Microsoft July 2023 Patch Tuesday Warns of 6 Zero-Days, 132 Flaws

Cyber Security Threat Summary:
As part of the July Patch Tuesday, Microsoft addressed 132 vulnerabilities, six of which were actively exploited zero-days. In total, there were 33 Elevation of Privilege Vulnerabilities, 13 Security Feature Bypass Vulnerabilities, 37 Remote Code Execution Vulnerabilities, 19 Information Disclosure Vulnerabilities, 22 Denial of Service Vulnerabilities, and 7 Spoofing Vulnerabilities. Out of the 132 flaws addressed, nine have been rated critical in severity:

  • CVE-2023-33160: Microsoft SharePoint Server Remote Code Execution Vulnerability
  • CVE-2023-33157: Microsoft SharePoint Remote Code Execution Vulnerability
  • CVE-2023-35315: Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability
  • CVE-2023-32057: Microsoft Message Queuing Remote Code Execution Vulnerability
  • CVE-2023-35297: Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
  • CVE-2023-35352: Windows Remote Desktop Security Feature Bypass Vulnerability
  • CVE-2023-35367, CVE-2023-35366, CVE-2023-35365: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Security Officer Comments:
The actively exploited zero-days are being tracked as CVE-2023-36874, CVE-2023-36884, CVE-2023-35311, CVE-2023-32046, CVE-2023-32049, ADV230001 (No CVE assigned), and relate to a case of privilege escalation, security feature bypass, and remote code execution. Out of these zero-days, one of them (CVE-2023-36884) was publicly known at the time of the patch Tuesday release, with Microsoft reporting that the flaw was exploited in attacks targeting government entities in Europe and North America via specially crafted Office document lures related to Ukrainian World Congress. Given that the victim opens the document, this would enable the threat actors to perform remote code execution and perform malicious actions.

Although this issue does not have an assigned CVE tag (ADV230001), Microsoft has revoked code-signing certificates and developer accounts that were abused a Windows policy loophole allowing threat actors to install malicious kernel-mode drivers.

“Microsoft was informed that drivers certified by Microsoft’s Windows Hardware Developer Program were being used maliciously in post-exploitation activity. In these attacks, the attacker had already gained administrative privileges on compromised systems prior to use of the drivers”, noted Microsoft in its advisory.

Suggested Correction(s):
Organizations should review the list of vulnerabilities resolved and apply the relevant patches as needed. To access the full list of vulnerabilities addressed, please use the link down below:

https://www.bleepingcomputer.com/microsoft-patch-tuesday-reports/July-2023.html

Link(s):
https://www.bleepingcomputer.com/