Patch Tuesday

Today is Microsoft's July 2023 Patch Tuesday, with security updates for 132 flaws, including six actively exploited and thirty-seven remote code execution vulnerabilities.

While thirty-seven RCE bugs were fixed, Microsoft only rated nine as 'Critical.' However, one of the RCE flaws remains unpatched and is actively exploited in attacks seen by numerous cybersecurity firms.

The number of bugs in each vulnerability category is listed below:

  • 33 Elevation of Privilege Vulnerabilities
  • 13 Security Feature Bypass Vulnerabilities
  • 37 Remote Code Execution Vulnerabilities
  • 19 Information Disclosure Vulnerabilities
  • 22 Denial of Service Vulnerabilities
  • 7 Spoofing Vulnerabilities

Microsoft has not fixed any Microsoft Edge vulnerabilities in July at this time.

To learn more about the non-security updates released today, you can review our dedicated articles on the new Windows 11 KB5028185 cumulative update and Windows 10 KB5028168 and KB5028166 updates released.

Six actively exploited vulnerabilities

This month's Patch Tuesday fixes six zero-day vulnerabilities, with all of them exploited in attacks and one of them publicly disclosed.

Microsoft classifies a vulnerability as a zero-day if it is publicly disclosed or actively exploited with no official fix available.

The six actively exploited zero-day vulnerabilities in today's updates are:

CVE-2023-32046 - Windows MSHTML Platform Elevation of Privilege Vulnerability

Microsoft has fixed an actively exploited privilege elevation vulnerability in Windows MSHTML that was exploited by opening a specially crafted file through email or malicious websites.

"The attacker would gain the rights of the user that is running the affected application," reads Microsoft's advisory.

Microsoft says that the flaw was discovered internally by the Microsoft Threat Intelligence Center.

CVE-2023-32049 - Windows SmartScreen Security Feature Bypass Vulnerability

Threat actors exploited this vulnerability to prevent the display of the Open File - Security Warning prompt when downloading and opening files from the Internet.

Microsoft says that the flaw was discovered internally by the Microsoft Threat Intelligence Center.

CVE-2023-36874 - Windows Error Reporting Service Elevation of Privilege Vulnerability

This actively exploited elevation of privileges flaw allowed threat actors to gain administrator privileges on the Windows device.

"An attacker must have local access to the targeted machine and the user must be able to create folders and performance traces on the machine, with restricted privileges that normal users have by default," warns Microsoft.

Microsoft says that the flaw was discovered by Vlad Stolyarov and Maddie Stone of Googles Threat Analysis Group (TAG)

CVE-2023-36884 - Office and Windows HTML Remote Code Execution Vulnerability

Microsoft has released guidance on a publicly disclosed, unpatched Microsoft Office and Windows zero-day that allows remote code execution using specially-crafted Microsoft Office documents.

"Microsoft is investigating reports of a series of remote code execution vulnerabilities impacting Windows and Office products. Microsoft is aware of targeted attacks that attempt to exploit these vulnerabilities by using specially-crafted Microsoft Office documents," explains the advisory for CVE-2023-36884.

"An attacker could create a specially crafted Microsoft Office document that enables them to perform remote code execution in the context of the victim. However, an attacker would have to convince the victim to open the malicious file."

"Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This might include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs."

Microsoft later shared that the vulnerability is exploited by the RomCom hacking group, previously known to deploy the Industrial Spy ransomware in attacks. The ransomware operation has recently rebranded under the name 'Underground' where they continue to extort victims.

The threat actors are also linked to the Cuba ransomware operation, with BleepignComputer first noting that Industrial Spy ransom notes mistakenly included email addresses, TOX chat IDs, and links associated with the Cuba gang. This link was later strengthened in reports by Palo Alto and CISA.

While no security updates are available for this flaw at this time, Microsoft says that users of Microsoft Defender for Office and those using the "Block all Office applications from creating child processes" Attack Surface Reduction Rule are protected from attachments that attempt to exploit this vulnerability.

For those not using these protections, you can add the following application names to the HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION registry key as values of type REG_DWORD with data 1.

