Microsoft Fixes 132 Vulnerabilities, Including Six 0-Day Exploits
Microsoft released its July updates to fix 132 vulnerabilities in its products, including six actively exploited 0-days and 37 bugs that allow remote arbitrary code execution. Of the 37 RCE bugs, nine are rated critical. One of the RCE problems remains uncorrected and is actively used in attacks.
Six Zero-Day Vulnerabilities
The list of six zero-day vulnerabilities that have already been used in attacks includes:
- CVE-2023-32046 – Windows MSHTML Elevation of Privilege Vulnerability. This bug can be exploited by opening a specially crafted file received by the victim via e-mail or through malicious sites. According to Microsoft, the attacker will gain the rights of the user who runs the affected application.
- CVE-2023-32049 is a Windows SmartScreen protection bypass vulnerability. Attackers used this vulnerability to prevent warnings about opening files from the Internet.
- CVE-2023-36874 – Privilege escalation vulnerability in Reporting Service. This issue allowed an attacker to gain administrative rights on a Windows device. The attacker must have local access to the target machine, and the user must be able to create folders and run traces on the machine with limited privileges that normal users have by default.
- CVE-2023-35311 is a security bypass vulnerability in Microsoft Outlook. The issue allows you to bypass security warnings and works in the preview area.
- ADV230001 – This issue does not have its own CVE ID, but is severe. This security bulletin reveals that Microsoft has revoked code signing certificates and blocked accounts si developers who exploited a Windows policy loophole to install malicious kernel-mode drivers.
- CVE-2023-36884 is a series of 0-day HTML remote execution vulnerabilities in Office and Windows. This is one of the most serious problems of this month, for which, moreover, there are no patches yet.
Microsoft’s Response
Currently, Microsoft has only released a guide to detecting these publicly disclosed and unpatched bugs that allow code to be executed remotely on the target machine using specially crafted Microsoft Office documents.
“Microsoft is investigating reports of a number of remote code execution vulnerabilities affecting Windows and Office products. Microsoft is aware of targeted attacks that attempt to exploit these vulnerabilities using specially crafted Microsoft Office documents. – An attacker can create a specially crafted Microsoft Office document that allows them to remotely execute code in the context of the victim’s system. To do this, the attacker must convince the victim to open the malicious file.”
Microsoft has stated that after the completion of the investigation, they “will take the necessary actions to protect customers”, which includes releasing the patches necessary to fix the problems.