Microsoft's July 2023 Patch Tuesday announcement covered security updates for 132 flaws, including 6 actively exploited and 37 remote code execution vulnerabilities, 9 of which are deemed critical.
The 6 actively exploited flaws are:
-
The Windows MSHTML Platform Elevation of Privilege Vulnerability was an actively exploited privilege elevation vulnerability in Windows MSHTML that was exploited by opening a specially crafted file through email or malicious websites.
-
The Windows SmartScreen Security Feature Bypass Vulnerability allowed threat actors to prevent the display of the Open File Security Warning Prompt when downloading and opening files from the Internet. The prompt notifies the user with a warning before interacting with files from the web.
-
Windows Error Reporting Service Elevation of Privilege Vulnerability allowed threat actors to gain administrator privileges on the Windows device.
-
The Office and Windows HTML Remote Code Execution Vulnerability allowed an attacker to create a Microsoft Office document that enables them to perform remote code execution in the context of the victim. This vulnerability had previously been used by multiple ransomware groups.
-
Guidance on Microsoft Signed Drivers Being Used Maliciously has been released explaining that Microsoft has revoked code-signing certificates and developer accounts that abused a Windows policy loophole to install malicious kernel-mode drivers.
-
The Microsoft Outlook Security Feature Bypass Vulnerability was actively exploited and allowed an attacker to bypass the Microsoft Outlook Security Notice prompt which even worked in the preview pane.
The full list of vulnerabilities in July's Patch Tuesday announcement is shared in this article. Links to information on each critical vulnerability in this list are also available.
- Microsoft SharePoint Server Remote Code Execution Vulnerability
- Microsoft SharePoint Remote Code Execution Vulnerability
- Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability
- Microsoft Message Queuing Remote Code Execution Vulnerability
- Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
- Windows Remote Desktop Security Feature Bypass Vulnerability
- 3 separate Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerabilities
It is highly recommended that you update your Microsoft products with the latest security patch. If you need assistance updating and protecting your Microsoft environment, contact PCS today.