Patch Tuesday – 9 critical CVEs & 6 zero-day vulnerability
Microsoft released its monthly security updates on July 11, 2023. The updates fixed six zero-day vulnerabilities that were known to be exploited in the wild. Nine of the 132 vulnerabilities were rated as critical and 122 as important. The updates also included one Defense-in-depth update (ADV230001) where attackers were abusing Microsoft certified drivers as a post-exploitation activity. Organizations should be aware of this vulnerability and take steps to protect their systems. They should apply the latest security updates and review their driver settings to make sure that only trusted drivers are installed.
Let’s take a closer look at the most interesting updates for this month.
⭕ Notable Critical Microsoft Vulnerabilities
Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability
- CVE-2023-35315 is a RCE Vulnerability affecting Windows Server configured as a Layer-2 bridge. An unauthenticated attacker must gain access to the restricted network before running an attack by sending specially crafted file operation requests to Windows Server. Successful exploitation will lead to remote code execution on the target system.
Windows Remote Desktop Security Feature Bypass Vulnerability
- CVE-2023-35352 affects Windows Remote Desktop, successful exploitation of the vulnerability would allow an attacker to bypass certificate of private key authentication when establishing a remote desktop protocol session.
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
- CVE-2023-35365, CVE-2023-35366, and CVE-2023-35367 - Routing and Remote Access Service (RRAS) is a networking and routing service that provides dial-up or VPN connections for remote users or site-to-site connectivity. It allows organizations to connect to the internet, other networks, or remote users securely via VPN connections. To exploit this vulnerability, an attacker must send specially crafted packets to a server configured with the RRAS service running. This can be done by sending the packets from a compromised computer or by using a botnet to send the packets from multiple computers. Once the packets are sent, they can exploit a vulnerability in the RRAS service and gain control of the server.
Microsoft Message Queuing Remote Code Execution Vulnerability
- CVE-2023-32057 - Message Queuing (MSMQ) is a Microsoft protocol that ensures reliable communication between Windows computers across different networks. It does this by maintaining a queue of undelivered messages, so that messages can be sent even if a host is temporarily not connected. An attacker can exploit a vulnerability in MSMQ by sending a malicious packet to an MSMQ server. If the exploit is successful, the attacker can execute arbitrary code on the server side. This means that the attacker could take control of the server or install malware.
Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
- CVE-2023-35297 - Pragmatic General Multicast (PGM) is a multicast computer network transport protocol that provides a reliable sequence of packets to multiple recipients simultaneously. It is often used for multi-receiver file transfer applications. An attack on PGM can only be performed on systems that are connected to the same network segment as the attacker. This is because PGM uses multicast packets, which are only delivered to systems that are on the same network segment. The attack cannot be performed across multiple networks, such as a WAN.
Zero-Day Microsoft Vulnerabilities
Windows MSHTML Platform Elevation of Privilege Vulnerability
- CVE-2023-32046 - Windows MSHTML is a browser engine that renders web pages and is frequently used by Internet Explorer. Even though Internet Explorer 11 has reached the end of support, MSHTML vulnerabilities are still relevant today and are being patched by Microsoft. This vulnerability can be exploited in both email and web-based attack scenarios.In an email attack scenario, an attacker would send a specially crafted file to the user and convince them to open it. In a web-based attack scenario, the attacker may either create a malicious website or compromise an existing one that accepts or hosts user-provided content. The malicious website would contain the specially crafted file aimed at exploiting the vulnerability.
Windows Error Reporting Service Elevation of Privilege Vulnerability
- CVE-2023-36874 - Windows Error Reporting functions as an event-based feedback system intended to gather data regarding detected issues on Windows systems. This service then forwards the gathered information to Microsoft while offering users potential solutions.To take advantage of this vulnerability, the attacker needs physical access to the targeted machine. Additionally, the user must possess permissions to create folders and performance traces on the device, typically restricted to the privileges that regular users have by default. Upon successful exploitation, the attacker would be able to elevate their privileges to that of an administrator.
Microsoft Outlook Security Feature Bypass Vulnerability
- CVE-2023-35311 - To exploit this vulnerability successfully, the attacker needs to transmit a specifically crafted URL. Upon successful exploitation, the attacker may be able to bypass the Microsoft Outlook Security Notice prompt.
Windows SmartScreen Security Feature Bypass Vulnerability
- CVE-2023-32049 - To take advantage of this vulnerability, the attacker must entice users into clicking on a specially crafted URL. If successful, the attacker can bypass the "Open File – Security Warning" prompt during the exploitation process.
