Report Name: Microsoft Patch Tuesday, July 2023
Generated: 2023-07-27 14:41:00

Product Name	Prevalence	U	C	H	M	L	A	Comment
Microsoft Message Queuing	0.9			4			4	Microsoft Message Queuing or MSMQ is a message queue implementation developed by Microsoft and deployed in its Windows Server operating systems since Windows NT 4 and Windows 95
Windows DNS Server	0.9			4			4	Windows component
Windows Kernel	0.9				9		9	Windows Kernel
Windows Win32k	0.9				2		2	Windows kernel-mode driver
Active Template Library	0.8				1		1	Active Template Library
Azure Service Fabric on Windows	0.8				1		1	Windows component
Connected User Experiences and Telemetry	0.8				2		2	Windows component
Microsoft Defender	0.8				1		1	Anti-malware component of Microsoft Windows
Microsoft Edge	0.8			5	2		7	Web browser
Microsoft PostScript and PCL6 Class Printer Driver	0.8			1	6		7	Microsoft standard printer driver for PostScript printers
OLE Automation	0.8				1		1	OLE Automation
RPC	0.8			1	13		14	Remote Procedure Call Runtime
Windows Active Directory Certificate Services (AD CS)	0.8			2			2	Windows component
Windows Admin Center	0.8				1		1	Windows component
Windows Authentication	0.8				1		1	Windows component
Windows CDP User Components	0.8				1		1	Windows component
Windows CNG Key Isolation Service	0.8				1		1	Windows component
Windows Clip Service	0.8				1		1	Windows component
Windows Cloud Files Mini Filter Driver	0.8				1		1	Windows component
Windows Common Log File System Driver	0.8				1		1	Windows component
Windows CryptoAPI	0.8				1		1	Windows component
Windows Cryptographic	0.8				1		1	Windows component
Windows Deployment Services	0.8			1	1		2	Windows component
Windows Error Reporting Service	0.8			1			1	Windows component
Windows Extended Negotiation	0.8				1		1	Windows component
Windows Geolocation Service	0.8			1			1	Windows component
Windows Image Acquisition	0.8				1		1	Windows component
Windows Installer	0.8				2		2	Windows component
Windows Layer-2 Bridge Network Driver	0.8			1	1		2	Windows component
Windows Local Security Authority (LSA)	0.8				1		1	Windows component
Windows MSHTML Platform	0.8			3			3	Windows component
Windows Netlogon	0.8				1		1	Windows component
Windows Network Load Balancing	0.8			1			1	Windows component
Windows OLE	0.8			1			1	Windows component
Windows Online Certificate Status Protocol (OCSP) SnapIn	0.8			1			1	Windows component
Windows Partition Management Driver	0.8				1		1	Windows component
Windows Peer Name Resolution Protocol	0.8				1		1	Windows component
Windows Pragmatic General Multicast (PGM)	0.8			1			1	Windows component
Windows Print Spooler	0.8				1		1	Windows component
Windows Remote Desktop	0.8			3			3	Windows component
Windows Routing and Remote Access Service (RRAS)	0.8			3			3	Windows component
Windows Server Update Service (WSUS)	0.8				2		2	Windows component
Windows SmartScreen	0.8	1					1	Windows component
Windows Transaction Manager	0.8				1		1	Windows component
Windows Update Orchestrator Service	0.8				1		1	Windows component
.NET and Visual Studio	0.7			1			1	.NET and Visual Studio
Microsoft SharePoint	0.7			1			1	Microsoft SharePoint
Paint 3D	0.7			2			2	Standard Windows Application
Raw Image Extension	0.7			1			1	Raw Image Extension
VP9 Video Extensions	0.7				1		1	VP9 is an open and royalty-free video coding format developed by Google
Microsoft Excel	0.6			2	1		3	MS Office product
Microsoft Office	0.6	1		2			3	Microsoft Office
Microsoft Office Graphics	0.6			1			1	Microsoft Office Graphics
Microsoft Outlook	0.6		1	1	1		3	MS Office product
ASP.NET and Visual Studio	0.5			1			1	ASP.NET and Visual Studio
Active Directory Federation Service	0.5			1			1	Active Directory Federation Service
Azure Active Directory	0.5			1			1	Azure Active Directory
HTTP.sys	0.5				2		2	HTTP.sys
MediaWiki PandocUpload Extension	0.5			1			1	MediaWiki PandocUpload Extension
Microsoft ActiveX	0.5			1			1	Microsoft ActiveX
Microsoft DirectMusic	0.5				1		1	Microsoft DirectMusic
Microsoft Dynamics 365 (on-premises)	0.5				2		2	Microsoft Dynamics 365 (on-premises)
Microsoft Failover Cluster	0.5			1	1		2	Microsoft Failover Cluster
Microsoft Install Service	0.5				1		1	Microsoft Install Service
Microsoft ODBC Driver	0.5			1			1	Microsoft ODBC Driver
Microsoft ODBC Driver for SQL Server	0.5			4			4	Microsoft ODBC Driver for SQL Server
Microsoft ODBC and OLE DB	0.5			1			1	Microsoft ODBC and OLE DB
Microsoft OLE DB	0.5			1			1	Microsoft OLE DB
Microsoft Power Apps (online)	0.5				1		1	Microsoft Power Apps (online)
Microsoft SharePoint Server	0.5			2	2		4	Microsoft SharePoint Server
Microsoft VOLSNAP.SYS	0.5				1		1	Microsoft VOLSNAP.SYS
Mono Authenticode Validation	0.5				1		1	Mono Authenticode Validation
USB Audio Class System Driver	0.5			1			1	USB Audio Class System Driver
Volume Shadow Copy	0.5				1		1	Volume Shadow Copy
Visual Studio Code GitHub Pull Requests and Issues Extension	0.2			1			1	Extension for Visual Studio Code IDE

