Cookie Consent by Free Privacy Policy Generator ๐Ÿ“Œ The July 2023 Security Update Review

๐Ÿ  Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeitrรคge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden รœberblick รผber die wichtigsten Aspekte der IT-Sicherheit in einer sich stรคndig verรคndernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch รผbersetzen, erst Englisch auswรคhlen dann wieder Deutsch!

Google Android Playstore Download Button fรผr Team IT Security



๐Ÿ“š The July 2023 Security Update Review


๐Ÿ’ก Newskategorie: Hacking
๐Ÿ”— Quelle: thezdi.com

Itโ€™s the second Tuesday of the month, which means Adobe and Microsoft have released their latest security patches. Take a break from your regularly scheduled activities and join us as we review the details of their latest advisories. If youโ€™d rather watch the video recap, you can check it out here.

Apple Patches for July 2023

Apple doesnโ€™t conform to โ€œPatch Tuesday,โ€ but they started things off yesterday with an emergency patch for macOS, iOS, and iPadOS. The bug in Webkit is labeled as CVE-2023-34750. Apple notes the vulnerability has been reported to be under active attack. Apple terms these emergency patches as โ€œRapid Security Response (RSR)โ€ and reserves them for the most critical components where exploitation has been detected in the wild. Apple also notes this update is causing problems rendering certain websites. You should expect an update in the near future. I would anticipate this CVE to be patched on other supported macOS versions soon as well.

Adobe Patches for July 2023

For July, Adobe released two patches addressing 15 CVEs in Adobe InDesign and ColdFusion. The patch for ColdFusion is arguably more critical as it contains a CVSS 9.8-rated remote code execution bug. The bulletin also recommends reading (and implementing) the ColdFusion Lockdown guide and updating your ColdFusion JDK/JRE to the latest version of the LTS releases for JDK 17 where applicable. The fix for InDesign corrects one Critical and 11 Important rated bugs. The most sever of these could lead to code execution when opening a specially crafted file.

None of the bugs fixed by Adobe this month are listed as publicly known or under active attack at the time of release. Adobe categorizes these updates as a deployment priority rating of 3.

Microsoft Patches for July 2023

This month, Microsoft released 130 new patches addressing CVES in Microsoft Windows and Windows Components; Office and Office Components; .NET and Visual Studio; Azure Active Directory and DevOps; Microsoft Dynamics; Printer Drivers; DNS Server; and Remote Desktop. One of these CVEs was reported through the ZDI program, but if you check out our upcoming page, youโ€™ll find quite a few more awaiting resolution.

Of the new patches released today, nine are rated Critical and 121 are rated Important in severity. This volume of fixes is the highest weโ€™ve seen in the last few years, although itโ€™s not unusual to see Microsoft ship a large number of patches right before the Black Hat USA conference. It will be interesting to see if the August release, which comes the day before the Black Hat briefings, will also be a large release.

One of the CVEs released today is listed as being publicly known, but five(!) are listed as being under active attack at the time of release. Letโ€™s take a closer look at some of the more interesting updates for this month, starting with the multiple bugs currently being exploited in the wild:

-ย ย ย ย ย ย  CVE-2023-36884 โ€“ Office and Windows HTML Remote Code Execution Vulnerability
Of the five active attacks receiving patches today, this is arguably the most severe. Microsoft states they are aware of targeted exploits using this bug in specially crafted Office documents to get code execution on targeted systems. For now, the keyword there is โ€œtargetedโ€. However, Microsoft has taken the odd action of releasing this CVE without a patch. Thatโ€™s still to come. Their Threat Intelligence team has released this blog with some guidance. Oh, and Microsoft lists this as โ€œImportantโ€. I recommend treating it as Critical.

-ย ย ย ย ย ย  CVE-2023-35311 - Microsoft Outlook Security Feature Bypass Vulnerability
This bug is listed as being under active exploit, but as always, Microsoft provides no information on how broadly these attacks are spread. The bug allows attackers to bypass an Outlook Security Notice prompt after clicking a link. This is likely being paired with some other exploit designed to execute code when opening a file. Outlook should pop a warning dialog, but this vulnerability evades that user prompt. Considering how broadly Outlook is used, this should be your first priority for test and deployment.

