Microsoft Releases Important Critical Patches

Microsoft released a number of patches to address 142 vulnerabilities including six zero days as part of July Patch Tuesday. These updates, which contain 132 fixes as well as updates to 10 issues previously addressed, represent a record number of fixes this year.

Nine of the vulnerabilities are considered critical and one zero-day has been made public. A previously patched Zero-Day was also updated. A Proof of Concept is also available for an older vulnerability.

The impact of these vulnerabilities varies. Some allow remote code execution while others enable privilege escalation. Others bypass security features. These vulnerabilities affect many Microsoft products including Windows Server 2008 and later versions, Microsoft Word, Microsoft Office 2013 and later versions, and Microsoft Outlook starting in 2013.

Microsoft has encouraged users to update their systems as soon as possible to fix these vulnerabilities, due to the active exploitation for some of them and the lack of workarounds available for others.

In the weeks to come, IT departments around the world will be faced with a heavy workload as they apply these patches to secure their systems. This Patch Tuesday highlights the challenge of maintaining cybersecurity within an increasingly complex digital environment. TechTarget , Action1 and TechTarget provide detailed information on the impact of vulnerabilities and new patches.

Zero-Day Vulnerabilities Dealt with Recently Microsoft

1. Office and Windows HTML Remote Code Execution Vulnerability (CVE-2023-36884)This is a significant zero-day vulnerability affecting Microsoft Office and Windows HTML. It has a network attack vector with high complexity, requiring user interaction but not elevated privileges. The vulnerability impacts all versions of Windows Server from 2008 onwards, Windows 10, as well as Microsoft Word and Microsoft Office versions 2013 and later. Exploitation involves an attacker creating a specially crafted Microsoft Office document capable of executing remote code in the victim’s context. Microsoft has outlined mitigation steps, but due to active exploitation, it is crucial to prioritize system updates.
2. Microsoft Outlook Security Feature Bypass Vulnerability (CVE-2023-35311)This is an important zero-day vulnerability impacting Microsoft Outlook. It utilizes a network attack vector with low attack complexity, requiring user interaction but not elevated privileges. The vulnerability specifically allows bypassing Microsoft Outlook security features and does not enable remote code execution or privilege escalation. Therefore, attackers are likely to combine it with other exploits for a comprehensive attack. The vulnerability affects all versions of Microsoft Outlook from 2013 onwards. Given that this vulnerability is already being exploited, it is strongly recommended to apply the available update promptly.
3. Windows Error Reporting Service Elevation of Privilege Vulnerability (CVE-2023-36874)This is an important zero-day vulnerability that impacts the Windows Error Reporting Service. It can be exploited locally with low complexity and without requiring elevated privileges or user interaction. The vulnerability affects all versions of Microsoft Windows Server from 2008 onwards, as well as Windows 10 and later versions. Successful exploitation could grant the attacker administrative privileges, enabling them to escalate their privileges and perform various malicious actions. Due to the ongoing exploitation of this vulnerability, it is highly recommended to apply the available update as soon as possible.
4. Windows MSHTML Platform Elevation of Privilege Vulnerability (CVE-2023-32046)This is a critical zero-day security concern affecting the MSHTML platform in Windows. This vulnerability possesses a local attack vector with a low complexity of attack and does not require elevated privileges. However, user interaction is necessary for exploitation. To exploit this vulnerability, a user must open a specifically crafted file. Considering that this vulnerability is actively being exploited, it is strongly advised to promptly apply the available update.
5. Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerabilities (CVE-2023-35366, CVE-2023-35367, and CVE-2023-35365)These have been identified as critical security risks and have been addressed by Microsoft. These vulnerabilities share similar characteristics, including a network attack vector, low complexity of attack, no privileges required, and no user interaction. However, these vulnerabilities would only pose a significant threat if Windows Routing and Remote Access Service role was installed on a Windows Server. Exploiting these vulnerabilities requires an attacker to send specifically crafted packets to a server that has the Routing and Remote Access Service running. It is imperative to apply the update if you have the RRAS role installed on your server. These vulnerabilities affect all Windows servers from 2008 onwards and Windows 10.