July 2023 Microsoft Patch Update

Published: 2023-07-11. Last Updated: 2023-07-11 20:37:11 UTC
by Scott Fendley (Version: 1)
0 comment(s)

Today's Microsoft patch Tuesday addresses 132 vulnerabilities. Nine of the vulnerabilities are rated as Critical, and 6 of these are listed as exploited prior in the wild.

In particular, CVE-2023-36884 includes a remote code execution vulnerability via Microsoft Word documents and was linked to the Storm-0978 threat actor.  Microsoft Threat Intelligence has a blog entry which discusses this situation. Take special note of the mitigations which are recommended, as updates will likely be released out-of-cycle for this one.

Other exploited vulnerabilities include:

CVE-2023-35311 is a Microsoft Outlook Security Feature bypass which was being exploited in the wild which worked in the preview pane and bypasses security warning.

CVE-2023-32046 is an actively exploited privilege elevation vulnerability in Windows MSHTML which could be exploited by opening a specially crafted file in email or a malicious website.

CVE-2023-32049 is a security feature bypass vulnerability with Windows SmartScreen which was being exploited to prevent the Open File - Security Warning prompt when downloading/opening files from the Internet.

CVE-2023-36874 is an actively exploited privilege escalation flaw which could allow threat actors to gain local administrator privileges.  Attackers would need to have local access to the targeted machine and the user be able to create folder and performance traces to fully exploit this vulnerability.

Microsoft also issued a high-impact advisory (ADV230001) where attackers where abusing the drivers being certified by Microsoft's Windows Hardware Developer Program (MWHDP) as a post-exploitation activity.  The implicated developer accounts were suspected, and Microsoft has taken steps to untrust drivers which were improperly certified.

 