-ย ย ย ย ย ย  CVE-2023-36874 - Windows Error Reporting Service Elevation of Privilege Vulnerability
This is the second bug listed as under active attack for July, but it doesnโ€™t affect every user on a system. To elevate to administrative privileges, an attacker would need to have access to a user account with the ability to create folders and performance traces on the target system. Standard user accounts donโ€™t have these permissions by default. Privilege escalations are often combined with code execution exploits to spread malware, and thatโ€™s likely the case here as well.

-ย ย ย ย ย ย  CVE-2023-32046 - Windows MSHTML Platform Elevation of Privilege Vulnerability
This is the final bug listed as being under active attack this month, but itโ€™s not a straightforward privilege escalation. Instead of granting the attacker SYSTEM privileges, it only elevates to the level of the user running the affected application. Of course, many applications run with elevated privileges, so this point may be moot. It still requires a user to click a link or open a file, so remain wary of suspicious-looking attachments or messages.

-ย ย ย ย ย ย  CVE-2023-32049 - Windows SmartScreen Security Feature Bypass Vulnerability
The final exploited bug this month is in the SmartScreen filter. Similar to the Outlook SFB, the bug in SmartScreen allows attackers to evade warning dialog prompts. Again, a user would need to click a link or otherwise take an action to open a file for an attacker to use this. This is likely being paired with another exploit in the wild to take over a system or at least install some form of malware on a target.

-ย ย ย ย ย ย  CVE-2023-32057 - Microsoft Message Queuing Remote Code Execution Vulnerability
Not only is this tied for the highest-rated CVSS (9.8) bug this month, but itโ€™s also nearly identical to a CVE patched back in April. It was even reported by the same researcher. That has all the hallmarks of a failed patch. Either way, this bug could allow unauthenticated remote attackers to execute code with elevated privileges on affected systems where the message queuing service is enabled. You can block TCP port 1801 as a mitigation, but the better choice is to test and deploy the update quickly. Letโ€™s also hope the quality of this patch is higher than the last one.

Hereโ€™s the full list of CVEs released by Microsoft for July 2023:

