Microsoft Releases July 2023 Security Updates

Scheduled updates for Microsoft products, including security updates for 6 zero-day vulnerabilities

Threat ID:: CC-4356
Threat Severity:: Medium
Published:: 12 July 2023 3:33 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Scheduled updates for Microsoft products, including security updates for 6 zero-day vulnerabilities

Affected platforms

The following platforms are known to be affected:

Microsoft Office

Microsoft Edge

Microsoft Outlook

The following platforms are also known to be affected:

.NET and Visual Studio
ASP.NET and .NET
Azure Active Directory
Microsoft Dynamics
Microsoft Graphics Component
Microsoft Media-Wiki Extensions
Microsoft Office Access
Microsoft Office Excel
Microsoft Office SharePoint
Microsoft Power Apps
Microsoft Printer Drivers
Microsoft Windows Codecs Library
Mono Authenticode
Paint 3D
Role: DNS Server
Service Fabric
Visual Studio Code
Windows Active Directory Certificate Services
Windows Active Template Library
Windows Admin Center
Windows App Store
Windows Authentication Methods
Windows CDP User Components
Windows Certificates
Windows Clip Service
Windows Cloud Files Mini Filter Driver
Windows Cluster Server
Windows CNG Key Isolation Service
Windows Common Log File System Driver
Windows Connected User Experiences and Telemetry
Windows CryptoAPI
Windows Cryptographic Services
Windows Defender
Windows Deployment Services
Windows EFI Partition
Windows Error Reporting
Windows Failover Cluster
Windows Geolocation Service
Windows HTTP.sys
Windows Image Acquisition
Windows Installer
Windows Kernel
Windows Layer 2 Tunneling Protocol
Windows Layer-2 Bridge Network Driver
Windows Local Security Authority (LSA)
Windows Media
Windows Message Queuing
Windows MSHTML Platform
Windows Netlogon
Windows Network Load Balancing
Windows NT OS Kernel
Windows ODBC Driver
Windows OLE
Windows Online Certificate Status Protocol (OCSP) SnapIn
Windows Online Certificate Status Protocol (OCSP) SnapIn
Windows Partition Management Driver
Windows Peer Name Resolution Protocol
Windows PGM
Windows Print Spooler Components
Windows Remote Desktop
Windows Remote Procedure Call
Windows Routing and Remote Access Service (RRAS)
Windows Server Update Service
Windows SmartScreen
Windows SPNEGO Extended Negotiation
Windows Transaction Manager
Windows Update Orchestrator Service
Windows VOLSNAP.SYS
Windows Volume Shadow Copy
Windows Win32K

Threat details

Introduction

Microsoft has released security updates to address 132 vulnerabilities and advisories across their product lines. An unauthenticated, remote attacker could exploit some of these vulnerabilities to take control of an affected system.

Active exploitation of multiple vulnerabilities

Microsoft has disclosed that 6 of the vulnerabilities covered by this update are under active exploitation.

•   CVE-2023-32046 - Windows MSHTML Platform Elevation of Privilege Vulnerability
•   CVE-2023-32049 - Windows SmartScreen Security Feature Bypass Vulnerability
•   CVE-2023-35311 - Microsoft Outlook Security Feature Bypass Vulnerability
•   CVE-2023-36874 - Windows Error Reporting Service Elevation of Privilege Vulnerability
•   CVE-2023-36884 - Office and Windows HTML Remote Code Execution Vulnerability
•   ADV230001 - Malicious use of Microsoft-signed drivers for post-exploitation activity

Remediation advice

Affected organisations are encouraged to review Microsoft’s July 2023 Security Update Summary and apply the relevant updates.

Definitive source of threat updates

https://msrc.microsoft.com/update-guide/releaseNote/2023-Jul

CVE Vulnerabilities

Status Published

CVE-2023-32046

Windows MSHTML Platform Elevation of Privilege Vulnerability

Status Published

CVE-2023-32049

Windows SmartScreen Security Feature Bypass Vulnerability

Status Published

CVE-2023-35311

Microsoft Outlook Security Feature Bypass Vulnerability

Status Published

CVE-2023-36874

Windows Error Reporting Service Elevation of Privilege Vulnerability

Status Published

CVE-2023-36884

Microsoft is investigating reports of a series of remote code execution vulnerabilities impacting Windows and Office products. Microsoft is aware of targeted attacks that attempt to exploit these vulnerabilities by using specially-crafted Microsoft Office documents. An attacker could create a specially crafted Microsoft Office document that enables them to perform remote code execution in the context of the victim. However, an attacker would have to convince the victim to open the malicious file. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This might include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs. Please see the Microsoft Threat Intelligence Blog https://aka.ms/Storm-0978 Entry for important information about steps you can take to protect your system from this vulnerability. This CVE will be updated with new information and links to security updates when they become available.

Last edited: 12 July 2023 3:34 pm