Patch Tuesday – M. Walters, VP of Vulnerability and Threat Research at Action1, comments

July 12, 2023

This Patch Tuesday, Microsoft has released a significant number of updates, addressing a total of 142 vulnerabilities. This includes 132 new fixes and updates for 10 previously addressed issues, resulting in a record-breaking number of fixes for the year. Among these, there are nine critical vulnerabilities that have been resolved, along with an update for an older critical vulnerability. This month’s updates also cover six zero-day vulnerabilities, with one of them publicly disclosed, and an update for a previously patched zero-day. Additionally, one older vulnerability now has a Proof of Concept (PoC) available.

Now, let’s dive into the details of the most noteworthy critical updates.

Office and Windows HTML Remote Code Execution Vulnerability

Office and Windows HTML Remote Code Execution Vulnerability (CVE-2023-36884) is an important zero-day vulnerability that impacts Office and Windows HTML. It possesses a network attack vector with high complexity, requiring user interaction but not elevated privileges. With a CVSS rating of 8.3, it is categorized as important, although it could potentially warrant an even higher severity if executed with user interaction and complexity. The vulnerability affects all versions of Windows Server from 2008 onwards, Windows 10, as well as Microsoft Word and Microsoft Office versions 2013 and later.

Exploiting this vulnerability entails an attacker creating a specially crafted Microsoft Office document capable of executing remote code in the victim’s context. However, it is important to note that convincing the victim to open the malicious file is a prerequisite for a successful attack.

Microsoft has outlined certain mitigation steps to address this issue. Within existing attack chains, implementing the “Block all Office applications from creating child processes” attack surface reduction rule can thwart the exploitation of this vulnerability. For organizations unable to leverage this protection, an alternative approach involves configuring the FEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION registry key to prevent exploitation. It is worth noting that while these registry settings can mitigate the vulnerability’s exploitation, they may impact normal functionality in certain use cases associated with these applications. To implement this approach, add the application names listed as values of type REG_DWORD with data 1 to the registry key.

Given Microsoft’s confirmation of active exploitation and the absence of available workarounds, it is crucial to prioritize updating systems to address this vulnerability promptly.

Microsoft Outlook Security Feature Bypass Vulnerability

Microsoft Outlook Security Feature Bypass Vulnerability (CVE-2023-35311) is another important zero-day vulnerability impacting Microsoft Outlook. It utilizes a network attack vector with low attack complexity, requiring user interaction but not elevated privileges. With a CVSS rating of 8.8, it is considered a significant vulnerability, although its severity could have been higher if user interaction was not required. It’s important to note that this vulnerability specifically allows bypassing Microsoft Outlook security features and does not enable remote code execution or privilege escalation. Therefore, attackers are likely to combine it with other exploits for a comprehensive attack. The vulnerability affects all versions of Microsoft Outlook from 2013 onwards.

To compromise a user, the attacker would need the user to click on a specially crafted URL. Notably, the attacker can bypass the Microsoft Outlook security prompt even in preview mode.

Given that this vulnerability is already being exploited and can be used in conjunction with other exploits, it is strongly recommended to apply the available update promptly.

Windows Error Reporting Service Elevation of Privilege Vulnerability

Windows Error Reporting Service Elevation of Privilege Vulnerability (CVE-2023-36874) is an important zero-day vulnerability that impacts the Windows Error Reporting Service. It can be exploited locally with low complexity and without requiring elevated privileges or user interaction. The vulnerability has a CVSS rating of 7.8, indicating its severity. However, it should be noted that this rating would be even higher if the vulnerability allowed remote attacks without requiring elevated privileges.

To exploit this vulnerability, an attacker needs to gain access to the system using other exploits or harvested credentials. The compromised user account must have the ability to create folders and performance traces on the computer, which is typically available to normal users by default. This vulnerability affects all versions of Microsoft Windows Server from 2008 onwards, as well as Windows 10 and later versions.

Successful exploitation of this vulnerability could grant the attacker administrative privileges, enabling them to escalate their privileges and perform various malicious actions.

Due to the ongoing exploitation of this vulnerability and its potential combination with other exploits, it is highly recommended to apply the available update as soon as possible.

Windows MSHTML Platform Elevation of Privilege Vulnerability

Windows MSHTML Platform Elevation of Privilege Vulnerability (CVE-2023-32046) is a critical zero-day security concern affecting the MSHTML platform in Windows. This vulnerability possesses a local attack vector with a low complexity of attack and does not require elevated privileges. However, user interaction is necessary for exploitation. It has received a CVSS rating of 7.8, indicating its severity. Note that the rating would have been higher if the vulnerability allowed remote attacks without requiring user interaction.

To exploit this vulnerability, a user must open a specifically crafted file. In an email attack scenario, an attacker may send the manipulated file to the user and deceive them into opening it. Similarly, in a web-based attack scenario, the attacker may host a website containing the specially crafted file intended to exploit the vulnerability.

It is crucial to understand that the attacker cannot compel users to visit the malicious website. Instead, they must convince users to click on a link, typically through enticing email messages or instant messages, and then persuade them to open the specifically crafted file.

It is important to note that the attacker would only acquire the rights of the user running the affected application. Therefore, if a user does not possess administrative rights on the computer, neither does the attacker.
Considering that this vulnerability is actively being exploited and has the potential to be combined with other exploits, it is strongly advised to promptly apply the available update.

Source: https://www.action1.com/patch-tuesday-july-2023/?vyj

facebookShare on Facebook
TwitterTweet
FollowFollow us
PinterestSave

More Stories

AI, cloud, and data: How cybersecurity brands are pioneering the future of security

July 26, 2024

Human Awareness Is Back in Cybersecurity

July 26, 2024

HMD Crest and HMD Crest Max 5G Smartphones Launched in India on Amazon Specials: Combining High-End Photography with Stylish Design

July 26, 2024

Leave a Reply

Your email address will not be published. Required fields are marked *

Latest News Stories

AU SFB Q1 FY25: Profit Up 30% to ₹503 Cr, NII Grows 54% YoY

July 26, 2024

Limited seats available for admission to Future-ready Career Programmes in NIIT University

July 26, 2024

Channelplay Limited Awarded PAN India POSM Production and Deployment Mandate by Livfast

July 26, 2024

ADP Donates to Leprosy Patients in Collaboration with the LEPRA Society

July 26, 2024

Mankind Pharma to acquire 100% stake in BSV

July 26, 2024