Vulnerability Type	Criticality	U	C	H	M	L	A
Remote Code Execution	1.0	1		42			43
Security Feature Bypass	0.9	1	1	9	1		12
Denial of Service	0.7			2	20		22
Memory Corruption	0.6			5	2		7
Elevation of Privilege	0.5			4	29		33
Cross Site Scripting	0.4				2		2
Information Disclosure	0.4				19		19
Spoofing	0.4				5		5

Source	U	C	H	M	L	A
MS PT Extended			11	2		13
Qualys	2	1	14	2		19
Tenable	2	1	6	1		10
Rapid7	2	1	11			14
ZDI	2	1	3			6
Kaspersky	2	1	4			7
Dark Reading	2	1	9	1		13
Krebs on Security	2	1	3			6
The Hacker News	2	1	2			5
Sophos Naked Security	1	1				2

Urgent (2)

1. Remote Code Execution - Microsoft Office (CVE-2023-36884) - Urgent [909]

Description: Microsoft is investigating reports of a series of remote code execution vulnerabilities impacting Windows and Office products. Microsoft is aware of targeted attacks that attempt to exploit these vulnerabilities by using specially-crafted Microsoft Office documents. An attacker could create a specially crafted Microsoft Office document that enables them to perform remote code execution in the context of the victim. However, an attacker would have to convince the victim to open the malicious file. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This might include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs. Please see the Microsoft Threat Intelligence Blog https://aka.ms/Storm-0978  Entry for important information about steps you can take to protect your system from this vulnerability. This CVE will be updated with new information and links to security updates when they become available.

Qualys: CVE-2023-36884: Office and Windows HTML Remote Code Execution Vulnerability Microsoft is aware of the exploitation attempts of the vulnerability by using specially-crafted Microsoft Office documents. An attacker may craft a Microsoft Office document to perform remote code execution on the target system. In the blog, Microsoft mentioned that the attacks were targeted against defense and government entities in Europe and North America. ***-based cybercriminal group Storm-0978 has exploited the vulnerability to deliver a backdoor similar to RomCom. Microsoft has not released any patch to address the vulnerability as of now. There is mitigation available for the vulnerability.

Qualys: CVE-2023-36884: Office and Windows HTML Remote Code Execution Vulnerability This vulnerability has a CVSSv3.1 8.3 / 8.1 Policy Compliance Control IDs (CIDs): 13924    Status of ‘Block all Office applications from creating child processes’ ASR rule (D4F940AB-401B-4EFC-AADC-AD5F3C50688A) 26388    Status of the ‘FEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION’ setting The following QQL will return a posture assessment for the CIDs for this Patch Tuesday: control.id: [4030,14916,14297,11511,1368,21711,13924,26388]

Qualys: CVE-2023-36884: Office and Windows HTML Remote Code Execution Vulnerability This vulnerability has a CVSSv3.1 score of 8.3/10.

Tenable: Microsoft’s July 2023 Patch Tuesday Addresses 130 CVEs (CVE-2023-36884)

Tenable: Update July 17:The section for CVE-2023-36884 has been updated with guidance on using Tenable plugins to identify hosts which may be affected by this vulnerability.

