The Microsoft July 2023 Security Updates includes patches and advisories for 132 vulnerabilities, including 9 Critical severity issues (6 zero-days exploited in the wild).
A remote attacker could exploit some of these vulnerabilities to take control of unpatched systems.
Microsoft Products affected
This month’s Microsoft security updates cover multiple impacted products and families, including, but not limited to (listing those that contain vulnerabilities with CVSS score higher that 7):
- .NET and Visual Studio
- ASP.NET and .NET
- Azure Active Directory
- Microsoft Dynamics
- Microsoft Edge (Chromium-based)
- Microsoft Graphics Component
- Microsoft Media-Wiki Extensions
- Microsoft Office (multiple)
- Microsoft Printer Drivers
- Microsoft Windows Codecs Library
- Paint 3D
- Visual Studio Code
- Windows Active Directory Certificate Services
- Windows Admin Center
- Windows App Store
- Windows Clip Service
- Windows Cloud Files Mini Filter Driver
- Windows CNG Key Isolation Service
- Windows Common Log File System Driver
- Windows Connected User Experiences and Telemetry
- Windows CryptoAPI
- Windows Deployment Services
- Windows Error Reporting
- Windows Geolocation Service
- Windows HTTP.sys
- Windows Image Acquisition
- Windows Installer
- Windows Kernel
- Windows Layer-2 Bridge Network Driver
- Windows Message Queuing
- Windows MSHTML Platform
- Windows Netlogon
- Windows Network Load Balancing
- Windows NT OS Kernel
- Windows ODBC Driver
- Windows Online Certificate Status Protocol (OCSP) SnapIn
- Windows Partition Management Driver
- Windows Peer Name Resolution Protocol
- Windows PGM
- Windows Print Spooler Components
- Windows Remote Desktop
- Windows Remote Procedure Call
- Windows Routing and Remote Access Service (RRAS)
- Windows Server Update Service
- Windows SmartScreen
- Windows Transaction Manager
- Windows VOLSNAP.SYS
- Windows Volume Shadow Copy
- Windows Win32K.
Zero day CVEs
Microsoft patched six zero-day vulnerabilities that have exploits detected in the wild.
CVE-2023-32046: Windows MSHTML Platform Elevation of Privilege Vulnerability (CVSS 7.8)
“An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file,” Microsoft warned in the advisory.
To add, an attacker would gain the rights of the user that is running the affected application.
CVE-2023-32049: Windows SmartScreen Security Feature Bypass Vulnerability (CVSS 8.8)
A threat actor could exploit this Windows SmartScreen vulnerability to bypass the Open File – Security Warning prompt when downloading/uploading files from the internet.
CVE-2023-35311: Microsoft Outlook Security Feature Bypass Vulnerability (CVSS 8.8)
A threat actor could exploit this Microsoft Outlook vulnerability to bypass the Microsoft Outlook Security Notice prompt. Moreover, a user would have to click on a specially crafted URL to be compromised by the attacker.
CVE-2023-36874: Windows Error Reporting Service Elevation of Privilege Vulnerability (CVSS 7.8)
“An attacker must have local access to the targeted machine and the user must be able to create folders and performance traces on the machine, with restricted privileges that normal users have by default,” Microsoft wrote in the advisory.
An attacker who successfully exploited this vulnerability could gain administrator privileges.
CVE-2023-36884: Office and Windows HTML Remote Code Execution Vulnerability (CVSS 8.3)
“Microsoft is investigating reports of a series of remote code execution vulnerabilities impacting Windows and Office products. Microsoft is aware of targeted attacks that attempt to exploit these vulnerabilities by using specially-crafted Microsoft Office documents,” Microsoft warned.
ADV230001: Guidance on Microsoft Signed Drivers Being Used Maliciously
“Microsoft was recently informed that drivers certified by Microsoft’s Windows Hardware Developer Program (MWHDP) were being used maliciously in post-exploitation activity. In these attacks, the attacker gained administrative privileges on compromised systems before using the drivers,” Microsoft advised.
“Microsoft has completed its investigation and determined that the activity was limited to the abuse of several developer program accounts and that no Microsoft account compromise has been identified. We’ve suspended the partners’ seller accounts and implemented blocking detections for all the reported malicious drivers to help protect customers from this threat.”
Microsoft patched a total of nine (9) Critical vulnerabilities – one (1) Security Feature Bypass and eight (8) Remote Code Execution (RCE) vulnerabilities on July 11, 2023:
- CVE-2023-32057: Microsoft Message Queuing Remote Code Execution Vulnerability (CVSS 9.8)
- CVE-2023-33157: Microsoft SharePoint Remote Code Execution Vulnerability (CVSS 8.8)*
- CVE-2023-33160: Microsoft SharePoint Server Remote Code Execution Vulnerability (CVSS 8.8)
- CVE-2023-35297: Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability (CVSS 7.5)
- CVE-2023-35315: Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability (CVSS 8.8)
- CVE-2023-35352: Windows Remote Desktop Security Feature Bypass Vulnerability (CVSS 7.5)*
- CVE-2023-35365: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability (CVSS 9.8)
- CVE-2023-35366: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability (CVSS 9.8)
- CVE-2023-35367:Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability (CVSS 9.8).
Microsoft warned the most severe of the Critical CVEs (CVE-2023-33157 and CVE-2023-35352) are more likely to be exploited.
The tech giant added an attacker who successfully exploits the SharePoint vulnerability (CVE-2023-33157) “could perform a remote attack that could enable access to the victim’s information and the ability to alter information.”
To add, an attacker could successfully exploit the Remote Desktop issue (CVE-2023-35352) to bypass certificate or private key authentication when establishing a remote desktop protocol session.
Finally, Microsoft addressed 121 other vulnerabilities rated Moderate severity in multiple products on July 11, 2023.
The patched vulnerabilities include Denial of Service (22), Elevation of Privilege (33), Information Disclosure (19), Remote Code Execution, (29), Security Feature Bypass (11), and Spoofing (7) issues.
Last month, Microsoft patched 78 Vulnerabilities (5 Critical) as part of June’s Patch Tuesday.