Runecast has been acquired by Dynatrace!
Read more
DORA Compliance Automation for VMware, Windows and Linux
Read About DORA
Login

Patch Tuesday – 9 critical CVEs & 6 zero-day vulnerability

Microsoft fixed 132 security flaws in its seventh Patch Tuesday of 2023, including 6 that were exploited in the wild.
Adrian Borlea
by
Adrian Borlea
|
July 19, 2023
Security Alert
In this article:
-
-
-
-
-

Microsoft released its monthly security updates on July 11, 2023. The updates fixed six zero-day vulnerabilities that were known to be exploited in the wild. Nine of the 132 vulnerabilities were rated as critical and 122 as important. The updates also included one Defense-in-depth update (ADV230001) where attackers were abusing Microsoft certified drivers as a post-exploitation activity. Organizations should be aware of this vulnerability and take steps to protect their systems. They should apply the latest security updates and review their driver settings to make sure that only trusted drivers are installed.

Let’s take a closer look at the most interesting updates for this month. 


Notable Critical Microsoft Vulnerabilities

Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability

  • CVE-2023-35315 is a RCE Vulnerability affecting Windows Server configured as a Layer-2 bridge. An unauthenticated attacker must gain access to the restricted network before running an attack by sending specially crafted file operation requests to Windows Server. Successful exploitation will lead to remote code execution on the target system. 

Windows Remote Desktop Security Feature Bypass Vulnerability

  • CVE-2023-35352 affects Windows Remote Desktop, successful exploitation of the vulnerability would allow an attacker to bypass certificate of private key authentication when establishing a remote desktop protocol session. 

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

  • CVE-2023-35365, CVE-2023-35366, and CVE-2023-35367 - Routing and Remote Access Service (RRAS) is a networking and routing service that provides dial-up or VPN connections for remote users or site-to-site connectivity. It allows organizations to connect to the internet, other networks, or remote users securely via VPN connections. To exploit this vulnerability, an attacker must send specially crafted packets to a server configured with the RRAS service running. This can be done by sending the packets from a compromised computer or by using a botnet to send the packets from multiple computers. Once the packets are sent, they can exploit a vulnerability in the RRAS service and gain control of the server.

Microsoft Message Queuing Remote Code Execution Vulnerability

  • CVE-2023-32057 - Message Queuing (MSMQ) is a Microsoft protocol that ensures reliable communication between Windows computers across different networks. It does this by maintaining a queue of undelivered messages, so that messages can be sent even if a host is temporarily not connected. An attacker can exploit a vulnerability in MSMQ by sending a malicious packet to an MSMQ server. If the exploit is successful, the attacker can execute arbitrary code on the server side. This means that the attacker could take control of the server or install malware.

Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability

  • CVE-2023-35297 - Pragmatic General Multicast (PGM) is a multicast computer network transport protocol that provides a reliable sequence of packets to multiple recipients simultaneously. It is often used for multi-receiver file transfer applications. An attack on PGM can only be performed on systems that are connected to the same network segment as the attacker. This is because PGM uses multicast packets, which are only delivered to systems that are on the same network segment. The attack cannot be performed across multiple networks, such as a WAN.


Zero-Day Microsoft Vulnerabilities


Windows MSHTML Platform Elevation of Privilege Vulnerability

  • CVE-2023-32046 - Windows MSHTML is a browser engine that renders web pages and is frequently used by Internet Explorer. Even though Internet Explorer 11 has reached the end of support, MSHTML vulnerabilities are still relevant today and are being patched by Microsoft. This vulnerability can be exploited in both email and web-based attack scenarios.In an email attack scenario, an attacker would send a specially crafted file to the user and convince them to open it. In a web-based attack scenario, the attacker may either create a malicious website or compromise an existing one that accepts or hosts user-provided content. The malicious website would contain the specially crafted file aimed at exploiting the vulnerability.