CVE Title Severity CVSS Public Exploited Type
CVE-2023-36884 Office and Windows HTML Remote Code Execution Vulnerability Important 8.3 Yes Yes RCE
CVE-2023-35311 Microsoft Outlook Security Feature Bypass Vulnerability Important 8.8 No Yes SFB
CVE-2023-36874 Windows Error Reporting Service Elevation of Privilege Vulnerability Important 7.8 No Yes EoP
CVE-2023-32046 Windows MSHTML Platform Elevation of Privilege Vulnerability Important 7.8 No Yes EoP
CVE-2023-32049 Windows SmartScreen Security Feature Bypass Vulnerability Important 8.8 No Yes SFB
CVE-2023-32057 Microsoft Message Queuing Remote Code Execution Vulnerability Critical 9.8 No No RCE
CVE-2023-33157 Microsoft SharePoint Remote Code Execution Vulnerability Critical 8.8 No No RCE
CVE-2023-33160 Microsoft SharePoint Server Remote Code Execution Vulnerability Critical 8.8 No No RCE
CVE-2023-35315 Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability Critical 8.8 No No RCE
CVE-2023-35297 Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability Critical 7.5 No No RCE
CVE-2023-35352 Windows Remote Desktop Security Feature Bypass Vulnerability Critical 7.5 No No SFB
CVE-2023-35365 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Critical 9.8 No No RCE
CVE-2023-35366 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Critical 9.8 No No RCE
CVE-2023-35367 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Critical 9.8 No No RCE
CVE-2023-36871 Azure Active Directory Security Feature Bypass Vulnerability Important 6.5 No No SFB
CVE-2023-33127 .NET and Visual Studio Elevation of Privilege Vulnerability Important 8.1 No No EoP
CVE-2023-35348 Active Directory Federation Service Security Feature Bypass Vulnerability Important 7.5 No No SFB
CVE-2023-32055 Active Template Library Elevation of Privilege Vulnerability Important 6.7 No No EoP
CVE-2023-33170 ASP.NET Core Security Feature Bypass Vulnerability Important 8.1 No No SFB
CVE-2023-36869 Azure DevOps Server Spoofing Vulnerability Important 6.3 No No Spoofing
CVE-2023-35320 Connected User Experiences and Telemetry Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2023-35353 Connected User Experiences and Telemetry Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2023-32084 HTTP.sys Denial of Service Vulnerability Important 7.5 No No DoS
CVE-2023-35298 HTTP.sys Denial of Service Vulnerability Important 7.5 No No DoS
CVE-2023-33152 Microsoft Access Remote Code Execution Vulnerability Important 7 No No RCE
CVE-2023-33156 Microsoft Defender Elevation of Privilege Vulnerability Important 6.3 No No EoP
CVE-2023-33171 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Important 6.1 No No XSS
CVE-2023-35335 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Important 8.2 No No XSS
CVE-2023-33162 Microsoft Excel Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2023-33158 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2023-33161 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2023-32083 Microsoft Failover Cluster Information Disclosure Vulnerability Important 6.5 No No Info
CVE-2023-32033 Microsoft Failover Cluster Remote Code Execution Vulnerability Important 6.6 No No RCE
CVE-2023-35333 Microsoft Media-Wiki Extensions Remote Code Execution Vulnerability Important 7.1 No No RCE
CVE-2023-32044 Microsoft Message Queuing Denial of Service Vulnerability Important 7.5 No No DoS
CVE-2023-32045 Microsoft Message Queuing Denial of Service Vulnerability Important 7.5 No No DoS
CVE-2023-35309 Microsoft Message Queuing Remote Code Execution Vulnerability Important 7.5 No No RCE
CVE-2023-32038 Microsoft ODBC Driver Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2023-33148 Microsoft Office Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2023-33149 Microsoft Office Graphics Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2023-33150 Microsoft Office Security Feature Bypass Vulnerability Important 9.6 No No SFB
CVE-2023-33153 Microsoft Outlook Remote Code Execution Vulnerability Important 6.8 No No RCE
CVE-2023-33151 Microsoft Outlook Spoofing Vulnerability Important 6.5 No No Spoofing
CVE-2023-32039 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2023-32040 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2023-32085 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2023-35296 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability Important 6.5 No No Info
CVE-2023-35306 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2023-35324 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2023-35302 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2023-32052 Microsoft Power Apps Spoofing Vulnerability Important 6.3 No No Spoofing
CVE-2023-33134 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2023-33165 Microsoft SharePoint Server Security Feature Bypass Vulnerability Important 4.3 No No SFB
CVE-2023-33159 Microsoft SharePoint Server Spoofing Vulnerability Important 8.8 No No Spoofing
CVE-2023-35347 Microsoft Store Install Service Elevation of Privilege Vulnerability Important 7.1 No No EoP
CVE-2023-35312 Microsoft VOLSNAP.SYS Elevation of Privilege Vulnerability Important 7.3 No No EoP
CVE-2023-35373 Mono Authenticode Validation Spoofing Vulnerability Important 5.3 No No Spoofing
CVE-2023-32042 OLE Automation Information Disclosure Vulnerability Important 6.5 No No Info
CVE-2023-32047 Paint 3D Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2023-35374 Paint 3D Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2023-32051 Raw Image Extension Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2023-32034 Remote Procedure Call Runtime Denial of Service Vulnerability Important 6.5 No No DoS
CVE-2023-32035 Remote Procedure Call Runtime Denial of Service Vulnerability Important 6.5 No No DoS
CVE-2023-33164 Remote Procedure Call Runtime Denial of Service Vulnerability Important 6.5 No No DoS
CVE-2023-33166 Remote Procedure Call Runtime Denial of Service Vulnerability Important 6.5 No No DoS