Office and Windows HTML Remote Code Execution Vulnerability
- CVE-2023-36884 - Microsoft is aware of exploitation attempts using specially-crafted Office documents for remote code execution. Targets were defense and government entities in Europe and North America. The Russian cybercriminal group Storm-0978 used it to deliver a RomCom-like backdoor. No patch released yet, but mitigation options exist.
Runecast Analyzer covers all 101 vulnerabilities that affect Windows operating systems, all mentioned below:
Important | Windows Error Reporting Service Elevation of Privilege Vulnerability
CVE-2023-36874
⭕ Critical | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2023-35367
⭕ Critical | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2023-35366
⭕ Critical | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2023-35365
Important | Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-35364
Important | Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-35363
Important | Windows Clip Service Elevation of Privilege Vulnerability
CVE-2023-35362
Important | Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-35361
Important | Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-35360
Important | Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-35358
Important | Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-35357
Important | Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-35356
Important | Connected User Experiences and Telemetry Elevation of Privilege Vulnerability
CVE-2023-35353
⭕ Critical | Windows Remote Desktop Security Feature Bypass Vulnerability
CVE-2023-35352
Important | Windows Active Directory Certificate Services (AD CS) Remote Code Execution Vulnerability
CVE-2023-35351
Important | Windows Active Directory Certificate Services (AD CS) Remote Code Execution Vulnerability
CVE-2023-35350
Important | Active Directory Federation Service Security Feature Bypass Vulnerability
CVE-2023-35348
Important | Microsoft Install Service Elevation of Privilege Vulnerability
CVE-2023-35347
Important | Windows DNS Server Remote Code Execution Vulnerability
CVE-2023-35346
Important | Windows DNS Server Remote Code Execution Vulnerability
CVE-2023-35345
Important | Windows DNS Server Remote Code Execution Vulnerability
CVE-2023-35344
Important | Windows Geolocation Service Remote Code Execution Vulnerability
CVE-2023-35343
Important | Windows Image Acquisition Elevation of Privilege Vulnerability
CVE-2023-35342
Important | Microsoft DirectMusic Information Disclosure Vulnerability
CVE-2023-35341
Important | Windows CNG Key Isolation Service Elevation of Privilege Vulnerability
CVE-2023-35340
Important | Windows CryptoAPI Denial of Service Vulnerability
CVE-2023-35339
Important | Windows Peer Name Resolution Protocol Denial of Service Vulnerability
CVE-2023-35338
Important | Win32k Elevation of Privilege Vulnerability
CVE-2023-35337
Important | Windows MSHTML Platform Security Feature Bypass Vulnerability
CVE-2023-35336
Windows Remote Desktop Protocol Security Feature Bypass
CVE-2023-35332
Windows Local Security Authority (LSA) Denial of Service Vulnerability
CVE-2023-35331
Important | Windows Extended Negotiation Denial of Service Vulnerability
CVE-2023-35330
Important | Windows Authentication Denial of Service Vulnerability
CVE-2023-35329
Important | Windows Transaction Manager Elevation of Privilege Vulnerability
CVE-2023-35328
Important | Windows CDP User Components Information Disclosure Vulnerability
CVE-2023-35326
Important | Windows Print Spooler Information Disclosure Vulnerability
CVE-2023-35325
Important | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
CVE-2023-35324
Important | Windows OLE Remote Code Execution Vulnerability
CVE-2023-35323
Important | Windows Deployment Services Remote Code Execution Vulnerability
CVE-2023-35322
Important | Windows Deployment Services Denial of Service Vulnerability
CVE-2023-35321
Important | Connected User Experiences and Telemetry Elevation of Privilege Vulnerability
CVE-2023-35320
Important | Remote Procedure Call Runtime Denial of Service Vulnerability
CVE-2023-35319
Important | Remote Procedure Call Runtime Denial of Service Vulnerability
CVE-2023-35318
Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability
CVE-2023-35317
Important | Remote Procedure Call Runtime Information Disclosure Vulnerability
CVE-2023-35316
⭕ Critical | Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability
CVE-2023-35315
Important | Remote Procedure Call Runtime Denial of Service Vulnerability
CVE-2023-35314
Important | Windows Online Certificate Status Protocol (OCSP) SnapIn Remote Code Execution Vulnerability
CVE-2023-35313
Important | Microsoft VOLSNAP.SYS Elevation of Privilege Vulnerabilit
CVE-2023-35312
Important | Windows DNS Server Remote Code Execution Vulnerability
CVE-2023-35310
Important | Microsoft Message Queuing Remote Code Execution Vulnerability
CVE-2023-35309
Important | Windows MSHTML Platform Security Feature Bypass Vulnerabilit
CVE-2023-35308
Important | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
CVE-2023-35306