Tenable: CVE-2023-36884 | Office and Windows HTML Remote Code Execution Vulnerability

Tenable: CVE-2023-36884 is a RCE vulnerability in Microsoft Windows and Office that was assigned a CVSSv3 score of 8.3 and has been exploited in the wild as a zero-day. At the time this blog post was published and this advisory was made public, Microsoft had not released any patches for this vulnerability. However, Microsoft has provided mitigation guidance that can be used to avoid exploitation.

Tenable: According to researchers at Microsoft, exploitation of CVE-2023-36884 has been attributed to a threat actor known as Storm-0978, also known as DEV-0978 and RomCom, a reference to the backdoor used by the group as part of its attacks. The threat actor is reportedly based out of *** and is known for conducting ransomware attacks, including extortion-only campaigns, using a ransomware known as Underground. Additionally, the group also conducts intelligence gathering operations that rely on credential theft. Exploitation of CVE-2023-36884 began in June 2023. Targeted regions include ***e, North America and Europe while targeted industries include telecommunications and finance. For more information, please refer to Microsoft’s blog post.

Tenable: Tenable has released Plugin ID 178275: Office and Windows HTML Remote Code Execution Vulnerability (CVE-2023-36884) Mitigation which can be used to identify a Windows host that is potentially missing a mitigation for CVE-2023-36884. In order for the plugin to execute, users are required to enable the "Show potential false alarms" setting, also known as paranoid mode.

Tenable: Update July 17:The section for CVE-2023-36884 has been updated with guidance on using Tenable plugins to identify hosts which may be affected by this vulnerability.

Tenable: Update July 11: The section for CVE-2023-36884 has been updated to highlight the mitigation guidance provided by Microsoft as no patches were available at the time this blog post was published.

Rapid7: Surprisingly, there is no patch yet for one of the five zero-day vulnerabilities. Microsoft is actively investigating publicly-disclosed Office RCE CVE-2023-36884, and promises to update the advisory as soon as further guidance is available. Exploitation requires the victim to open a specially crafted malicious document, which would typically be delivered via email.

Rapid7: Defenders who are understandably unsettled by the lack of immediate patches for CVE-2023-36884 should consult the multiple mitigation options on the advisory. Microsoft claims that assets with Defender for Office 365 are already protected. Further options include an existing optional Defender for Endpoint Attack Surface Reduction (ASR) rule to prevent Office from creating child processes, and a registry modification to disable the vulnerable cross-protocol file navigation. The registry option might be the most straightforward option for organizations without a mature Defender program, but Microsoft does warn that certain use cases relying on the functionality would be impacted if this mitigation is deployed.

Rapid7: There are broad similarities to last year’s Follina vulnerability, which was discussed publicly for over two weeks starting late May 2023 before Microsoft patched it on June 14th as part of Patch Tuesday. While it’s possible that a patch for CVE-2023-36884 will be issued as part of next month’s Patch Tuesday, Microsoft Office is deployed just about everywhere, and this threat actor is making waves; admins should be ready for an out-of-cycle security update for CVE-2023-36884.

ZDI: CVE-2023-36884 – Office and Windows HTML Remote Code Execution Vulnerability. Of the five active attacks receiving patches today, this is arguably the most severe. Microsoft states they are aware of targeted exploits using this bug in specially crafted Office documents to get code execution on targeted systems. For now, the keyword there is “targeted”. However, Microsoft has taken the odd action of releasing this CVE without a patch. That’s still to come. Their Threat Intelligence team has released this blog with some guidance. Oh, and Microsoft lists this as “Important”. I recommend treating it as Critical.

Kaspersky: The first one — CVE-2023-36884 (with CVSS rating of 8.3) — is being exploited in the Storm-0978/RomCom RCE attacks on both Office and Windows. To stay safe, Microsoft advises adding all Office executables to the FEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION list.

Dark Reading: The most serious of them is CVE-2023-36884, a remote code execution (RCE) bug in Office and Windows HTML, for which Microsoft did not have a patch for in this month's update. The company identified a threat group it is tracking, Storm-0978, as exploiting the flaw in a phishing campaign targeting government and defense organizations in North America and Europe.

Dark Reading: Dustin Childs, another researcher at ZDI, warned organizations to treat CVE-2023-36884 as a "critical" security issue even though Microsoft itself has assessed it as a relatively less severe, "important" bug. "Microsoft has taken the odd action of releasing this CVE without a patch. That's still to come," Childs wrote in a blog post. "Clearly, there's a lot more to this exploit than is being said."