Windows Error Reporting Service Elevation of Privilege Vulnerability

  • CVE-2023-36874 - Windows Error Reporting functions as an event-based feedback system intended to gather data regarding detected issues on Windows systems. This service then forwards the gathered information to Microsoft while offering users potential solutions.To take advantage of this vulnerability, the attacker needs physical access to the targeted machine. Additionally, the user must possess permissions to create folders and performance traces on the device, typically restricted to the privileges that regular users have by default. Upon successful exploitation, the attacker would be able to elevate their privileges to that of an administrator.

Microsoft Outlook Security Feature Bypass Vulnerability

  • CVE-2023-35311 - To exploit this vulnerability successfully, the attacker needs to transmit a specifically crafted URL. Upon successful exploitation, the attacker may be able to bypass the Microsoft Outlook Security Notice prompt.

Windows SmartScreen Security Feature Bypass Vulnerability

  • CVE-2023-32049 - To take advantage of this vulnerability, the attacker must entice users into clicking on a specially crafted URL. If successful, the attacker can bypass the "Open File – Security Warning" prompt during the exploitation process.


Office and Windows HTML Remote Code Execution Vulnerability

  • CVE-2023-36884 - Microsoft is aware of exploitation attempts using specially-crafted Office documents for remote code execution. Targets were defense and government entities in Europe and North America. The Russian cybercriminal group Storm-0978 used it to deliver a RomCom-like backdoor. No patch released yet, but mitigation options exist.


Runecast Analyzer covers all 101 vulnerabilities that affect Windows operating systems, all mentioned below:

Click to view larger image ↑

Important | Windows Error Reporting Service Elevation of Privilege Vulnerability
CVE-2023-36874
⭕ Critical | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2023-35367

⭕ Critical | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2023-35366

⭕ Critical | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2023-35365

Important | Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-35364

Important | Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-35363
Important | Windows Clip Service Elevation of Privilege Vulnerability
CVE-2023-35362
Important | Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-35361
Important | Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-35360

Important | Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-35358

Important | Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-35357

Important | Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-35356

Important | Connected User Experiences and Telemetry Elevation of Privilege Vulnerability
CVE-2023-35353

⭕ Critical | Windows Remote Desktop Security Feature Bypass Vulnerability
CVE-2023-35352

Important | Windows Active Directory Certificate Services (AD CS) Remote Code Execution Vulnerability
CVE-2023-35351

Important | Windows Active Directory Certificate Services (AD CS) Remote Code Execution Vulnerability
CVE-2023-35350

Important | Active Directory Federation Service Security Feature Bypass Vulnerability
CVE-2023-35348

Important | Microsoft Install Service Elevation of Privilege Vulnerability
CVE-2023-35347

Important | Windows DNS Server Remote Code Execution Vulnerability
CVE-2023-35346

Important | Windows DNS Server Remote Code Execution Vulnerability
CVE-2023-35345

Important | Windows DNS Server Remote Code Execution Vulnerability
CVE-2023-35344

Important | Windows Geolocation Service Remote Code Execution Vulnerability
CVE-2023-35343

Important | Windows Image Acquisition Elevation of Privilege Vulnerability
CVE-2023-35342

Important | Microsoft DirectMusic Information Disclosure Vulnerability
CVE-2023-35341

Important | Windows CNG Key Isolation Service Elevation of Privilege Vulnerability
CVE-2023-35340

Important | Windows CryptoAPI Denial of Service Vulnerability
CVE-2023-35339

Important | Windows Peer Name Resolution Protocol Denial of Service Vulnerability
CVE-2023-35338

Important | Win32k Elevation of Privilege Vulnerability
CVE-2023-35337

Important | Windows MSHTML Platform Security Feature Bypass Vulnerability
CVE-2023-35336

