Microsoft released security updates on July 11, 2023, to address 132 vulnerabilities, including six actively exploited zero-days. Of the 37 remote code execution (RCE) vulnerabilities that were fixed, nine were rated as critical. One of the RCE flaws remains unpatched and is actively exploited in attacks seen by numerous cybersecurity firms.
The six actively exploited zero-days that were fixed in July 2023 include:
- CVE-2023-32046: Windows MSHTML Platform Elevation of Privilege Vulnerability
- CVE-2023-32049: Windows SmartScreen Security Feature Bypass Vulnerability
- CVE-2023-36874: Windows Error Reporting Service Elevation of Privilege Vulnerability
- CVE-2023-36884: Office and Windows HTML Remote Code Execution Vulnerability
- CVE-2023-35311: Microsoft Outlook Security Feature Bypass Vulnerability
The CVE-2023-36884 vulnerability is particularly concerning because it is being exploited by the RomCom hacking group, which is known to deploy ransomware in attacks. Microsoft says that users of Microsoft Defender for Office and those using the “Block all Office applications from creating child processes” Attack Surface Reduction Rule are protected from attachments that attempt to exploit this vulnerability.
In addition to the six actively exploited zero-days, Microsoft also released security updates for a number of other vulnerabilities, including:
- 33 elevation of privilege vulnerabilities
- 13 security feature bypass vulnerabilities
- 19 information disclosure vulnerabilities
- 22 denial of service vulnerabilities
- 7 spoofing vulnerabilities
Microsoft also released security updates for products from other vendors, including:
- AMD Adrenalin 23.7.1 WHQL driver for Windows
- Apple Rapid Security Response (RSR) updates
- Cisco DUO, Webex, Secure Email Gateway, Cisco Nexus 9000 Series Fabric Switches, and more
- Google Android July 2023 updates
- Linux vulnerability known as ‘StackRot’ allows privilege escalation
- Microsoft Windows Subsystem for Android updates
- MOVEit security updates
- SAP July 2023 Patch Day updates
- VMware SD-WAN updates
Microsoft’s July 2023 Patch Tuesday was a busy one, with security updates released for a wide range of vulnerabilities. The six actively exploited zero-days are particularly concerning, and organizations should take steps to mitigate the risk of these vulnerabilities being exploited.