Krebs on Security: Many security experts expected Microsoft to address a fifth zero-day flaw — CVE-2023-36884 — a remote code execution weakness in Office and Windows.

Krebs on Security: “Exploitation of CVE-2023-36884 may lead to installation of the eponymous RomCom trojan or other malware,” Barnett said. “[Microsoft] suggests that RomCom / Storm-0978 is operating in support of ***n intelligence operations. The same threat actor has also been associated with ransomware attacks targeting a wide array of victims.”

Krebs on Security: Microsoft’s advisory on CVE-2023-36884 is pretty sparse, but it does include a Windows registry hack that should help mitigate attacks on this vulnerability. Microsoft has also published a blog post about phishing campaigns tied to Storm-0978 and to the exploitation of this flaw.

Krebs on Security: “Admins should be ready for an out-of-cycle security update for CVE-2023-36884,” he said.

Krebs on Security: “Customers who use Microsoft Defender for Office 365 are protected from attachments that attempt to exploit CVE-2023-36884. In addition, customers who use Microsoft 365 Apps (Versions 2302 and later) are protected from exploitation of the vulnerability via Office.”

The Hacker News: - CVE-2023-36884 (CVSS score: 8.3) - Office and Windows HTML Remote Code Execution Vulnerability (Also publicly known at the time of the release)

The Hacker News: The Windows maker said it's aware of targeted attacks against defense and government entities in Europe and North America that attempt to exploit CVE-2023-36884 by using specially-crafted Microsoft Office document lures related to the ***ian World Congress, echoing latest findings from CERT-UA and BlackBerry.

The Hacker News: "The actor also deploys the Underground ransomware, which is closely related to the Industrial Spy ransomware first observed in the wild in May 2022," the Microsoft Threat Intelligence team explained. "The actor's latest campaign detected in June 2023 involved abuse of CVE-2023-36884 to deliver a backdoor with similarities to RomCom."

The Hacker News: Microsoft said it intends to take "appropriate action to help protect our customers" in the form of an out-of-band security update or via its monthly release process. In the absence of a patch for CVE-2023-36884, the company is urging users to use the "Block all Office applications from creating child processes" attack surface reduction (ASR) rule.

2. Security Feature Bypass - Windows SmartScreen (CVE-2023-32049) - Urgent [832]

Description: Windows SmartScreen Security Feature Bypass Vulnerability

Qualys: Microsoft Patch Tuesday for July 2023 This month’s Patch Tuesday edition has fixed six zero-day vulnerabilities known to be exploited in the wild. Nine of these 132 vulnerabilities are rated as critical and 122 as important. Microsoft has not addressed any vulnerabilities related to Microsoft Edge (Chromium-based) in this month’s Patch Tuesday Edition. This month’s security updates included one Defense-in-depth update (ADV230001) and one for the Trend Micro EFI Modules (ADV230002). CISA has added four zero-day vulnerabilities (CVE-2023-32046, CVE-2023-32049, CVE-2023-35311, and CVE-2023-36874) to its Known Exploited Vulnerabilities Catalog and requested users to patch it before August 1, 2023. Microsoft Patch Tuesday, July edition includes updates for vulnerabilities in Microsoft Office and Components, Windows Layer-2 Bridge Network Driver, Windows Local Security Authority (LSA), Windows Media, Windows Message Queuing, Windows MSHTML Platform, Windows Netlogon, Win32K, Microsoft Power Apps, and more. Microsoft has fixed several flaws in multiple software, including Denial of Service (DoS), Elevation of Privilege (EoP), Information Disclosure, Remote Code Execution (RCE), Security Feature Bypass, and Spoofing. The July 2023 Microsoft vulnerabilities are classified as follows: Vulnerability CategoryQuantitySeveritiesSpoofing Vulnerability7Important: 7Denial of Service Vulnerability22Important: 22Elevation of Privilege Vulnerability33Important: 33Information Disclosure Vulnerability19Important: 19Remote Code Execution Vulnerability37Critical: 8Important: 29Security Feature Bypass Vulnerability13Critical: 1Important: 12

Qualys: CVE-2023-32049: Windows SmartScreen Security Feature Bypass Vulnerability An attacker must make the users click on a specially crafted URL to exploit the vulnerability. An attacker could bypass the Open File – Security Warning prompt on successful exploitation.