CVE-2023-33167 Remote Procedure Call Runtime Denial of Service Vulnerability Important 6.5 No No DoS
CVE-2023-33168 Remote Procedure Call Runtime Denial of Service Vulnerability Important 6.5 No No DoS
CVE-2023-33169 Remote Procedure Call Runtime Denial of Service Vulnerability Important 6.5 No No DoS
CVE-2023-33172 Remote Procedure Call Runtime Denial of Service Vulnerability Important 6.5 No No DoS
CVE-2023-33173 Remote Procedure Call Runtime Denial of Service Vulnerability Important 6.5 No No DoS
CVE-2023-35314 Remote Procedure Call Runtime Denial of Service Vulnerability Important 5.3 No No DoS
CVE-2023-35318 Remote Procedure Call Runtime Denial of Service Vulnerability Important 6.5 No No DoS
CVE-2023-35319 Remote Procedure Call Runtime Denial of Service Vulnerability Important 6.5 No No DoS
CVE-2023-35316 Remote Procedure Call Runtime Information Disclosure Vulnerability Important 6.5 No No Info
CVE-2023-35300 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2023-35303 USB Audio Class System Driver Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2023-36867 Visual Studio Code Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2023-32054 Volume Shadow Copy Elevation of Privilege Vulnerability Important 7.3 No No EoP
CVE-2023-36872 VP9 Video Extensions Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2023-35337 Win32k Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2023-35350 Windows Active Directory Certificate Services (AD CS) Remote Code Execution Vulnerability Important 7.2 No No RCE
CVE-2023-35351 Windows Active Directory Certificate Services (AD CS) Remote Code Execution Vulnerability Important 6.6 No No RCE
CVE-2023-29347 Windows Admin Center Spoofing Vulnerability Important 8.7 No No Spoofing
CVE-2023-35329 Windows Authentication Denial of Service Vulnerability Important 6.5 No No DoS
CVE-2023-35326 Windows CDP User Components Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2023-35362 Windows Clip Service Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2023-33155 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2023-35340 Windows CNG Key Isolation Service Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2023-35299 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2023-35339 Windows CryptoAPI Denial of Service Vulnerability Important 7.5 No No DoS
CVE-2023-33174 Windows Cryptographic Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2023-35321 Windows Deployment Services Denial of Service Vulnerability Important 6.5 No No DoS
CVE-2023-35322 Windows Deployment Services Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2023-35310 Windows DNS Server Remote Code Execution Vulnerability Important 6.6 No No RCE
CVE-2023-35344 Windows DNS Server Remote Code Execution Vulnerability Important 6.6 No No RCE
CVE-2023-35345 Windows DNS Server Remote Code Execution Vulnerability Important 6.6 No No RCE
CVE-2023-35346 Windows DNS Server Remote Code Execution Vulnerability Important 6.6 No No RCE
CVE-2023-35330 Windows Extended Negotiation Denial of Service Vulnerability Important 6.2 No No DoS
CVE-2023-35343 Windows Geolocation Service Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2023-35342 Windows Image Acquisition Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2023-32050 Windows Installer Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2023-32053 Windows Installer Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2023-35304 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2023-35305 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2023-35356 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2023-35357 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2023-35358 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2023-35360 Windows Kernel Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2023-35361 Windows Kernel Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2023-35363 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2023-35364 Windows Kernel Elevation of Privilege Vulnerability Important 8.8 No No EoP
CVE-2023-32037 Windows Layer-2 Bridge Network Driver Information Disclosure Vulnerability Important 6.5 No No Info
CVE-2023-35331 Windows Local Security Authority (LSA) Denial of Service Vulnerability Important 6.5 No No DoS
CVE-2023-35341 Windows Media Information Disclosure Vulnerability Important 6.2 No No Info
CVE-2023-35308 Windows MSHTML Platform Security Feature Bypass Vulnerability Important 4.4 No No SFB
CVE-2023-35336 Windows MSHTML Platform Security Feature Bypass Vulnerability Important 6.5 No No SFB
CVE-2023-21526 Windows Netlogon Information Disclosure Vulnerability Important 7.4 No No Info
CVE-2023-33163 Windows Network Load Balancing Remote Code Execution Vulnerability Important 7.5 No No RCE
CVE-2023-35323 Windows OLE Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2023-35313 Windows Online Certificate Status Protocol (OCSP) SnapIn Remote Code Execution Vulnerability Important 6.7 No No RCE
CVE-2023-33154 Windows Partition Management Driver Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2023-35338 Windows Peer Name Resolution Protocol Denial of Service Vulnerability Important 7.5 No No DoS
CVE-2023-35325 Windows Print Spooler Information Disclosure Vulnerability Important 7.5 No No Info
CVE-2023-35332 Windows Remote Desktop Protocol Security Feature Bypass Important 6.8 No No SFB
CVE-2023-32043 Windows Remote Desktop Security Feature Bypass Vulnerability Important 6.8 No No SFB
CVE-2023-32056 Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2023-35317 Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2023-35328 Windows Transaction Manager Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2023-32041 Windows Update Orchestrator Service Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2023-21756 Windows Win32k Elevation of Privilege Vulnerability Important 7.8 No No EoP

