Microsoft has released its July 2023 Patch Tuesday updates, which includes fixes for 132 vulnerabilities. Of these vulnerabilities, six are actively exploited zero-day vulnerabilities.
- A privilege elevation flaw in Windows MSHTML would allow a threat actor to gain the user’s rights when opening a malicious file spread via phishing or malicious sites. CVE-2023-32046 – CVSS: 7.8
- A zero day in Windows SmartScreen would allow a threat actor to disable the display of the SmartScreen prompt when downloading and opening files from the internet. CVE-2023-32049 – CVSS: 8.8
- A zero-day in Windows Error Reporting would allow a local threat actor to escalate their privileges to administrator. CVE-2023-36874 – CVSS: 7.8
- A publicly disclosed, unpatched zero day in Microsoft Office and Windows would allow remote code execution (RCE) using malicious Microsoft Office documents. Microsoft has released guidance on this zero day. CVE-2023-36884 – CVSS: 8.3
- A Microsoft Outlook zero-day vulnerability would allow for bypassing security warnings. CVE-2023-35311 – CVSS: 8.8
- Microsoft released a patch for a vulnerability which would allow a threat actor to forge kernel-mode driver signatures using revoked or expired certificates. To learn more, check out our previous blog on the subject. ADV230001
The patches and guidance for these zero days, and the rest of the 132 vulnerabilities, are available through Windows Update. They should be applied as soon as possible to mitigate these threats.
To stay up to date on all APG intel, follow them on Twitter and Reddit.