Microsoft Patch Tuesday, July 2023 addressed 132 flaws through security updates. In fact, among them are six flaws being exploited and thirty-seven vulnerabilities related to remote code execution. However, these vulnerabilities can be remediated with a patch management software.
However, out of the thirty-seven remote code execution vulnerabilities, Microsoft classified only nine as ‘Critical’ after resolving them and then, one unpatched flaw within this category is being actively exploited in attacks witnessed by several cybersecurity firms that enable remote code execution through specifically crafted Microsoft Office documents. To prevent this exploitation, a good patch management tool can be helpful.
Zero-day/Actively exploited Vulnerabilities
Microsoft’s Patch, Tuesday for July 2023, has addressed six zero-day vulnerabilities and then actively exploited them in attacks.
In brief, Microsoft categorizes a zero-day vulnerability without an official fix is available.
CVE-2023-36884– Microsoft Office and Windows HTML Remote Code Execution Vulnerability. Microsoft has released guidance for a publicly disclosed, unpatched vulnerability that allows remote code execution using specially-crafted Microsoft Office documents in MS Office and Windows. Moreover, successful exploitation needs to convince the victim to open the crafted file.
CVE-2023-32046– Windows MSHTML Platform Elevation of Privilege Vulnerability. This vulnerability involves a privilege elevation flaw in the MSHTML Platform that can give attackers SYSTEM privileges. Malicious files can only be exploited if the victim opens them. Moreover, these files are often delivered through social engineering techniques, such as phishing emails or malicious links.
CVE-2023-32049 and CVE-2023-35311 – Windows SmartScreen and Microsoft Outlook Security Feature Bypass Vulnerability. However, this vulnerability allows an attacker to craft a URL that bypasses the security warning prompt in Windows that warns users before they open a file that is not from a trusted source.
Some more critically exploited vulnerabilities:
CVE-2023-36874 – Windows Error Reporting Service Elevation of Privilege Vulnerability. However, this vulnerability involves a privilege elevation flaw in the error reporting service that can allow attackers to gain administrative privileges on Windows devices. Moreover, to successfully attack a machine, an attacker must first gain local access and then, once they have local access, they must be able to create folders and performance traces on the device. However, they can only do this with restricted privileges, the same privileges that regular users have by default.
ADV230001 – Microsoft Signed Drivers Elevation of Privilege Vulnerability. Microsoft recently learned that malicious actors used drivers certified by Microsoft’s Windows Hardware Developer Program to gain administrative privileges on compromised systems. Moreover, with administrative rights, the attackers could install malware, steal data, or take other actions. In fact, Microsoft has since revoked the certificates for malicious drivers and is working with partners to prevent future attacks.
Critical Vulnerabilities in Microsoft Patch Tuesday July 2023
| Tag | CVE Number | CVE Title | Max Severity |
| Windows PGM | CVE-2023-35297 | Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | Critical |
| Windows Message Queuing | CVE-2023-32057 | Microsoft Message Queuing Remote Code Execution Vulnerability | Critical |
| Microsoft Office SharePoint | CVE-2023-33160, CVE-2023-33157 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Critical |
| Windows Routing and Remote Access Service (RRAS) | CVE-2023-35367, CVE-2023-35366, CVE-2023-35365 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Critical |
| Windows Remote Desktop | CVE-2023-35352 | Windows Remote Desktop Security Feature Bypass Vulnerability | Critical |
| Windows Layer-2 Bridge Network Driver | CVE-2023-35315 | Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability | Critical |
Microsoft security bulletin summary for July 2023
In addition, this release includes security updates for the following products, features, and roles.
-
- .NET and Visual Studio
- ASP.NET and Visual Studio
- Azure Active Directory
- Microsoft Dynamics
- Microsoft Graphics Component
- Microsoft Media-Wiki Extensions
- Microsoft Office
- Microsoft Office Access
- Microsoft Office Excel
- Microsoft Office Outlook
- Microsoft Office SharePoint
- Microsoft Power Apps
- Microsoft Printer Drivers
- Microsoft Windows Codecs Library
- Mono Authenticode
- Paint 3D
- Role: DNS Server
- Service Fabric
- Visual Studio Code
- Windows Active Directory Certificate Services
- Windows Active Template Library
- Windows Admin Center
- Windows App Store
- Windows Authentication Methods
- Windows CDP User Components
- Windows Certificates
- Windows Clip Service
- Windows Cloud Files Mini Filter Driver
- Windows Cluster Server
- Windows CNG Key Isolation Service
- Windows Common Log File System Driver
- Windows Connected User Experiences and TelemetryWindows CryptoAPI
- Windows Cryptographic Services
- Windows Defender
- Windows Deployment Services
- Windows EFI Partition
- Windows Error Reporting
- Windows Failover Cluster
- Windows Geolocation Service
- Windows HTTP.sys
- Windows Image Acquisition
- Windows Installer
- Windows Kernel
- Windows Layer 2 Tunneling Protocol
- Windows Layer-2 Bridge Network Driver
- Windows Local Security Authority (LSA)
- Windows Media
- Windows Message Queuing
- Windows MSHTML Platform
- Windows Netlogon
- Windows Network Load Balancing
- Windows NT OS Kernel
- Windows ODBC Driver
- Windows OLE
- Windows Online Certificate Status Protocol (OCSP) SnapIn
- Windows Partition Management Driver
- Windows Peer Name Resolution Protocol
- Windows PGM
- Windows Print Spooler Components
- Windows Remote Desktop
- Windows Remote Procedure Call
- Windows Routing and Remote Access Service (RRAS)
- Windows Server Update Service
- Windows SmartScreen
- Windows SPNEGO Extended Negotiation
- Windows Transaction Manager
- Windows Update Orchestrator Service
- Windows VOLSNAP.SYS
- Windows Volume Shadow Copy
- Windows Win32K
Products affected due to Microsoft Patch Tuesday July 2023 vulnerabilities:
Product: Remote Procedure Call Runtime
CVEs/Advisory: CVE-2023-32034, CVE-2023-32035, CVE-2023-33164, CVE-2023-33166, CVE-2023-33167, CVE-2023-33168, CVE-2023-33169, CVE-2023-33172, CVE-2023-33173, CVE-2023-35300, CVE-2023-35314, CVE-2023-35316, CVE-2023-35318 and then CVE-2023-35319
Impact: Information Disclosure, Denial of Service and then Remote Code Execution
Product: Microsoft PostScript and PCL6 Class Printer Driver
CVEs/Advisory: CVE-2023-32039, CVE-2023-32040, CVE-2023-32085, CVE-2023-35296, CVE-2023-35302, CVE-2023-35306 and then CVE-2023-35324
Impact: Information Disclosure and then Remote Code Execution
Product: Microsoft SharePoint Server.
CVEs/Advisory: CVE-2023-33134, CVE-2023-33157, CVE-2023-33159, CVE-2023-33160 and then CVE-2023-33165
Impact: Spoofing and then Remote Code Execution
However, SanerNow Vulnerability Management and SanerNow Patch Management detect and automatically fix these vulnerabilities by applying security updates. Finally, use SanerNow and keep your systems updated and secure.