This week, Microsoft showed no fewer than 132 security vulnerabilities across all product lines, adding a total of six that fall into the actively exploited zero-day category. That’s why security experts recommend Windows users to upgrade now.
One of the zero days is remote code execution, in Microsoft Office and Windows HTML. Surprisingly, given that this is a Tuesday release of patches, Microsoft still has a patch for CVE-2023-36884, providing configuration mitigation steps instead. The vulnerabilities of this vulnerability are connected to a Russian cybercrime team, Microsoft’s RomCom, and are believed to be executed with Russian intelligence interests in mind.
Adam Barnett, vulnerability threat control specialist at Rapid7, warns that RomCom Group has also been connected to ransomware attacks targeting a wide diversity of victims. Given the number of vulnerabilities addressed and the fact that zero-days are a component of them, security experts warn Windows users to apply the updates as soon as possible. The full list of vulnerabilities addressed through the most recent implementation of Patch Tuesday can be discovered in the Microsoft Security Update Guide. However, security experts have highlighted some of the most important ones.
Microsoft said it is “investigating reports of a variety of remote code execution vulnerabilities affecting Windows and Office products. Microsoft is aware of targeted attacks that attempt to exploit these vulnerabilities by employing specially crafted Microsoft Office documents. CVE-2023-36884 has not yet been patched, Microsoft confirmed, but says it will “take appropriate action to help protect our users” once it finishes investigating the matter. Tuesday’s release of next month’s patches. Meanwhile, Microsoft is directing users to a risk intelligence blog post that provides workarounds.
CVE-2023-32046 is an elevation of privilege vulnerability in the Windows MSHTML platform that is also exploited wildly. According to Dr. Kev Breen, director of cyber risk studies at Immersive Labs, “other programs like Office, Outlook, and Skype also use this component. “”This vulnerability would likely be used as an initial infection vector,” Breen says, “allowing the attacker to download code execution in the context of the user clicking the link or opening the document. “
This zero-day vulnerability is another elevation of privilege, this time affecting the Windows Error Reporting (WER) service. If exploited effectively, an attacker can gain administrator privileges. and sends error reports to Microsoft when software crashes or finds other types of errors,” says Tom Bowyer, who works in product safety at Automoxx. “This zero-day vulnerability is being actively exploited,” Bowyer continues, “so if WER is being used across your organization, we submit patching within 24 hours. “
Another vulnerability that has already been widely exploited is CVE-2023-32049, which affects the functionality of Windows SmartScreen. Or, more precisely, it skips the Windows SmartScreen feature. critical,” said Chris Goettl, vice president of security products at Ivanti.
The strong and transparent message from security experts regarding the security release for July is to roll out updates as soon as possible. Kev Breen is one of the experts who is now issuing the update warning. “With five CVEs actively exploited in the wild and a warning for attack techniques that are also exploited in the wild, this is not a month to wait for patches,” Breen says, concluding, “prioritizing those patches for users’ machines is of paramount importance. “