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
.NET and Visual Studio Elevation of Privilege Vulnerability
CVE-2023-33127 No No - - Important 8.1 7.3
ASP.NET and Visual Studio Security Feature Bypass Vulnerability
CVE-2023-33170 No No - - Important 8.1 7.3
Active Directory Federation Service Security Feature Bypass Vulnerability
CVE-2023-35348 No No - - Important 7.5 6.5
Active Template Library Elevation of Privilege Vulnerability
CVE-2023-32055 No No - - Important 6.7 5.8
Azure Active Directory Security Feature Bypass Vulnerability
CVE-2023-36871 No No - - Important 6.5 6.0
Azure Service Fabric on Windows Information Disclosure Vulnerability
CVE-2023-36868 No No - - Important 6.5 5.7
Connected User Experiences and Telemetry Elevation of Privilege Vulnerability
CVE-2023-35320 No No - - Important 7.8 6.8
CVE-2023-35353 No No - - Important 7.8 6.8
Guidance on Microsoft Signed Drivers Being Used Maliciously
ADV230001 No Yes - - None    
HTTP.sys Denial of Service Vulnerability
CVE-2023-32084 No No - - Important 7.5 6.5
CVE-2023-35298 No No - - Important 7.5 6.5
MediaWiki PandocUpload Extension Remote Code Execution Vulnerability
CVE-2023-35333 No No - - Important 8.8 7.7
Microsoft ActiveX Remote Code Execution Vulnerability
CVE-2023-33152 No No - - Important 7.0 6.1
Microsoft Defender Elevation of Privilege Vulnerability
CVE-2023-33156 No No - - Important 6.3 5.5
Microsoft DirectMusic Information Disclosure Vulnerability
CVE-2023-35341 No No - - Important 6.2 5.4
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2023-33171 No No - - Important 8.2 7.1
CVE-2023-35335 No No - - Important 8.2 7.1
Microsoft Excel Information Disclosure Vulnerability
CVE-2023-33162 No No - - Important 5.5 4.8
Microsoft Excel Remote Code Execution Vulnerability
CVE-2023-33158 No No - - Important 7.8 6.8
CVE-2023-33161 No No - - Important 7.8 6.8
Microsoft Failover Cluster Information Disclosure Vulnerability
CVE-2023-32083 No No - - Important 6.5 5.7
Microsoft Failover Cluster Remote Code Execution Vulnerability
CVE-2023-32033 No No - - Important 6.6 5.8
Microsoft Guidance for Addressing Security Feature Bypass in Trend Micro EFI Modules
ADV230002 No No Less Likely Less Likely Important    
Microsoft Install Service Elevation of Privilege Vulnerability
CVE-2023-35347 No No - - Important 7.1 6.2
Microsoft Message Queuing Denial of Service Vulnerability
CVE-2023-32044 No No - - Important 7.5 6.5
CVE-2023-32045 No No - - Important 7.5 6.5
Microsoft Message Queuing Remote Code Execution Vulnerability
CVE-2023-32057 No No - - Critical 9.8 8.5
CVE-2023-35309 No No - - Important 7.5 6.5
Microsoft ODBC Driver Remote Code Execution Vulnerability
CVE-2023-32038 No No - - Important 8.8 7.7
Microsoft Office Elevation of Privilege Vulnerability
CVE-2023-33148 No No - - Important 7.8 6.8
Microsoft Office Graphics Remote Code Execution Vulnerability
CVE-2023-33149 No No - - Important 7.8 6.8
Microsoft Office Security Feature Bypass Vulnerability
CVE-2023-33150 No No - - Important 9.6 8.3
Microsoft Outlook Remote Code Execution Vulnerability
CVE-2023-33153 No No - - Important 6.8 5.9
Microsoft Outlook Security Feature Bypass Vulnerability
CVE-2023-35311 No Yes - - Important 8.8 8.2
Microsoft Outlook Spoofing Vulnerability
CVE-2023-33151 No No - - Important 6.5 5.7
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
CVE-2023-32039 No No - - Important 5.5 4.8
CVE-2023-32040 No No - - Important 5.5 4.8
CVE-2023-35324 No No - - Important 5.5 4.8
CVE-2023-32085 No No - - Important 5.5 4.8
CVE-2023-35296 No No - - Important 6.5 5.7
CVE-2023-35306 No No - - Important 5.5 4.8
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
CVE-2023-35302 No No - - Important 8.8 7.7
Microsoft Power Apps Spoofing Vulnerability
CVE-2023-32052 No No - - Important 5.4 4.7
Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2023-33157 No No - - Critical 8.8 7.7
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2023-33134 No No - - Important 8.8 7.7
CVE-2023-33160 No No - - Critical 8.8 7.7
Microsoft SharePoint Server Security Feature Bypass Vulnerability
CVE-2023-33165 No No - - Important 4.3 3.8
Microsoft SharePoint Server Spoofing Vulnerability
CVE-2023-33159 No No - - Important 8.8 7.7
Microsoft VOLSNAP.SYS Elevation of Privilege Vulnerability
CVE-2023-35312 No No - - Important 7.8 6.8
Mono Authenticode Validation Spoofing Vulnerability
CVE-2023-35373 No No - - Important 5.3 4.8
OLE Automation Information Disclosure Vulnerability
CVE-2023-32042 No No - - Important 6.5 5.7
Office and Windows HTML Remote Code Execution Vulnerability
CVE-2023-36884 Yes Yes - - Important 8.3 8.1
Paint 3D Remote Code Execution Vulnerability
CVE-2023-32047 No No - - Important 7.8 6.8
CVE-2023-35374 No No - - Important 7.8 6.8
Raw Image Extension Remote Code Execution Vulnerability
CVE-2023-32051 No No - - Important 7.8 6.8
Remote Procedure Call Runtime Denial of Service Vulnerability
CVE-2023-33166 No No - - Important 6.5 5.7
CVE-2023-33167 No No - - Important 6.5 5.7
CVE-2023-33168 No No - - Important 6.5 5.7
CVE-2023-33169 No No - - Important 6.5 5.7
CVE-2023-33172 No No - - Important 6.5 5.7
CVE-2023-33173 No No - - Important 6.5 5.7
CVE-2023-32034 No No - - Important 6.5 5.7
CVE-2023-32035 No No - - Important 6.5 5.7
CVE-2023-35314 No No - - Important 6.5 5.7
CVE-2023-35318 No No - - Important 6.5 5.7
CVE-2023-35319 No No - - Important 6.5 5.7
CVE-2023-33164 No No - - Important 6.5 5.7
Remote Procedure Call Runtime Information Disclosure Vulnerability
CVE-2023-35316 No No - - Important 6.5 5.7
Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2023-35300 No No - - Important 8.8 7.7
USB Audio Class System Driver Remote Code Execution Vulnerability
CVE-2023-35303 No No - - Important 8.8 7.7
