Breaking Down the Latest July 2023 Patch Tuesday Report
The July 2023 Patch Tuesday report has been released, providing critical information for organizations and individuals to address security vulnerabilities and software updates. This monthly event plays a crucial role in maintaining the security and stability of the Windows operating system and various other software products people rely on. In this article, we’ll break down the key highlights of the July 2023 Patch Tuesday report, focusing on the most pressing concerns for users and administrators.
Notably, Microsoft has released fixes for 132 vulnerabilities in July 2023 Patch Tuesday report, out of which 9 were rated Critical. Microsoft also warned about the active exploitation of 6 vulnerabilities. Again, as with other Patch Tuesday reports, Remote Code Execution (RCE) vulnerability has topped the list with 37 occurrences in the list of vulnerabilities. Let’s break down what is there in the report that Microsoft released on 11th July.
Table of Contents
· Key Highlights- Patch Tuesday July 2023
· Vulnerabilities by Category
· List of Products Patched in July 2023 Patch Tuesday report
· List of Actively Exploited Vulnerabilities Patched in July 2023 Patch Tuesday
· List of Critical Vulnerabilities Patched in July 2023 Patch Tuesday
· Complete List of Vulnerabilities Patched in July 2023 Patch Tuesday Are
· Bottom Line
Key Highlights- Patch Tuesday July 2023
Microsoft has released Cumulate updates with Moment 3 Features for Windows 11 along with this July 2023 Patch Tuesday update.
- Microsoft’s July 2023 Patch Tuesday included updates for 132 security flaws.
- Six of these flaws were actively exploited zero-day vulnerabilities.
- The patch covered 37 Remote Code Execution (RCE) vulnerabilities, nine of which were rated as ‘Critical.’
- One RCE vulnerability remains unpatched and is actively being exploited.
- The six zero-day vulnerabilities patched are:
- CVE-2023–32046: Windows MSHTML Platform Elevation of Privilege Vulnerability
- CVE-2023–32049: Windows SmartScreen Security Feature Bypass Vulnerability
- CVE-2023–36874: Windows Error Reporting Service Elevation of Privilege Vulnerability
- CVE-2023–36884: Office and Windows HTML Remote Code Execution Vulnerability
- ADV230001: Guidance on Microsoft Signed Drivers Being Used Maliciously
- CVE-2023–35311: Microsoft Outlook Security Feature Bypass Vulnerability
- The CVE-2023–36884 vulnerability is particularly critical as it allows remote code execution using specially crafted Microsoft Office documents.
- The RomCom hacking group, associated with ransomware operations Industrial Spy and Cuba, is known to be exploiting the CVE-2023–36884 vulnerability.
- Cumulative update for Windows 10 and Windows 11 with Moment 3 Features: KB5028166 for Windows 10, KB5028185 for Windows 11.
Vulnerabilities by Category
The complete list of 132 vulnerabilities is classified into seven categories. Remote Code Execution Vulnerability has been identified as the most common vulnerability, occurring 37 times, while Spoofing is the least frequent vulnerability, occurring only 7 times. Please refer to the below chart for complete details on all categories of vulnerabilities:
List of Products Patched in July 2023 Patch Tuesday report
Microsoft’s July 2023 Patch Tuesday includes updates for a broad range of its products, applications, and services. Here are the applications and product components that have received patches:
- ASP.NET and.NET
- Microsoft Dynamics
- Microsoft Graphics Component
- Microsoft Media-Wiki Extensions
- Microsoft Office
- Microsoft Office Access
- Microsoft Office Excel
- Microsoft Office Outlook
- Microsoft Office SharePoint
- Microsoft Power Apps
- Microsoft Printer Drivers
- Microsoft Windows Codecs Library
- .NET and Visual Studio
- Paint 3D
- Role: DNS Server
- Windows Active Template Library
- Windows Admin Center
- Windows App Store
- Windows Authentication Methods
- Windows CDP User Components
- Windows Cluster Server
- Windows Cloud Files Mini Filter Driver
- Windows Common Log File System Driver
- Windows Connected User Experiences and Telemetry
- Windows CryptoAPI
- Windows Cryptographic Services
- Windows CNG Key Isolation Service
- Windows Deployment Services
- Windows EFI Partition
- Windows Failover Cluster
- Windows Geolocation Service
- Windows HTTP.sys
- Windows Image Acquisition
- Windows Installer
- Windows Kernel
- Windows Layer-2 Bridge Network Driver
- Windows Layer 2 Tunneling Protocol
- Windows Local Security Authority (LSA)
- Windows Message Queuing
- Windows MSHTML Platform
- Windows Netlogon
- Windows ODBC Driver
- Windows OLE
- Windows Online Certificate Status Protocol (OCSP) SnapIn
- Windows Partition Management Driver
- Windows Peer Name Resolution Protocol
- Windows PGM
- Windows Power Apps
- Windows Print Spooler Components
- Windows Printer Drivers
- Windows Remote Desktop
- Windows Remote Procedure Call
- Windows Server Update Service
- Windows SmartScreen
- Windows SPNEGO Extended Negotiation
- Windows Transaction Manager
- Windows Update Orchestrator Service
- Windows VOLSNAP.SYS
- Windows Volume Shadow Copy
- Windows Win32K
List of Actively Exploited Vulnerabilities Patched in July 2023 Patch Tuesday
There are 6 actively exploited vulnerabilities in July 2023 Patch Tuesday.