Looking at the other Critical-rated patches, the three bugs in the Routing and Remote Access Service (RRAS) stand out. All have a CVSS of 9.8 and allow a remote, unauthenticated attacker to execute code at the level of the service by merely sending a specially-crafted packet. That makes these bugs wormable โ€“ albeit only between systems with RRAS enabled. Itโ€™s not on by default. There are two patches for SharePoint server. Both require authentication, but the level required is the default for any regular SharePoint user. The bug in the Layer-2 Bridge Network Driver is really a guest-to-host code execution bug. Someone on a guest VM could execute code on the underlying host OS. The bug in PGM also has a network adjacent requirement and could be seen on VMs. The Security Feature Bypass (SFB) in Remote Desktop would allow an attacker to bypass certificate or private key authentication when establishing a remote desktop protocol session. Considering how much RDP is targeted by ransomware gangs, I would expect to see this incorporated into their toolkits.ย ย 

Looking at the remaining 24 remote code execution patches, many are the open-and-own variety in Office and Windows components. Of the others, everything old is new again. Thereโ€™s a fix for the printer driver to remind us of PrintNightmare. There are more SharePoint RCEs, and like the ones previously mentioned, they do require authentication. Thereโ€™s an RPC bug thatโ€™s reminiscent of RPC bugs from the early 2000s. Thereโ€™s another Message Queueing patch, although this one doesnโ€™t have the failed patch hallmarks of the one previously mentioned. Thereโ€™s a fix for an Outlook RCE, but the Preview Pane is not an attack vector. There are four bugs in the DNS Server, but all require elevated privileges for exploitation. Thatโ€™s the same for the two Active Directory Certificate Services (AD CS) vulnerabilities. An attacker would need Certificate Authority (CA) read access permissions, which are restricted to domain admins by default. Speaking of admin credentials, the bug in the Online Certificate Status Protocol (OCSP) SnapIn requires an attacker to compromise admin credentials. Iโ€™m a little surprised Microsoft chose to fix this as a security patch. The patch for Windows Deployment Services is interesting in that it requires no user interaction but it does require authentication. Finally, the bug in Network Load Balancing would allow RCE to unauthenticated attackers, but only if they are network adjacent.

Moving on to the Elevation of Privilege (EoP) bugs receiving patches this month, the vast majority require an attacker to run a specially crafted program on an affected system. In most cases, this leads to attackers running code at SYSTEM level. This includes 11 fixes for the kernel and Win32k. Thereโ€™s a fix for Active Template Libraries (ATL) that personally makes me twitch, but I ran the case behind MS09-035 and the myriad of applications it affected. The EoP in .NET and Visual Studio would allow an attacker to elevate to the rights of the user running the application. Thatโ€™s also true for the bug in Volume Shadow Copy. The bug in volsnap.sys could allow an attacker to elevate to administrator, which is different than SYSTEM, but just barely. The final EoP patch for July is in Office. It would allow an attacker to make RPC calls that are restricted to local clients only.

