromised by the attacker in which case the attacker would be able to bypass the Open File - Security Warning prompt.
CVE-2023-35311 (CVSS score 8.8 out of 10): a Microsoft Outlook Security Feature Bypass vulnerability. The user would have to click on a specially crafted URL to be compromised by the attacker in which case the attacker would be able to bypass the Microsoft Outlook Security Notice prompt. The Preview Pane is an attack vector, but additional user interaction is required.
CVE-2023-32046 (CVSS score 7.8 out of 10): a Windows MSHTML Platform Elevation of Privilege (EoP) vulnerability. Exploitation of the vulnerability requires that a user open a specially crafted file. An attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file in which case the attacker would gain the rights of the user that is running the affected application.
CVE-2023-36874 (CVSS score 7.8.out of 10): a Windows Error Reporting Service Elevation of Privilege vulnerability. An attacker who successfully exploited this vulnerability could gain administrator privileges but the attacker must have local access to the targeted machine and the user must be able to create folders and performance traces on the machine, with restricted privileges that normal users have by default.
The CVE below is under investigation and we will tell you more about it in a separate blogpost.
CVE-2023-36884 (CVSS score 8.3 out of 10): an Office and Windows HTML Remote Code Execution (RCE) vulnerability. An attacker could create a specially crafted Microsoft Office document that enables them to perform remote code execution in the context of the victim. However, an attacker would have to convince the victim to open the malicious file.
Additionally, Microsoft issued an advisory titled Guidance on Microsoft Signed Drivers Being Used Maliciously. The advisory warns about drivers certified by Microsoft’s Windows Hardware Developer Program (MWHDP) which were being used maliciously in post-exploitation activity. In these attacks, the attacker gained administrative privileges on compromised systems before using the drivers. As a result of a Microsoft investigation, the partners' seller accounts were suspended and detections for all the reported malicious drivers were added. Whether this really solves the problem of digitally signed malicious drivers is doubtful since there are publicly available tools to sign drivers.
Other vendors
Other vendors have synchronized their periodic updates with Microsoft. Here are few major ones that you may find in your environment.
Adobe has released security updates to address vulnerabilities affecting ColdFusion and InDesign.
Apple has issued an RSR update for a vulnerability which it says may have been actively exploited.
Cisco has released security updates for several products.
Fortinet has released a security update to address a critical vulnerability (CVE-2023-33308) affecting FortiOS and FortiProxy.
Last week, Google patched three actively exploited Android zero-days.
MOVEit has fixed 3 new vulnerabilities in the Transfer software.
Mozilla has released a security update to address a vulnerability in Firefox and Firefox ESR.
SAP has released its July 2023 Patch Day updates.
VMware released VMware SD-WAN updates to fix a vulnerability.
We don’t just report on vulnerabilities—we identify them, and prioritize action.
Cybersecurity risks should never spread beyond a headline. Keep vulnerabilities in tow by using Malwarebytes Vulnerability and Patch Management.