  • Excel.exe
  • Graph.exe
  • MSAccess.exe
  • MSPub.exe
  • PowerPoint.exe
  • Visio.exe
  • WinProj.exe
  • WinWord.exe
  • Wordpad.exe

This flaw was disclosed by Microsoft Threat Intelligence, Vlad Stolyarov, Clement Lecigne and Bahare Sabouri of Google’s Threat Analysis Group (TAG), Paul Rascagneres and Tom Lancaster with Volexity, and the Microsoft Office Product Group Security Team.

ADV230001 - Guidance on Microsoft Signed Drivers Being Used Maliciously

Microsoft has revoked code-signing certificates and developer accounts that abused a Windows policy loophole to install malicious kernel-mode drivers.

Cisco Talos released two reports todayon how this loophole was abused to sign malicious drivers to intercept browser traffic, including Chrome, Edge, and Firefox, and an extensive list of browsers popular in China.

Microsoft has released an advisory explaining that they have suspended all associated developer accounts and revoked abused certificates.

"Microsoft was informed that drivers certified by Microsoft's Windows Hardware Developer Program were being used maliciously in post-exploitation activity. In these attacks, the attacker had already gained administrative privileges on compromised systems prior to use of the drivers," explains Microsoft.

An investigation was performed when we were notified of this activity by Sophos on February 9, 2023; Trend Micro and Cisco subsequently provided reports containing additional details. This investigation revealed that several developer accounts for the Microsoft Partner Center (MPC) were engaged in submitting malicious drivers to obtain a Microsoft signature."

"All the developer accounts involved in this incident were immediately suspended."

CVE-2023-35311 - Microsoft Outlook Security Feature Bypass Vulnerability

Microsoft has fixed an actively exploited zero-day vulnerability in Microsoft Outlook that bypasses security warnings and works in the preview pane.

"The attacker would be able to bypass the Microsoft Outlook Security Notice prompt," explains Microsoft.

The discloser of this vulnerability wished to remain anonymous.

Recent updates from other companies

Other vendors who released updates or advisories in July 2023 include:

The July 2023 Patch Tuesday Security Updates

Below is the complete list of resolved vulnerabilities in the July 2023 Patch Tuesday updates.

To access the full description of each vulnerability and the systems it affects, you can view the full report here.