There are nine more SFB patches to go along with the two already mentioned. The bug in the Active Directory Federation Service is a bit of an odd one. An attacker could bypass the TPM by crafting an assertion and using the assertion to request a Primary Refresh Token from another device. Thatโ€™s the same impact as the bug in Azure Active Directory. The Office bypass would allow attackers to escape Office Protected View, but not if you have Application Guard for Office enabled. The SFB bug in SharePoint would allow an attacker to bypass the logging of downloaded files. There are two SFB bugs in Remote Desktop. The first could allow a machine-in-the-middle (MitM) attacker to bypass the certificate validation performed when a targeted user connects to a trusted server. The other also requires a MitM attacker and could compromise the confidentiality and integrity of data when the targeted user connects to a trusted server. There are also two bugs in MSHTML. The first allows a bypass of the Mark of the Web (MotW) designator. The other allows attackers to access a URL in a less restricted Internet Security Zone than intended. No additional information is given regarding the SFB in ASP.NET.

The July release contains 18 total information disclosure fixes. Fortunately, the majority of these merely result in info leaks consisting of unspecified memory contents. The lone exception is a frightening one. The bug in NetLogin could allow an attacker to intercept and potentially modify traffic between client and server systems. The attacker would need to be able to monitor traffic (i.e., MiTM) to exploit this vulnerability.

This monthโ€™s release contains 22 fixes for Denial-of-Service (DoS) bugs. A dozen of these vulnerabilities are in the RPC runtime library. Microsoft provides no details about these bugs other than to note authentication is required. Thatโ€™s also true for the flaws in Windows Authentication and Deployment Services. The remaining DoS bugs do not require authentication, but again, no additional details from Microsoft are available. The lone exception is one of the vulnerabilities in HTTP.sys. In this case, Microsoft notes an unauthenticated attacker could send crafted messages utilizing the Server Name Indication (SNI) to an affected system.

There are a half dozen spoofing bugs in this monthโ€™s release, and the one in Outlook stands out the most. An exploit would require the target to click a link, but thatโ€™s all it takes to allow the disclosure of NetNTLMv2 hashes. Another interesting one is in Mono Authenticode Validation as it requires low privileges and no user interaction. However, Microsoft provides no real details on what an attack would look like. The other spoofing bugs all do require user interaction. Spoofing on SharePoint looks very much like cross-site scripting (XSS). The bug in Power Apps could be used either to retrieve cookies or present a fake dialog box to a user. The bug in Windows Admin Center requires extensive user interaction but could result in code execution. Youโ€™ll also need to manually install the latest build of the Windows Admin Center from here.

The July release is rounded out by two XSS bugs in Microsoft Dynamics 365.

There are two new advisories in this monthโ€™s release โ€“ the first advisories of 2023. The first provides guidance for Microsoft-signed drivers being used maliciously. This has been known since at least last December, so itโ€™s nice something is coming out of Redmond to deal with it. The update in the advisory revokes the certificate for known impacted files. The other advisory provides guidance for an SFB in Trend Micro EFI modules. This is something we disclosed back in May.

Looking Ahead

The next Patch Tuesday will be on August 8, and weโ€™ll return with details and patch analysis then. Iโ€™ll be blogging from Las Vegas while attending the Black Hat conference, so say hello if you see me. I like it when people say hello. Until then, stay safe, happy patching, and may all your reboots be smooth and clean!

...



๐Ÿ“Œ The July 2023 Security Update Review


๐Ÿ“ˆ 23.96 Punkte

๐Ÿ“Œ The July 2019 Security Update Review


๐Ÿ“ˆ 20.96 Punkte

๐Ÿ“Œ The July 2020 Security Update Review


๐Ÿ“ˆ 20.96 Punkte

๐Ÿ“Œ The July 2021 Security Update Review


๐Ÿ“ˆ 20.96 Punkte

๐Ÿ“Œ The July 2022 Security Update Review


๐Ÿ“ˆ 20.96 Punkte

๐Ÿ“Œ Xbox Summer Game Fest Demo Event coming to Xbox on July 21 through July 27


๐Ÿ“ˆ 20.23 Punkte

๐Ÿ“Œ M2 MacBook Air orders open on Friday, July 8; delivery from July 15


๐Ÿ“ˆ 20.23 Punkte

๐Ÿ“Œ Apple's July 2023 in review: Goldman Sachs wants out of Apple Card, Threads, Underdogs and more


