July’s Patch Tuesday Demands Attention
July’s Patch Tuesday release from Microsoft marks a decidedly heavy month for IT admins with 129 vulnerabilities to patch, including 5 (yes, you read that right) zero-days and 9 critical vulnerabilities.
Admins will want to make quick moves on this month’s zero-days, which include a security feature bypass vulnerability in Microsoft Outlook (CVE-2023-35311) that is sure to be popular among bad actors.
In addition to the Outlook vulnerability, there are four other zero-days to prioritize this month:
CVE-2023-36884 Office and Windows HTML Remote Code Execution Vulnerability
CVE-2023-36874 Windows Error Reporting Service Elevation of Privilege Vulnerability
CVE-2023-32049 Windows SmartScreen Security Feature Bypass Vulnerability
CVE-2023-32046 Windows MSHTML Platform Elevation of Privilege Vulnerability
Also of note for those who are running Windows Routing and Remote Access Service (RRAS) on their servers are three critical remote code execution (RCE) vulnerabilities each scoring a CVSS 9.8.
Keep reading for added detail on some of the patches you’ll want to focus on this month.
Microsoft Patch Tuesday Vulnerabilities: A Brief History
CVE-2023-35311
Microsoft Outlook Security Feature Bypass Vulnerability [IMPORTANT]
CVE-2023-35311 is an actively exploited zero-day vulnerability in Microsoft’s Outlook application. This vulnerability scores a CVSS 8.8 and opens the door to an attacker bypassing the Microsoft Outlook Security Notice prompt, leading to unauthorized access and/or the execution of malicious actions. In this attack scenario, the user would have to click on a unique URL to be compromised.
Because Outlook is a popular email client, the potential impact for organizations if this vulnerability is left unpatched could be severe. This vulnerability is perfect fuel for phishing and will be especially popular with criminal actors to potentially enable a ransomware or fraud event. We recommend patching within 24 hours to mitigate. – Jason Kikta, CISO/CIO
CVE-2023-35365, CVE-2023-35366, and CVE-2023-35367
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerabilities [CRITICAL]
These three CVEs all score a CVSS 9.8 and affect the Windows Routing and Remote Access Service (RRAS). In a remote code execution attack, a bad actor could target Windows servers with RRAS running.
Windows RRAS is a built-in networking component in Microsoft Windows Server operating systems that provides routing and remote access capabilities. RRAS enables computers running Windows Server to function as routers, virtual private network (VPN) servers, and dial-up servers. RRAS is not installed by default on Windows servers.
A successful attacker could modify network configurations, steal data, move to other more critical/important systems, or create additional accounts for persistent access to the device.
We recommend patching all three RRAS RCE vulnerabilities within 24 hours if you are running RRAS on your Windows servers.– Tom Bowyer, Product Security
CVE-2023-36874
Windows Error Reporting Service Elevation of Privilege Vulnerability [IMPORTANT]
CVE-2023-36874 is a zero-day elevation of privilege vulnerability affecting Windows Error Reporting (WER) service. The CVE scores a CVSS 7.8 and gives a successful attacker the means to obtain administrator privileges.
The WER service is a feature in Microsoft Windows operating systems that automatically collects and sends error reports to Microsoft when certain software crashes or encounters other types of errors. In this instance, an attacker would need to gain local machine access and the local user account would need permissions to create folders and performance traces for a successful attack.
This zero-day vulnerability is being actively exploited, so if WER is used by your organization we recommend patching within 24 hours. – Tom Bowyer, Product Security
CVE-2023-32046
Windows MSHTML Platform Elevation of Privilege Vulnerability [IMPORTANT]
CVE-2023-32046 is another zero-day elevation of privilege vulnerability that affects Windows Microsoft HTML (MSHTML) platform. The vulnerability is ranked ‘important’ and scores a CVSS 7.8. Successful exploitation allows an attacker to gain local user permissions in the affected application.
The Windows MSHTML platform, also known as Trident, is a browser rendering engine developed by Microsoft. It is used by various Microsoft products, including Internet Explorer and Microsoft Edge (versions up to and including EdgeHTML). Attackers could exploit this privilege escalation vulnerability via email, instant message, or web-based application by enticing a user to open a specially crafted file.
This vulnerability is likely lower impact, but because it’s a zero-day being actively exploited, it’s safest to patch within 24 hours. – Jason Kikta, CISO/CIO
CVE-2023-32049
Windows SmartScreen Security Feature Bypass Vulnerability [IMPORTANT]
CVE-2023-32049 is another actively exploited zero-day vulnerability with a CVSS 8.8 affecting Windows SmartScreen. A successful attack would allow a bad actor to bypass the Open File - Security Warning prompt in the Windows SmartScreen built-in security feature. Patch within 24 hours to avoid exploitation. – Tom Bowyer, Product Security
Tired of the Patch Tuesday fire drill? Automate it in 30 seconds with Automox and sleep well knowing you’re covered next month.
Automate your Patch Tuesday Fixes Now with SRC Cyber Solutions sales@srccybersolutions
We provides a 100% CloudNative IT Endpoint operations platform for modern organizations. As a comprehensive EndPointManagement Platform, it has advanced SoftwareManagement for PatchManagement, Adding, Removing, and Updating Software, Changing and Configure Settings along with PolicyManagement on any device or operating system located anywhere in the world and at any time. With the push of a button, ITAdministartors can fix CriticalVulnerabilities faster, slash cost and complexity, and win back hours in the day.If you want to know more kindly Click here