Tag CVE ID CVE Title Severity
.NET and Visual Studio CVE-2023-33127 .NET and Visual Studio Elevation of Privilege Vulnerability Important
ASP.NET and Visual Studio CVE-2023-33170 ASP.NET and Visual Studio Security Feature Bypass Vulnerability Important
Azure Active Directory CVE-2023-36871 Azure Active Directory Security Feature Bypass Vulnerability Important
Azure Active Directory CVE-2023-35348 Active Directory Federation Service Security Feature Bypass Vulnerability Important
Microsoft Dynamics CVE-2023-33171 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Important
Microsoft Dynamics CVE-2023-35335 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Important
Microsoft Graphics Component CVE-2023-33149 Microsoft Office Graphics Remote Code Execution Vulnerability Important
Microsoft Graphics Component CVE-2023-21756 Windows Win32k Elevation of Privilege Vulnerability Important
Microsoft Media-Wiki Extensions CVE-2023-35333 MediaWiki PandocUpload Extension Remote Code Execution Vulnerability Important
Microsoft Office CVE-2023-33148 Microsoft Office Elevation of Privilege Vulnerability Important
Microsoft Office CVE-2023-36884 Office and Windows HTML Remote Code Execution Vulnerability Important
Microsoft Office CVE-2023-33150 Microsoft Office Security Feature Bypass Vulnerability Important
Microsoft Office Access CVE-2023-33152 Microsoft ActiveX Remote Code Execution Vulnerability Important
Microsoft Office Excel CVE-2023-33158 Microsoft Excel Remote Code Execution Vulnerability Important
Microsoft Office Excel CVE-2023-33161 Microsoft Excel Remote Code Execution Vulnerability Important
Microsoft Office Excel CVE-2023-33162 Microsoft Excel Information Disclosure Vulnerability Important
Microsoft Office Outlook CVE-2023-33151 Microsoft Outlook Spoofing Vulnerability Important
Microsoft Office Outlook CVE-2023-33153 Microsoft Outlook Remote Code Execution Vulnerability Important
Microsoft Office Outlook CVE-2023-35311 Microsoft Outlook Security Feature Bypass Vulnerability Important
Microsoft Office SharePoint CVE-2023-33134 Microsoft SharePoint Server Remote Code Execution Vulnerability Important
Microsoft Office SharePoint CVE-2023-33160 Microsoft SharePoint Server Remote Code Execution Vulnerability Critical
Microsoft Office SharePoint CVE-2023-33165 Microsoft SharePoint Server Security Feature Bypass Vulnerability Important
Microsoft Office SharePoint CVE-2023-33157 Microsoft SharePoint Remote Code Execution Vulnerability Critical
Microsoft Office SharePoint CVE-2023-33159 Microsoft SharePoint Server Spoofing Vulnerability Important
Microsoft Power Apps CVE-2023-32052 Microsoft Power Apps Spoofing Vulnerability Important
Microsoft Printer Drivers CVE-2023-32085 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability Important
Microsoft Printer Drivers CVE-2023-35302 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability Important
Microsoft Printer Drivers CVE-2023-35296 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability Important
Microsoft Printer Drivers CVE-2023-35324 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability Important
Microsoft Printer Drivers CVE-2023-32040 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability Important
Microsoft Printer Drivers CVE-2023-35306 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability Important
Microsoft Printer Drivers CVE-2023-32039 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability Important
Microsoft Windows Codecs Library CVE-2023-35303 USB Audio Class System Driver Remote Code Execution Vulnerability Important
Microsoft Windows Codecs Library CVE-2023-36872 VP9 Video Extensions Information Disclosure Vulnerability Important
Microsoft Windows Codecs Library CVE-2023-32051 Raw Image Extension Remote Code Execution Vulnerability Important
Mono Authenticode CVE-2023-35373 Mono Authenticode Validation Spoofing Vulnerability Important
Paint 3D CVE-2023-35374 Paint 3D Remote Code Execution Vulnerability Important
Paint 3D CVE-2023-32047 Paint 3D Remote Code Execution Vulnerability Important
Role: DNS Server CVE-2023-35310 Windows DNS Server Remote Code Execution Vulnerability Important
Role: DNS Server CVE-2023-35346 Windows DNS Server Remote Code Execution Vulnerability Important
Role: DNS Server CVE-2023-35345 Windows DNS Server Remote Code Execution Vulnerability Important
Role: DNS Server CVE-2023-35344 Windows DNS Server Remote Code Execution Vulnerability Important
Service Fabric CVE-2023-36868 Azure Service Fabric on Windows Information Disclosure Vulnerability Important
Visual Studio Code CVE-2023-36867 Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability Important
Windows Active Directory Certificate Services CVE-2023-35351 Windows Active Directory Certificate Services (AD CS) Remote Code Execution Vulnerability Important
Windows Active Directory Certificate Services CVE-2023-35350 Windows Active Directory Certificate Services (AD CS) Remote Code Execution Vulnerability Important