VP9 Video Extensions Information Disclosure Vulnerability
CVE-2023-36872 No No Less Likely Less Likely Important 5.5 4.8
Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability
CVE-2023-36867 No No - - Important 7.8 7.0
Volume Shadow Copy Elevation of Privilege Vulnerability
CVE-2023-32054 No No - - Important 7.3 6.4
Win32k Elevation of Privilege Vulnerability
CVE-2023-35337 No No - - Important 7.8 6.8
Windows Active Directory Certificate Services (AD CS) Remote Code Execution Vulnerability
CVE-2023-35350 No No - - Important 7.2 6.3
CVE-2023-35351 No No - - Important 6.6 5.8
Windows Admin Center Spoofing Vulnerability
CVE-2023-29347 No No Less Likely Less Likely Important 8.7 7.6
Windows Authentication Denial of Service Vulnerability
CVE-2023-35329 No No - - Important 6.5 5.7
Windows CDP User Components Information Disclosure Vulnerability
CVE-2023-35326 No No - - Important 5.5 4.8
Windows CNG Key Isolation Service Elevation of Privilege Vulnerability
CVE-2023-35340 No No - - Important 7.8 6.8
Windows Clip Service Elevation of Privilege Vulnerability
CVE-2023-35362 No No - - Important 7.8 6.8
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVE-2023-33155 No No - - Important 7.8 6.8
Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2023-35299 No No - - Important 7.8 6.8
Windows CryptoAPI Denial of Service Vulnerability
CVE-2023-35339 No No - - Important 7.5 6.5
Windows Cryptographic Information Disclosure Vulnerability
CVE-2023-33174 No No - - Important 5.5 4.8
Windows DNS Server Remote Code Execution Vulnerability
CVE-2023-35344 No No - - Important 6.6 5.8
CVE-2023-35345 No No - - Important 6.6 5.8
CVE-2023-35346 No No - - Important 6.6 5.8
CVE-2023-35310 No No Less Likely Less Likely Important 6.6 5.8
Windows Deployment Services Denial of Service Vulnerability
CVE-2023-35321 No No - - Important 6.5 5.7
Windows Deployment Services Remote Code Execution Vulnerability
CVE-2023-35322 No No - - Important 8.8 7.7
Windows Error Reporting Service Elevation of Privilege Vulnerability
CVE-2023-36874 No Yes - - Important 7.8 6.8
Windows Extended Negotiation Denial of Service Vulnerability
CVE-2023-35330 No No - - Important 7.5 6.5
Windows Geolocation Service Remote Code Execution Vulnerability
CVE-2023-35343 No No - - Important 7.8 6.8
Windows Image Acquisition Elevation of Privilege Vulnerability
CVE-2023-35342 No No - - Important 7.8 6.8
Windows Installer Elevation of Privilege Vulnerability
CVE-2023-32050 No No - - Important 7.0 6.1
CVE-2023-32053 No No - - Important 7.8 6.8
Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-35356 No No - - Important 7.8 6.8
CVE-2023-35357 No No - - Important 7.8 6.8
CVE-2023-35358 No No - - Important 7.8 6.8
CVE-2023-35360 No No - - Important 7.0 6.1
CVE-2023-35361 No No - - Important 7.0 6.1
CVE-2023-35363 No No - - Important 7.8 6.8
CVE-2023-35364 No No - - Important 8.8 7.7
CVE-2023-35304 No No - - Important 7.8 6.8
CVE-2023-35305 No No - - Important 7.8 6.8
Windows Layer-2 Bridge Network Driver Information Disclosure Vulnerability
CVE-2023-32037 No No - - Important 6.5 5.7
Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability
CVE-2023-35315 No No - - Critical 8.8 7.7
Windows Local Security Authority (LSA) Denial of Service Vulnerability
CVE-2023-35331 No No - - Important 6.5 5.7
Windows MSHTML Platform Elevation of Privilege Vulnerability
CVE-2023-32046 No Yes - - Important 7.8 6.8
Windows MSHTML Platform Security Feature Bypass Vulnerability
CVE-2023-35336 No No - - Important 6.5 5.7
CVE-2023-35308 No No - - Important 6.5 5.7
Windows Netlogon Information Disclosure Vulnerability
CVE-2023-21526 No No - - Important 7.4 6.4
Windows Network Load Balancing Remote Code Execution Vulnerability
CVE-2023-33163 No No - - Important 7.5 6.5
Windows OLE Remote Code Execution Vulnerability
CVE-2023-35323 No No - - Important 7.8 6.8
Windows Online Certificate Status Protocol (OCSP) SnapIn Remote Code Execution Vulnerability
CVE-2023-35313 No No - - Important 7.8 6.8
Windows Partition Management Driver Elevation of Privilege Vulnerability
CVE-2023-33154 No No - - Important 7.8 6.8
Windows Peer Name Resolution Protocol Denial of Service Vulnerability
CVE-2023-35338 No No - - Important 7.5 6.5
Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
CVE-2023-35297 No No - - Critical 7.5 6.5
Windows Print Spooler Information Disclosure Vulnerability
CVE-2023-35325 No No - - Important 7.5 6.5
Windows Remote Desktop Protocol Security Feature Bypass
CVE-2023-35332 No No - - Important 6.8 5.9
Windows Remote Desktop Security Feature Bypass Vulnerability
CVE-2023-32043 No No - - Important 6.8 5.9
CVE-2023-35352 No No - - Critical 7.5 6.5
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2023-35365 No No - - Critical 9.8 8.5
CVE-2023-35366 No No - - Critical 9.8 8.5
CVE-2023-35367 No No - - Critical 9.8 8.5
Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability
CVE-2023-35317 No No - - Important 7.8 6.8
CVE-2023-32056 No No - - Important 7.8 6.8
Windows SmartScreen Security Feature Bypass Vulnerability
CVE-2023-32049 No Yes - - Important 8.8 8.2
Windows Transaction Manager Elevation of Privilege Vulnerability
CVE-2023-35328 No No - - Important 7.8 6.8
Windows Update Orchestrator Service Information Disclosure Vulnerability
CVE-2023-32041 No No - - Important 5.5 4.8
Windows Win32k Elevation of Privilege Vulnerability
CVE-2023-21756 No No Less Likely Less Likely Important 7.8 6.8
Keywords:
0 comment(s)
SANSFIRE Keynote Live and Online: 18:30 ET 22:30 UTC Wednesday July 11th. Register here: https://www.sans.org/webcasts/sansfire-2023-keynote-internet-storm-center-what-s-new-and-current-threat-brief/
ISC Stormcast For Tuesday, July 11th, 2023 https://isc.sans.edu/podcastdetail/8566

Comments


Diary Archives