๐Ÿ“ˆ 19.53 Punkte

๐Ÿ“Œ Microsoft Released Security Update For July With the Fixes of 2 Actively Exploited Zero-Day Vulnerabilities โ€“ Update Now


๐Ÿ“ˆ 17.06 Punkte

๐Ÿ“Œ Microsoft's Xbox July Showcase review: Finally, a roadmap


๐Ÿ“ˆ 16.53 Punkte

๐Ÿ“Œ Death's Door Xbox review: Among the best reasons to spend $20 this July


๐Ÿ“ˆ 16.53 Punkte

๐Ÿ“Œ MacBook Air ships, Apple Arcade loses games, and Chris Evans' iPhone - Apple's July 2022 in review


๐Ÿ“ˆ 16.53 Punkte

๐Ÿ“Œ Steam Year in Review 2023: How to view your stats and get around 'this account's Year in Review is not shared' error


๐Ÿ“ˆ 15.83 Punkte

๐Ÿ“Œ LifeLock Review (2023): Privacy Wizards Publish Review of Norton LifeLock Identity Theft Protection Services


๐Ÿ“ˆ 15.83 Punkte

๐Ÿ“Œ Google Patches Critical โ€˜Broadpwnโ€™ Bug in July Security Update


๐Ÿ“ˆ 14.55 Punkte

๐Ÿ“Œ July 2018 Security Update Release


๐Ÿ“ˆ 14.55 Punkte

๐Ÿ“Œ July Android Security Update Fixes Four Critical RCE Flaws


๐Ÿ“ˆ 14.55 Punkte

๐Ÿ“Œ Android July 2019 Security Update Patches 33 New Vulnerabilities


๐Ÿ“ˆ 14.55 Punkte

๐Ÿ“Œ July 2019 Security Update Release


๐Ÿ“ˆ 14.55 Punkte

๐Ÿ“Œ July 2020 Security Update:โ€ฏCVE-2020-1350 Vulnerability in Windows Domain Name System (DNS) Server


๐Ÿ“ˆ 14.55 Punkte

๐Ÿ“Œ Android July 2017 Security Patch Goes Live for Nexus/Pixel Devices, Update Now


๐Ÿ“ˆ 14.55 Punkte

๐Ÿ“Œ July 2020 Security Update:โ€ฏCVE-2020-1350 Vulnerability in Windows Domain Name System (DNS) Server


๐Ÿ“ˆ 14.55 Punkte

๐Ÿ“Œ July 2019 Security Update Release


๐Ÿ“ˆ 14.55 Punkte

๐Ÿ“Œ July 2018 Security Update Release


๐Ÿ“ˆ 14.55 Punkte

๐Ÿ“Œ July 2017 security update release


๐Ÿ“ˆ 14.55 Punkte

๐Ÿ“Œ July 2020 Security Update:โ€ฏCVE-2020-1350 Vulnerability in Windows Domain Name System (DNS) Server


๐Ÿ“ˆ 14.55 Punkte

๐Ÿ“Œ July 2019 Security Update Release


๐Ÿ“ˆ 14.55 Punkte

๐Ÿ“Œ July 2018 Security Update Release


๐Ÿ“ˆ 14.55 Punkte

๐Ÿ“Œ July 2017 security update release


๐Ÿ“ˆ 14.55 Punkte

๐Ÿ“Œ July 2016 security update release


๐Ÿ“ˆ 14.55 Punkte

๐Ÿ“Œ Google Releases July 2019's Android Security Patch to Fix over 30 Security Flaws


๐Ÿ“ˆ 13.95 Punkte

๐Ÿ“Œ Security Money: July 15, 2019 โ€“ Business Security Weekly #136


๐Ÿ“ˆ 13.95 Punkte

๐Ÿ“Œ Security Money: July 15, 2019 - Business Security Weekly #136


๐Ÿ“ˆ 13.95 Punkte

๐Ÿ“Œ Security News: July 18, 2019 โ€“ Paulโ€™s Security Weekly #612


๐Ÿ“ˆ 13.95 Punkte











matomo