Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Microsoft’s July 2023 Patch Tuesday

July 12, 2023
Reading Time: 2 mins read
in Alerts
Microsoft’s July 2023 Patch Tuesday

 

Microsoft released security updates on July 11, 2023, to address 132 vulnerabilities, including six actively exploited zero-days. Of the 37 remote code execution (RCE) vulnerabilities that were fixed, nine were rated as critical. One of the RCE flaws remains unpatched and is actively exploited in attacks seen by numerous cybersecurity firms.

The six actively exploited zero-days that were fixed in July 2023 include:

  • CVE-2023-32046: Windows MSHTML Platform Elevation of Privilege Vulnerability
  • CVE-2023-32049: Windows SmartScreen Security Feature Bypass Vulnerability
  • CVE-2023-36874: Windows Error Reporting Service Elevation of Privilege Vulnerability
  • CVE-2023-36884: Office and Windows HTML Remote Code Execution Vulnerability
  • CVE-2023-35311: Microsoft Outlook Security Feature Bypass Vulnerability

The CVE-2023-36884 vulnerability is particularly concerning because it is being exploited by the RomCom hacking group, which is known to deploy ransomware in attacks. Microsoft says that users of Microsoft Defender for Office and those using the “Block all Office applications from creating child processes” Attack Surface Reduction Rule are protected from attachments that attempt to exploit this vulnerability.

In addition to the six actively exploited zero-days, Microsoft also released security updates for a number of other vulnerabilities, including:

  • 33 elevation of privilege vulnerabilities
  • 13 security feature bypass vulnerabilities
  • 19 information disclosure vulnerabilities
  • 22 denial of service vulnerabilities
  • 7 spoofing vulnerabilities

Microsoft also released security updates for products from other vendors, including:

  • AMD Adrenalin 23.7.1 WHQL driver for Windows
  • Apple Rapid Security Response (RSR) updates
  • Cisco DUO, Webex, Secure Email Gateway, Cisco Nexus 9000 Series Fabric Switches, and more
  • Google Android July 2023 updates
  • Linux vulnerability known as ‘StackRot’ allows privilege escalation
  • Microsoft Windows Subsystem for Android updates
  • MOVEit security updates
  • SAP July 2023 Patch Day updates
  • VMware SD-WAN updates

Microsoft’s July 2023 Patch Tuesday was a busy one, with security updates released for a wide range of vulnerabilities. The six actively exploited zero-days are particularly concerning, and organizations should take steps to mitigate the risk of these vulnerabilities being exploited.

Reference:
  • July 2023 Security Updates

Tags: Cyber AlertCyber Alerts 2023CyberattackCybersecurityJuly 2023ROMCOM RATVulnerabilitiesWindows
ADVERTISEMENT

Related Posts

GhostSpy Android Malware Full Device Control

FBI Warns Luna Moth Targets US Law Firms

May 27, 2025
GhostSpy Android Malware Full Device Control

Winos 4.0 Malware Spread Via Fake Installers

May 27, 2025
GhostSpy Android Malware Full Device Control

GhostSpy Android Malware Full Device Control

May 27, 2025
D-Link Routers Exposed by Weak Credentials

D-Link Routers Exposed by Weak Credentials

May 26, 2025
D-Link Routers Exposed by Weak Credentials

TA-ShadowCricke Unmasked via Backdoors

May 26, 2025
D-Link Routers Exposed by Weak Credentials

Killnet Resurfaces with New Identity

May 26, 2025

Latest Alerts

FBI Warns Luna Moth Targets US Law Firms

Winos 4.0 Malware Spread Via Fake Installers

GhostSpy Android Malware Full Device Control

D-Link Routers Exposed by Weak Credentials

TA-ShadowCricke Unmasked via Backdoors

Killnet Resurfaces with New Identity

Subscribe to our newsletter

    Latest Incidents

    Everest Ransomware Leaks Coke Staff Data

    Adidas Data Breach Exposes Customer Contacts

    Semiconductor Firm AXT Hit by Data Breach

    Hackers Steal $700K from Philly School District Accounts

    Chinese hackers hit US utilities via flaw

    Naukri Fixes Bug That Exposed Recruiter Email Addresses

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial