July 2023 Patch Tuesday: Microsoft Addresses 142 Vulnerabilities, Six Days Zero

Microsoft has released a series of patches addressing a total of 142 vulnerabilities, including six zero-days, as part of Patch Tuesday July. The update, which includes 132 new fixes and updates to 10 previously addressed issues, marks a record number of fixes for the year.

Among the vulnerabilities addressed, nine are considered critical, and one out of zero days has been publicly disclosed. Updates for previously patched zero-days are also included. Additionally, Proof of Concept (PoC) is now available for one legacy vulnerability.

These vulnerabilities have varying impacts, with some enabling remote code execution, others enabling privilege escalation, and some bypassing security features. The vulnerability affects a variety of Microsoft products, including all versions of Windows Server from 2008 onwards, Windows 10, Microsoft Word, Microsoft Office versions 2013 and later, and Microsoft Outlook from 2013 onwards.

Microsoft urges users to prioritize upgrading their systems to address these vulnerabilities immediately, given the active exploitation of some of these vulnerabilities and the absence of workarounds available for others.

IT departments around the world are expected to face significant workloads in the coming weeks as they work to deploy this patch and secure their systems. The many vulnerabilities addressed on Patch Tuesday underscore the continuing challenge to maintain cybersecurity in an increasingly complex digital landscape. TechTarget And Action1 provides more detailed information about the impact of new vulnerabilities and patches.

Zero-Day Vulnerability Addressed in Patch Tuesday July 2023

Office and Windows HTML Remote Code Execution Vulnerabilities (CVE-2023-36884)

This is a significant zero-day vulnerability that affects Microsoft Office and Windows HTML. It has a high complexity network attack vector, requiring user interaction but not elevated privileges. The vulnerability affects all versions of Windows Server from 2008 onwards, Windows 10, and Microsoft Word and Microsoft Office versions 2013 and later. The exploit involves an attacker creating a specially crafted Microsoft Office document capable of executing remote code in the victim’s context. Microsoft has outlined mitigation measures, but due to active exploits it is critical to prioritize system updates.
Microsoft Outlook Security Feature Ignore Vulnerability (CVE-2023-35311)

This is a critical zero-day vulnerability impacting Microsoft Outlook. It uses network attack vectors with low attack complexity, requiring user interaction but not higher privileges. The vulnerabilities specifically allow bypassing Microsoft Outlook security features and not enabling remote code execution or privilege escalation. Therefore, attackers tend to combine it with other exploits for comprehensive attacks. The vulnerability affects all versions of Microsoft Outlook from 2013 onwards. Given that this vulnerability has already been exploited, it is strongly advised to apply any available updates as soon as possible.
Windows Error Reporting Service Improvement of Privilege Vulnerability (CVE-2023-36874)

This is a critical zero-day vulnerability that affects the Windows Error Reporting Service. It can be exploited locally with low complexity and without requiring elevated privileges or user interaction. The vulnerability affects all versions of Microsoft Windows Server from 2008 onwards, as well as Windows 10 and later versions. A successful exploit can grant an attacker administrative privileges, allowing them to escalate their privileges and perform various malicious actions. Due to ongoing exploitation of this vulnerability, it is strongly recommended to apply available updates as soon as possible.
MSHTML Platform Privilege Windows Enhancement Vulnerability (CVE-2023-32046)

This is a critical zero-day security issue affecting the MSHTML platform on Windows. This vulnerability has a local attack vector with low attack complexity and does not require elevated privileges. However, user interaction is required for exploitation. In order to exploit this vulnerability, users must open a specially crafted file. Given that this vulnerability is being actively exploited, it is strongly recommended to apply available updates as soon as possible.
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability (CVE-2023-35366, CVE-2023-35367and CVE-2023-35365)

This has been identified as a critical security risk and is being addressed by Microsoft. These vulnerabilities share similar characteristics, including network attack vectors, low attack complexity, no privileges required, and no user interaction. However, this vulnerability would only pose a significant threat if the Windows Routing and Remote Access Service roles were installed on Windows Server. Exploiting this vulnerability requires that an attacker send specially crafted packets to a server running the Routing and Remote Access Service. It is very important to apply updates if you install the RRAS role on your server. This vulnerability affects all Windows servers from 2008 onwards and Windows 10.