Important | Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-35305
Important | Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-35304
Important | USB Audio Class System Driver Remote Code Execution Vulnerability
CVE-2023-35303
Important | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
CVE-2023-35302
Important | Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2023-35300
Important | Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2023-35299
Important | HTTP.sys Denial of Service Vulnerability
CVE-2023-35298
⭕ Critical | Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
CVE-2023-35297
Important | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
CVE-2023-35296
Important | Windows Cryptographic Information Disclosure Vulnerability
CVE-2023-33174
Important | Remote Procedure Call Runtime Denial of Service Vulnerability
CVE-2023-33173
Important | Remote Procedure Call Runtime Denial of Service Vulnerability
CVE-2023-33172
Important | Remote Procedure Call Runtime Denial of Service Vulnerability
CVE-2023-33169
Important | Remote Procedure Call Runtime Denial of Service Vulnerability
CVE-2023-33168
Important | Remote Procedure Call Runtime Denial of Service Vulnerability
CVE-2023-33167
Important | Remote Procedure Call Runtime Denial of Service Vulnerability
CVE-2023-33166
Important | Remote Procedure Call Runtime Denial of Service Vulnerability
CVE-2023-33164
Important | Windows Network Load Balancing Remote Code Execution Vulnerability
CVE-2023-33163
Important | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVE-2023-33155
Important | Windows Partition Management Driver Elevation of Privilege Vulnerability
CVE-2023-33154
Important | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
CVE-2023-32085
Important | HTTP.sys Denial of Service Vulnerability
CVE-2023-32084
Important | Microsoft Failover Cluster Information Disclosure Vulnerability
CVE-2023-32083
⭕ Critical | Microsoft Message Queuing Remote Code Execution Vulnerability
CVE-2023-32057
Important | Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability
CVE-2023-32056
Important | Active Template Library Elevation of Privilege Vulnerability
CVE-2023-32055
Important | Volume Shadow Copy Elevation of Privilege Vulnerability
CVE-2023-32054
Important | Windows Installer Elevation of Privilege Vulnerability
CVE-2023-32053
Important | Windows Installer Elevation of Privilege Vulnerability
CVE-2023-32050
Important | Windows SmartScreen Security Feature Bypass Vulnerability
CVE-2023-32049
Important | Windows MSHTML Platform Elevation of Privilege Vulnerability
CVE-2023-32046
Important | Microsoft Message Queuing Denial of Service Vulnerability
CVE-2023-32045
Important | Microsoft Message Queuing Denial of Service Vulnerability
CVE-2023-32044
Important | Windows Remote Desktop Security Feature Bypass Vulnerability
CVE-2023-32043
Important | OLE Automation Information Disclosure Vulnerability
CVE-2023-32042
Important | Windows Update Orchestrator Service Information Disclosure Vulnerability
CVE-2023-32041
Important | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
CVE-2023-32040
Important | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
CVE-2023-32039
Important | Microsoft ODBC Driver Remote Code Execution Vulnerability
CVE-2023-32038
Windows Layer-2 Bridge Network Driver Information Disclosure Vulnerability
CVE-2023-32037
Important | Remote Procedure Call Runtime Denial of Service Vulnerability
CVE-2023-32035
Important | Remote Procedure Call Runtime Denial of Service Vulnerability
CVE-2023-32034
Important | Microsoft Failover Cluster Remote Code Execution Vulnerability
CVE-2023-32033
Important | Secure Boot Security Feature Bypass Vulnerability
CVE-2023-24932
Important | Windows Win32k Elevation of Privilege Vulnerability
CVE-2023-21756
Windows Netlogon Information Disclosure Vulnerability
CVE-2023-21526
Important | Netlogon RPC Elevation of Privilege Vulnerability
CVE-2022-38023
Important | Windows Kerberos Elevation of Privilege Vulnerability
CVE-2022-37967
Runecast protects you against all of these
At Runecast we ensure that all operating systems vulnerabilities are covered, so you can focus on mitigating threats and ensuring your system is running safe and secure. We keep you updated about the latest vulnerabilities, exploits and security compliance research and pride ourselves on responding quickly and decisively to key news in the IT Security and Operations spaces.
Runecast is an AI-powered platform that gives you complete visibility and control over potential vulnerabilities in your environment. It provides best practices, risk-based vulnerability management, security and compliance to ensure every aspect of your environment is protected. In addition, Runecast also provides explicit instructions and generates custom remediation scripts, ensuring rapid compliance within the environment. The Runecast platform can be deployed to AWS, Azure, Google Cloud, Kubernetes, and VMware environments and operates securely on-premises.
Meet other Runecasters here:
Run Secure and Compliant Workloads Anywhere
Detect and assess risks and be fully compliant in minutes.