List of Critical Vulnerabilities Patched in July 2023 Patch Tuesday
There are 9 vulnerabilities rated Critical including 6 activley exploited vulnerabilities listed in the previous section. Here you see the summary of the flaws followed by the list.
#1. CVE-2023–36884 | Office and Windows HTML Remote Code Execution Vulnerability
CVE-2023–36884 is a Remote Code Execution (RCE) vulnerability affecting Microsoft Windows and Office. It has been given a CVSSv3 score of 8.3 and is actively being exploited as a zero-day vulnerability. Microsoft has yet to release patches for this vulnerability, but they have provided mitigation guidance to help users avoid exploitation. According to Microsoft researchers, the exploitation of CVE-2023–36884 has been linked to a threat actor known as Storm-0978, also referred to as DEV-0978 or RomCom. This threat actor, believed to be based in Russia, is known for ransomware attacks and intelligence-gathering operations. The targeted regions include Ukraine, North America, and Europe, with the telecommunications and finance industries being the primary targets.
#2. CVE-2023–35311 | Microsoft Outlook Security Feature Bypass Vulnerability
CVE-2023–35311 is a security feature bypass vulnerability found in Microsoft Outlook. With a CVSSv3 score of 8.8, this vulnerability has been exploited as a zero-day. Exploiting this flaw requires the attacker to convince a victim to click on a malicious URL. Successful exploitation allows the bypassing of the Microsoft Outlook Security Notice prompt, which is designed to protect users. Although the Outlook Preview pane feature can be an attack vector, user interaction is still necessary for exploitation.
#3. CVE-2023–32046 | Windows MSHTML Platform Elevation of Privilege Vulnerability
CVE-2023–32046 is an elevation of privilege (EoP) vulnerability in Microsoft’s MSHTML (Trident) engine. It has been exploited as a zero-day vulnerability and holds a CVSSv3 score of 7.8. Patches addressing this vulnerability are available for all supported versions of Windows. To exploit this vulnerability, an attacker needs to create a specially crafted file and employ social engineering techniques to convince the target to open the document. Microsoft advises users who install Security Only updates to also install the Internet Explorer Cumulative update to fully mitigate this vulnerability.
The discovery of CVE-2023–32046 follows the previous zero-day vulnerability, CVE-2021–40444, which was exploited and patched in September 2021. Although CVE-2021–40444 didn’t make it into our top 5 list of noteworthy vulnerabilities in the 2021 Threat Landscape Retrospective, it was among the vulnerabilities that almost made the list.
#4. CVE-2023–36874 | Windows Error Reporting Service Elevation of Privilege Vulnerability
CVE-2023–36874 is an elevation of privilege vulnerability affecting the Microsoft Windows Error Reporting Service. With a CVSSv3 score of 7.8, this vulnerability has been actively exploited as a zero-day. Exploiting this flaw requires the attacker to have local access to the target system and certain basic user privileges. Successful exploitation leads to the attacker obtaining administrative privileges on the compromised system. The credit for discovering this vulnerability goes to Vlad Stolyarov and Maddie Stone, researchers at Google’s Threat Analysis Group (TAG). Unfortunately, specific details about its exploitation are not available at the time of writing.