Windows Active Template Library CVE-2023-32055 Active Template Library Elevation of Privilege Vulnerability Important
Windows Admin Center CVE-2023-29347 Windows Admin Center Spoofing Vulnerability Important
Windows App Store CVE-2023-35347 Microsoft Install Service Elevation of Privilege Vulnerability Important
Windows Authentication Methods CVE-2023-35329 Windows Authentication Denial of Service Vulnerability Important
Windows CDP User Components CVE-2023-35326 Windows CDP User Components Information Disclosure Vulnerability Important
Windows Certificates ADV230001 Guidance on Microsoft Signed Drivers Being Used Maliciously None
Windows Clip Service CVE-2023-35362 Windows Clip Service Elevation of Privilege Vulnerability Important
Windows Cloud Files Mini Filter Driver CVE-2023-33155 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Important
Windows Cluster Server CVE-2023-32033 Microsoft Failover Cluster Remote Code Execution Vulnerability Important
Windows CNG Key Isolation Service CVE-2023-35340 Windows CNG Key Isolation Service Elevation of Privilege Vulnerability Important
Windows Common Log File System Driver CVE-2023-35299 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important
Windows Connected User Experiences and Telemetry CVE-2023-35320 Connected User Experiences and Telemetry Elevation of Privilege Vulnerability Important
Windows Connected User Experiences and Telemetry CVE-2023-35353 Connected User Experiences and Telemetry Elevation of Privilege Vulnerability Important
Windows CryptoAPI CVE-2023-35339 Windows CryptoAPI Denial of Service Vulnerability Important
Windows Cryptographic Services CVE-2023-33174 Windows Cryptographic Information Disclosure Vulnerability Important
Windows Defender CVE-2023-33156 Microsoft Defender Elevation of Privilege Vulnerability Important
Windows Deployment Services CVE-2023-35322 Windows Deployment Services Remote Code Execution Vulnerability Important
Windows Deployment Services CVE-2023-35321 Windows Deployment Services Denial of Service Vulnerability Important
Windows EFI Partition ADV230002 Microsoft Guidance for Addressing Security Feature Bypass in Trend Micro EFI Modules Important
Windows Error Reporting CVE-2023-36874 Windows Error Reporting Service Elevation of Privilege Vulnerability Important
Windows Failover Cluster CVE-2023-32083 Microsoft Failover Cluster Information Disclosure Vulnerability Important
Windows Geolocation Service CVE-2023-35343 Windows Geolocation Service Remote Code Execution Vulnerability Important
Windows HTTP.sys CVE-2023-32084 HTTP.sys Denial of Service Vulnerability Important
Windows HTTP.sys CVE-2023-35298 HTTP.sys Denial of Service Vulnerability Important
Windows Image Acquisition CVE-2023-35342 Windows Image Acquisition Elevation of Privilege Vulnerability Important
Windows Installer CVE-2023-32053 Windows Installer Elevation of Privilege Vulnerability Important
Windows Installer CVE-2023-32050 Windows Installer Elevation of Privilege Vulnerability Important
Windows Kernel CVE-2023-35304 Windows Kernel Elevation of Privilege Vulnerability Important
Windows Kernel CVE-2023-35363 Windows Kernel Elevation of Privilege Vulnerability Important
Windows Kernel CVE-2023-35305 Windows Kernel Elevation of Privilege Vulnerability Important
Windows Kernel CVE-2023-35356 Windows Kernel Elevation of Privilege Vulnerability Important
Windows Kernel CVE-2023-35357 Windows Kernel Elevation of Privilege Vulnerability Important
Windows Kernel CVE-2023-35358 Windows Kernel Elevation of Privilege Vulnerability Important
Windows Layer 2 Tunneling Protocol CVE-2023-32037 Windows Layer-2 Bridge Network Driver Information Disclosure Vulnerability Important
Windows Layer-2 Bridge Network Driver CVE-2023-35315 Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability Critical
Windows Local Security Authority (LSA) CVE-2023-35331 Windows Local Security Authority (LSA) Denial of Service Vulnerability Important
Windows Media CVE-2023-35341 Microsoft DirectMusic Information Disclosure Vulnerability Important
Windows Message Queuing CVE-2023-32057 Microsoft Message Queuing Remote Code Execution Vulnerability Critical
Windows Message Queuing CVE-2023-35309 Microsoft Message Queuing Remote Code Execution Vulnerability Important
Windows Message Queuing CVE-2023-32045 Microsoft Message Queuing Denial of Service Vulnerability Important
Windows Message Queuing CVE-2023-32044 Microsoft Message Queuing Denial of Service Vulnerability Important
Windows MSHTML Platform CVE-2023-32046 Windows MSHTML Platform Elevation of Privilege Vulnerability Important
Windows MSHTML Platform CVE-2023-35336 Windows MSHTML Platform Security Feature Bypass Vulnerability Important
Windows MSHTML Platform CVE-2023-35308 Windows MSHTML Platform Security Feature Bypass Vulnerability Important
Windows Netlogon CVE-2023-21526 Windows Netlogon Information Disclosure Vulnerability Important
Windows Network Load Balancing CVE-2023-33163 Windows Network Load Balancing Remote Code Execution Vulnerability Important
