The Microsoft Patch Tuesday for July addressed 132 vulnerabilities as reports of zero-day exploitation surface in the media.
Out of the vulnerabilities addressed in the July Patch Tuesday, six zero-day flaws were found to be exploited in the wild.
Details about the Microsoft Patch Tuesday for July 2023
Nine were critical vulnerabilities, and 122 were marked as important in the July Microsoft Patch Tuesday report.
CVE-2023-32046, CVE-2023-32049, CVE-2023-35311, and CVE-2023-36874 were among the known exploited vulnerabilities in a CISA advisory.
The vulnerabilities addressed in the Microsoft Patch Tuesday for July this year were in Microsoft Office, Components, Windows Layer-2 Bridge Network Driver, Windows Media, Microsoft Power Apps, and Windows Message Queuing among others.
The latest Microsoft Patch Tuesday also had a Defense-in-depth update with ADV230001 and another for the Trend Micro EFI Modules – ADV230002.
Exploitation of vulnerabilities addressed in the Microsoft Patch Tuesday update
The exploitation of the named vulnerabilities in the Microsoft Patch Tuesday update could result in the elevation of privilege, information theft, remote code execution, security bypass, and DoS attacks on unpatched devices.
There were 13 security bypass vulnerabilities, 37 remote code execution vulnerabilities, and 33 privilege elevation vulnerabilities addressed in the July Microsoft Patch Tuesday report.
Some of the vulnerabilities named in the Microsoft Patch Tuesday report were –
- CVE-2023-21526 in Windows Netlogin with a score of 7.4
- CVE-2023-21756 in Microsoft Graphics Component with a score of 7.8
- CVE-2023-32033 in Windows Cluster Server with a score of 6.6
- CVE-2023-32038 in Windows ODBC Driver with a score of 8.8
- CVE-2023-32049 in Windows SmartScreen with a score of 8.8
- CVE-2023-32051 in Microsoft Windows Codec Library with a score of 7.8
- CVE-2023-32055 in Windows Active Template Library with a score of 6.7
- CVE-2023-33134 in Microsoft Office SharePoint with a score of 8.8
- CVE-2023-33157 in Microsoft Office SharePoint with a score of 8.8
- CVE-2023-35306 in Windows Printer Drivers with a score of 5.5
The exploited vulnerabilities in the wild were addressed by Microsoft in an advisory with helpful information to mitigate risk.
Hackers were using Microsoft-signed drivers with reports stating the drivers were certified by Microsoft Windows hardware developer programs.
Out of the vulnerabilities named in the important category, four were found being exploited in the wild. They were CVE-2023-32046, CVE-2023-32049, CVE-2023-35311 and CVE-2023-36874. Microsoft found similar malicious activities in February 2023.
Cyber Espionage by China-based cybercriminals
Microsoft updated readers about mitigating threat traced to China. The risk has been mitigated by Microsoft which was posed by a group named Storm-0558. They accessed customer emails to engage in cyber espionage.
Their primary targets were government agencies in Western Europe to steal credentials and other data. The hackers were found to gain access to accounts that belonged to nearly 25 organizations on May 15, 2023.
They also targeted consumer accounts that are suspected to be associated with the targeted organizations. “The actor used an acquired MSA key to forge tokens to access OWA and Outlook.com. MSA (consumer) keys and Azure AD (enterprise) keys are issued and managed from separate systems and should only be valid for their respective systems,” the Microsoft blog added.
The hackers are suspected to have conducted the cybercrime using forged authentication tokens for account access.