#5. CVE-2023–32049 | Windows SmartScreen Security Feature Bypass Vulnerability
CVE-2023–32049 is a security feature bypass vulnerability that affects Windows SmartScreen, an early warning system designed to protect against phishing attacks and malware distribution through malicious websites. To exploit this vulnerability, an attacker needs to convince a user to open a specially crafted URL. Successful exploitation allows the attacker to bypass the “Open File” warning prompt and compromise the victim’s machine. This vulnerability has been actively exploited as a zero-day and holds a CVSSv3 score of 8.8.
This vulnerability is similar to other Mark of the Web (MOTW) vulnerabilities previously patched by Microsoft. One example is CVE-2022–44698, which was exploited and patched in the December 2022 Patch Tuesday release.
#6. CVE-2023–29347 | Windows Admin Center Spoofing Vulnerability
CVE-2023–29347 is a spoofing vulnerability discovered in Windows Admin Center (WAC). It has been assigned a CVSSv3 score of 8.7 and a max severity rating of “important.” This vulnerability resides in the web server component of WAC, but malicious scripts execute within the victim’s browser. Microsoft’s CVSS scoring reflects this as a scope change. Remote authenticated attackers can exploit this vulnerability through a malicious script imported into the WAC HTML form, a .csv file imported to the user interface, or the WAC API. Successful exploitation enables the attacker to perform operations on the WAC server using the victim’s privileges.
#7. CVE-2023–35365, CVE-2023–35366, and CVE-2023–35367 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2023–35365, CVE-2023–35366, and CVE-2023–35367 are remote code execution (RCE) vulnerabilities affecting the Windows Routing and Remote Access Service (RRAS) in Windows operating systems. Each vulnerability has been assigned a CVSSv3 score of 9.8. It’s important to note that RRAS is not installed or configured in Windows by default, and users who haven’t enabled the feature are not affected by these vulnerabilities. Exploiting these vulnerabilities requires the attacker to send crafted packets to an impacted server. According to Microsoft, the exploitability of these vulnerabilities is less likely, as indicated by the Microsoft Exploitability Index.
#8. CVE-2023–32057 | Microsoft Message Queuing Remote Code Execution Vulnerability
CVE-2023–32057 is an RCE vulnerability discovered in the Microsoft Message Queuing (MSMQ) component of Windows operating systems. With a CVSSv3 score of 9.8 and a critical rating, this vulnerability allows remote unauthenticated attackers to execute arbitrary code by sending malicious MSMQ packets to a vulnerable MSMQ server. For successful exploitation, the Message Queuing service must be enabled on the targeted server. Microsoft has categorized this vulnerability as “Exploitation less likely” using the Microsoft Exploitability Index.
#9. ADV230001 | Guidance on Microsoft Signed Drivers Being Used Maliciously
To provide guidance regarding the malicious use of Microsoft Signed Drivers, Microsoft released ADV230001. The advisory highlights cases where drivers certified by Microsoft’s Windows Hardware Developer Program (MWHDP) were abused by malicious actors as part of post-compromise activities. In such instances, the malicious actors gained administrative access to affected systems to utilize these drivers. Microsoft has taken several steps to address this issue, including disabling compromised developer program accounts, and releasing updates to untrust the malicious.
Complete List of Vulnerabilities Patched in July 2023 Patch Tuesday Are
If you wish to download the complete list of vulnerabilities patched in July 2023 Patch Tuesday, you can do it from here.
Bottom Line
The July 2023 Patch Tuesday release was quite significant, addressing a wide range of vulnerabilities across various Microsoft products. Security professionals and system administrators should be paying close attention to the fixes released during this month’s update cycle, as they may greatly impact the overall security posture of their organizations.
With a total of 132 vulnerabilities addressed, the patch covers 9 critical security issues, which could lead to remote code execution, privilege escalation, and denial of service attacks if left unpatched. System administrators are encouraged to prioritize and deploy these updates to minimize the potential risk to their systems.
In closing, the July 2023 Patch Tuesday release serves as a reminder of the importance of ongoing cybersecurity and patch management efforts. By staying up-to-date with the latest vulnerabilities, addressing them in a timely manner, and carefully monitoring the impact of these updates, organizations can greatly improve their security posture and mitigate potential threats.
Our aim is to inform you about the July 2023 Patch Tuesday report released by Microsoft on July 11th, 2023. We encourage you to share this post to help enhance digital security. You can also visit our website thesecmaster.com or subscribe to our social media pages on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium & Instagram to receive similar updates.
This post is originally published at thesecmaster.com
We thank everybody who has been supporting our work and request you check out thesecmaster.com for more such articles.