Windows NT OS Kernel CVE-2023-35361 Windows Kernel Elevation of Privilege Vulnerability Important
Windows NT OS Kernel CVE-2023-35364 Windows Kernel Elevation of Privilege Vulnerability Important
Windows NT OS Kernel CVE-2023-35360 Windows Kernel Elevation of Privilege Vulnerability Important
Windows ODBC Driver CVE-2023-32038 Microsoft ODBC Driver Remote Code Execution Vulnerability Important
Windows OLE CVE-2023-32042 OLE Automation Information Disclosure Vulnerability Important
Windows Online Certificate Status Protocol (OCSP) SnapIn CVE-2023-35323 Windows OLE Remote Code Execution Vulnerability Important
Windows Online Certificate Status Protocol (OCSP) SnapIn CVE-2023-35313 Windows Online Certificate Status Protocol (OCSP) SnapIn Remote Code Execution Vulnerability Important
Windows Partition Management Driver CVE-2023-33154 Windows Partition Management Driver Elevation of Privilege Vulnerability Important
Windows Peer Name Resolution Protocol CVE-2023-35338 Windows Peer Name Resolution Protocol Denial of Service Vulnerability Important
Windows PGM CVE-2023-35297 Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability Critical
Windows Print Spooler Components CVE-2023-35325 Windows Print Spooler Information Disclosure Vulnerability Important
Windows Remote Desktop CVE-2023-35352 Windows Remote Desktop Security Feature Bypass Vulnerability Critical
Windows Remote Desktop CVE-2023-32043 Windows Remote Desktop Security Feature Bypass Vulnerability Important
Windows Remote Desktop CVE-2023-35332 Windows Remote Desktop Protocol Security Feature Bypass Important
Windows Remote Procedure Call CVE-2023-35300 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important
Windows Remote Procedure Call CVE-2023-33168 Remote Procedure Call Runtime Denial of Service Vulnerability Important
Windows Remote Procedure Call CVE-2023-33173 Remote Procedure Call Runtime Denial of Service Vulnerability Important
Windows Remote Procedure Call CVE-2023-33172 Remote Procedure Call Runtime Denial of Service Vulnerability Important
Windows Remote Procedure Call CVE-2023-32035 Remote Procedure Call Runtime Denial of Service Vulnerability Important
Windows Remote Procedure Call CVE-2023-33166 Remote Procedure Call Runtime Denial of Service Vulnerability Important
Windows Remote Procedure Call CVE-2023-32034 Remote Procedure Call Runtime Denial of Service Vulnerability Important
Windows Remote Procedure Call CVE-2023-33167 Remote Procedure Call Runtime Denial of Service Vulnerability Important
Windows Remote Procedure Call CVE-2023-33169 Remote Procedure Call Runtime Denial of Service Vulnerability Important
Windows Remote Procedure Call CVE-2023-35318 Remote Procedure Call Runtime Denial of Service Vulnerability Important
Windows Remote Procedure Call CVE-2023-33164 Remote Procedure Call Runtime Denial of Service Vulnerability Important
Windows Remote Procedure Call CVE-2023-35319 Remote Procedure Call Runtime Denial of Service Vulnerability Important
Windows Remote Procedure Call CVE-2023-35316 Remote Procedure Call Runtime Information Disclosure Vulnerability Important
Windows Remote Procedure Call CVE-2023-35314 Remote Procedure Call Runtime Denial of Service Vulnerability Important
Windows Routing and Remote Access Service (RRAS) CVE-2023-35367 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Critical
Windows Routing and Remote Access Service (RRAS) CVE-2023-35366 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Critical
Windows Routing and Remote Access Service (RRAS) CVE-2023-35365 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Critical
Windows Server Update Service CVE-2023-35317 Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability Important
Windows Server Update Service CVE-2023-32056 Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability Important
Windows SmartScreen CVE-2023-32049 Windows SmartScreen Security Feature Bypass Vulnerability Important
Windows SPNEGO Extended Negotiation CVE-2023-35330 Windows Extended Negotiation Denial of Service Vulnerability Important
Windows Transaction Manager CVE-2023-35328 Windows Transaction Manager Elevation of Privilege Vulnerability Important
Windows Update Orchestrator Service CVE-2023-32041 Windows Update Orchestrator Service Information Disclosure Vulnerability Important
Windows VOLSNAP.SYS CVE-2023-35312 Microsoft VOLSNAP.SYS Elevation of Privilege Vulnerability Important
Windows Volume Shadow Copy CVE-2023-32054 Volume Shadow Copy Elevation of Privilege Vulnerability Important
Windows Win32K CVE-2023-35337 Win32k Elevation of Privilege Vulnerability Important

Related Articles:

Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws

Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws

Windows 10 KB5046613 update released with fixes for printer bugs

Hackers target critical zero-day vulnerability in PTZ cameras

Google: 70% of exploited flaws disclosed in 2023 were zero-days