Microsoft fixed 132 vulnerabilities, guaranteeing users a secure infrastructure
Patch Tuesday in July turned out to be full of updates for dangerous and 0day vulnerabilities.
Tuesday of corrections in July Microsoft released updates to fix 132 new vulnerabilities in the security system of its products, including six zero-day vulnerabilities, which, according to the corporation, were actively used in real conditions.
Of the 130 vulnerabilities, 9 are rated as critical and 121 as important. Hackers actively exploited the following shortcomings:
- CVE-2023-32046 (CVSS: 7.8) – Platform Privilege Escalation Vulnerability Windows MSHTML;
- CVE-2023-32049 (CVSS: 8.8) – Vulnerability bypassing the Windows SmartScreen security feature;
- CVE-2023-35311 (CVSS: 8.8) – Microsoft Outlook Security Feature Bypass Vulnerability.
- CVE-2023-36874 (CVSS: 7.8) – Privilege Escalation Vulnerability in Windows Error Reporting Service.
- CVE-2023-36884 (CVSS: 8.3) – Remote Code Execution Vulnerability, RCE) in Office and Windows HTML;
- ADV230001 – Malicious use of Microsoft-signed drivers for post-exploitation activities (CVE not assigned).
Microsoft has stated that it is aware of targeted attacks on defense and government institutions in Europe and North America during which attackers are trying to exploit CVE-2023-36884 using specially crafted honeypots for Microsoft Office documents associated with the Ukrainian World Congress.
Due to the lack of a fix for CVE-2023-36884, the company is urging users to Block all Office applications from creating child processes (rule “Block all Office applications from creating child processes” ) to reduce the attack surface.
Microsoft has also revoked code-signing certificates used to sign and install malicious kernel-mode drivers on compromised systems. In the attacks, cybercriminals used a loophole in Windows policy to change the driver signing date to July 29, 2015 using the open source tools “HookSignTool” and “FuckCertVerifyTimeValidity”.
The findings suggest that the use of rogue kernel-mode drivers is gaining traction among attackers as they run with the highest privilege level on Windows, allowing persistence for long periods of time while interfering with security software to evade detection.
It is currently unclear how other weaknesses are exploited and how widespread the attacks are. But in light of active abuse, it is recommended that users quickly apply updates to mitigate potential threats.
Fixes from other vendors
In addition to Microsoft, security updates have been released by other vendors over the past few weeks to address several vulnerabilities, including:
The situation on the cybersecurity front remains tense. While leading technology companies such as Microsoft continue to fight vulnerabilities in their products, attackers do not stop looking for new methods of attack.
The key advice for users remains to immediately apply the released security updates to protect their systems from potential threats. Companies, in turn, must continue to actively interact and share information about new threats and vulnerabilities in order to prevent large-scale cyber attacks in the future.