Windows Remote Desktop Protocol Security Feature Bypass
CVE-2023-35332

Windows Local Security Authority (LSA) Denial of Service Vulnerability
CVE-2023-35331
Important | Windows Extended Negotiation Denial of Service Vulnerability
CVE-2023-35330
Important | Windows Authentication Denial of Service Vulnerability
CVE-2023-35329

Important | Windows Transaction Manager Elevation of Privilege Vulnerability
CVE-2023-35328
Important | Windows CDP User Components Information Disclosure Vulnerability
CVE-2023-35326
Important | Windows Print Spooler Information Disclosure Vulnerability
CVE-2023-35325

Important | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
CVE-2023-35324
Important | Windows OLE Remote Code Execution Vulnerability
CVE-2023-35323
Important | Windows Deployment Services Remote Code Execution Vulnerability
CVE-2023-35322
Important | Windows Deployment Services Denial of Service Vulnerability
CVE-2023-35321
Important | Connected User Experiences and Telemetry Elevation of Privilege Vulnerability
CVE-2023-35320
Important | Remote Procedure Call Runtime Denial of Service Vulnerability
CVE-2023-35319
Important | Remote Procedure Call Runtime Denial of Service Vulnerability
CVE-2023-35318
Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability
CVE-2023-35317
Important | Remote Procedure Call Runtime Information Disclosure Vulnerability
CVE-2023-35316
⭕ Critical | Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability
CVE-2023-35315
Important | Remote Procedure Call Runtime Denial of Service Vulnerability
CVE-2023-35314
Important | Windows Online Certificate Status Protocol (OCSP) SnapIn Remote Code Execution Vulnerability
CVE-2023-35313
Important | Microsoft VOLSNAP.SYS Elevation of Privilege Vulnerabilit
CVE-2023-35312
Important | Windows DNS Server Remote Code Execution Vulnerability
CVE-2023-35310
Important | Microsoft Message Queuing Remote Code Execution Vulnerability
CVE-2023-35309
Important | Windows MSHTML Platform Security Feature Bypass Vulnerabilit
CVE-2023-35308
Important | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
CVE-2023-35306
Important | Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-35305
Important | Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-35304
Important | USB Audio Class System Driver Remote Code Execution Vulnerability
CVE-2023-35303
Important | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
CVE-2023-35302
Important | Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2023-35300
Important | Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2023-35299
Important | HTTP.sys Denial of Service Vulnerability
CVE-2023-35298
⭕ Critical | Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
CVE-2023-35297

Important | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
CVE-2023-35296
Important | Windows Cryptographic Information Disclosure Vulnerability
CVE-2023-33174
Important | Remote Procedure Call Runtime Denial of Service Vulnerability
CVE-2023-33173
Important | Remote Procedure Call Runtime Denial of Service Vulnerability
CVE-2023-33172
Important | Remote Procedure Call Runtime Denial of Service Vulnerability
CVE-2023-33169
Important | Remote Procedure Call Runtime Denial of Service Vulnerability
CVE-2023-33168
Important | Remote Procedure Call Runtime Denial of Service Vulnerability
CVE-2023-33167
Important | Remote Procedure Call Runtime Denial of Service Vulnerability
CVE-2023-33166
Important | Remote Procedure Call Runtime Denial of Service Vulnerability
CVE-2023-33164
Important | Windows Network Load Balancing Remote Code Execution Vulnerability
CVE-2023-33163
Important | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVE-2023-33155
Important | Windows Partition Management Driver Elevation of Privilege Vulnerability
CVE-2023-33154
Important | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
CVE-2023-32085
Important | HTTP.sys Denial of Service Vulnerability
CVE-2023-32084
Important | Microsoft Failover Cluster Information Disclosure Vulnerability
CVE-2023-32083
⭕ Critical | Microsoft Message Queuing Remote Code Execution Vulnerability
CVE-2023-32057
Important | Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability
CVE-2023-32056
Important | Active Template Library Elevation of Privilege Vulnerability
CVE-2023-32055
Important | Volume Shadow Copy Elevation of Privilege Vulnerability
CVE-2023-32054
Important | Windows Installer Elevation of Privilege Vulnerability
CVE-2023-32053
Important | Windows Installer Elevation of Privilege Vulnerability
CVE-2023-32050
Important | Windows SmartScreen Security Feature Bypass Vulnerability
CVE-2023-32049
Important | Windows MSHTML Platform Elevation of Privilege Vulnerability
CVE-2023-32046
Important | Microsoft Message Queuing Denial of Service Vulnerability
CVE-2023-32045
Important | Microsoft Message Queuing Denial of Service Vulnerability
CVE-2023-32044

