Today, Microsoft Corp. released software updates to address a total of 130 security vulnerabilities in its Windows operating systems and related software. These updates include fixes for at least five flaws that are currently being actively exploited.
In July’s Patch Tuesday, the following types of vulnerabilities were addressed:
- 37 Remote Code Execution Vulnerabilities
- 33 Elevation of Privilege (EoP) Vulnerabilities
- 22 Denial-of-Service (DoS) Vulnerabilities
- 19 Information Disclosure Vulnerabilities
- 12 Security Feature Bypass Vulnerabilities
- 5 Spoofing Vulnerabilities
- 2 Cross-Site Scripting (XSS) Vulnerabilities
Microsoft’s July 2023 Patch Tuesday
CVE-2023-32046 (CVSS Score: 7.8, High) refers to a privilege elevation vulnerability in Windows MSHTML. This vulnerability enables an attacker to obtain the privileges of the user who is running the vulnerable application. The attack can be initiated by opening a specifically crafted file through email or malicious websites.
CVE-2023-32049 (CVSS Score: 8.8, High) is a Security Feature Bypass vulnerability that attackers exploited in Windows SmartScreen. Their aim was to prevent the display of the Open File – Security Warning prompt when downloading and opening files from the Internet.
CVE-2023-36874 (CVSS Score: 7.8, High) refers to a vulnerability in Windows Error Reporting Service. Attackers can leverage this vulnerability to obtain admin privileges on a targeted device. To successfully exploit it, the attacker requires local access to the device and restricted privileges of default users.
CVE-2023-35311 (CVSS Score: 8.8, High) is a zero-day vulnerability discovered in Microsoft Outlook. It enables users to bypass the Microsoft Outlook Security Notice while working in the preview pane.
CVE-2023-36884 (CVSS Score: 8.3, High) is another zero-day vulnerability that allows remote code execution through specially crafted Microsoft Office documents. Microsoft has confirmed that this vulnerability has been actively used in real-world attacks. However, successful exploitation of this vulnerability requires user interaction with the malicious file.
“Admins should be ready for an out-of-cycle security update for CVE-2023-36884,” he said.
In summary, Microsoft has detected a phishing campaign conducted by a threat actor known as Storm-0978 (also referred to as DEV-0978 or RomCom). This group recently launched a campaign starting in June 2023, utilizing the CVE-2023-36884 vulnerability to distribute a backdoor similar to RomCom.
Storm-0978 is responsible for creating and spreading the RomCom backdoor. Additionally, the actor employs the Underground ransomware, which is associated with the Industrial Spy ransomware that was first observed in May 2022. Researchers have connected this group to the Cuba ransomware operation because the ransom notes in Industrial Spy incidents mistakenly included email addresses, links, and TOX chat IDs linked to the group.
Critical Vulnerabilities in Microsoft’s July 2023 Patch Tuesday
The nine vulnerabilities labeled as critical in the July Patch Tuesday consist of RCEs in:
- Microsoft SharePoint (CVE-2023-33160 and CVE-2023-33157)
- Windows Layer-2 Bridge Network Driver (CVE-2023-35315)
- Microsoft Message Queuing (CVE-2023-32057)
- Windows PGM (CVE-2023-35297)
- Windows Routing and Remote Access Service (RRAS) (CVE-2023-35367, CVE-2023-35366, CVE-2023-35365)
Additionally, a Security Feature Bypass Vulnerability in Windows Remote Desktop, identified as CVE-2023-35352 is critical.
It is highly recommended that you promptly apply the patches to safeguard your environment and enhance your overall security. To learn more about the vulnerabilities addressed in this update, please refer to Microsoft’s July 2023 Release Note.