Important | Windows Remote Desktop Security Feature Bypass Vulnerability
CVE-2023-32043

Important | OLE Automation Information Disclosure Vulnerability
CVE-2023-32042
Important | Windows Update Orchestrator Service Information Disclosure Vulnerability
CVE-2023-32041
Important | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
CVE-2023-32040
Important | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
CVE-2023-32039
Important | Microsoft ODBC Driver Remote Code Execution Vulnerability
CVE-2023-32038
Windows Layer-2 Bridge Network Driver Information Disclosure Vulnerability
CVE-2023-32037
Important | Remote Procedure Call Runtime Denial of Service Vulnerability
CVE-2023-32035
Important | Remote Procedure Call Runtime Denial of Service Vulnerability
CVE-2023-32034
Important | Microsoft Failover Cluster Remote Code Execution Vulnerability
CVE-2023-32033
Important | Secure Boot Security Feature Bypass Vulnerability
CVE-2023-24932
Important | Windows Win32k Elevation of Privilege Vulnerability
CVE-2023-21756
Windows Netlogon Information Disclosure Vulnerability
CVE-2023-21526
Important | Netlogon RPC Elevation of Privilege Vulnerability
CVE-2022-38023
Important | Windows Kerberos Elevation of Privilege Vulnerability
CVE-2022-37967

Runecast protects you against all of these

At Runecast we ensure that all operating systems vulnerabilities are covered, so you can focus on mitigating threats and ensuring your system is running safe and secure. We keep you updated about the latest vulnerabilities, exploits and security compliance research and pride ourselves on responding quickly and decisively to key news in the IT Security and Operations spaces.

Runecast is an AI-powered platform that gives you complete visibility and control over potential vulnerabilities in your environment. It provides best practices, risk-based vulnerability management, security and compliance to ensure every aspect of your environment is protected. In addition, Runecast also provides explicit instructions and generates custom remediation scripts, ensuring rapid compliance within the environment. The Runecast platform can be deployed to AWS, Azure, Google Cloud, Kubernetes, and VMware environments and operates securely on-premises.

Click to view larger image ↑

Click to view larger image ↑

Click to view larger image ↑

Click to view larger image ↑

Meet other Runecasters here:

Runecast Behind the Scenes with Zuzana Belehradova
This is some text inside of a div block.
Runecast Behind the Scenes with Yassine Hakimi
This is some text inside of a div block.
Runecast Behind the Scenes with Wade Carlsen
This is some text inside of a div block.
Behind-the-Scenes: Meet Stephen Gow
This is some text inside of a div block.
Behind-the-Scenes at Runecast with Steve Bettison
This is some text inside of a div block.
Adrian Borlea
Written by
Adrian Borlea

Adrian is Windows Security Researcher at Runecast and an IT enthusiast with over 10 years of experience. He has worked as a Network and Systems Administrator for various companies and sectors, involved in complex projects starting from infrastructure planning, implementation, troubleshooting and continuous improvement processes.

In the last few years, Adrian has been involved in cyber-security projects, working with multiple tools for vulnerability management, compliance, IDS/IPS, GDPR compliance and infrastructure monitoring against cyber-attacks.

→ Read more from this author

Run Secure and Compliant Workloads Anywhere

Detect and assess risks and be fully compliant in minutes.

Get Free Trial