Tenable: CVE-2023-32049 | Windows SmartScreen Security Feature Bypass Vulnerability

Tenable: CVE-2023-32049 is a security feature bypass vulnerability impacting Windows SmartScreen, an early warning system designed to protect against malicious websites used for phishing attacks or malware distribution. In order to exploit this vulnerability, an attacker would need to convince a user into opening a specially crafted URL. Exploitation would allow the attacker to bypass the “Open File” warning prompt and compromise the victim's machine. This vulnerability was exploited in the wild as a zero-day and was assigned a CVSSv3 score of 8.8.

Rapid7: Rounding out this month’s zero-day vulnerabilities are two security feature bypass flaws. CVE-2023-32049 allows an attacker to formulate a URL which will bypass the Windows SmartScreen “Do you want to open this file?” dialog. Previous SmartScreen bypasses have been exploited extensively, not least for no-notice delivery of ransomware.

ZDI: CVE-2023-32049 - Windows SmartScreen Security Feature Bypass Vulnerability. The final exploited bug this month is in the SmartScreen filter. Similar to the Outlook SFB, the bug in SmartScreen allows attackers to evade warning dialog prompts. Again, a user would need to click a link or otherwise take an action to open a file for an attacker to use this. This is likely being paired with another exploit in the wild to take over a system or at least install some form of malware on a target.

Kaspersky: - CVE-2023-32049 — SmartScreen security feature bypass vulnerability. Its exploitation allows attackers to create a file that opens without displaying the Windows warning “downloaded from the Internet”.

Dark Reading: Two of the five vulnerabilities that are being actively exploited are security bypass flaws. One affects Microsoft Outlook (CVE-2023-35311) and the other involves Windows SmartScreen (CVE-2023-32049). Both vulnerabilities require user interaction, meaning an attacker would only be able to exploit them by convincing a user to click on a malicious URL. With CVE-2023-32049, an attacker would be able to bypass the Open File - Security Warning prompt, while CVE-2023-35311 gives attackers a way to sneak their attack by the Microsoft Outlook Security Notice prompt.

Dark Reading: Kev Breen, director of cyber threat research at Immersive Labs, assessed the other security bypass zero-day — CVE-2023-32049 — as another bug that threat actors will most likely use as part of a broader attack chain.

Krebs on Security: On the Windows side, there are at least four vulnerabilities patched this month that earned high CVSS (badness) scores and that are already being exploited in active attacks, according to Microsoft. They include CVE-2023-32049, which is a hole in Windows SmartScreen that lets malware bypass security warning prompts; and CVE-2023-35311 allows attackers to bypass security features in Microsoft Outlook.

Krebs on Security: KB5028185 (2023-07 Cumulative Update for Windows 11 Version 22H2 for x64-based Systems) includes fixes for CVE-2023-32049, CVE-2023-32046, CVE-2023-36874 and others, but we have also seen it cause problems for RDP.

The Hacker News: - CVE-2023-32049 (CVSS score: 8.8) - Windows SmartScreen Security Feature Bypass Vulnerability

Sophos Naked Security: CVE-2023-32049 and CVE-2023-35311 are security bypass exploits, meaning that criminals can abuse these bugs to sidestep security protections that would otherwise jump in to help you avoid malware infection or a possible attack.

Critical (1)

3. Security Feature Bypass - Microsoft Outlook (CVE-2023-35311) - Critical [798]

Description: Microsoft Outlook Security Feature Bypass Vulnerability

Qualys: Microsoft Patch Tuesday for July 2023 This month’s Patch Tuesday edition has fixed six zero-day vulnerabilities known to be exploited in the wild. Nine of these 132 vulnerabilities are rated as critical and 122 as important. Microsoft has not addressed any vulnerabilities related to Microsoft Edge (Chromium-based) in this month’s Patch Tuesday Edition. This month’s security updates included one Defense-in-depth update (ADV230001) and one for the Trend Micro EFI Modules (ADV230002). CISA has added four zero-day vulnerabilities (CVE-2023-32046, CVE-2023-32049, CVE-2023-35311, and CVE-2023-36874) to its Known Exploited Vulnerabilities Catalog and requested users to patch it before August 1, 2023. Microsoft Patch Tuesday, July edition includes updates for vulnerabilities in Microsoft Office and Components, Windows Layer-2 Bridge Network Driver, Windows Local Security Authority (LSA), Windows Media, Windows Message Queuing, Windows MSHTML Platform, Windows Netlogon, Win32K, Microsoft Power Apps, and more. Microsoft has fixed several flaws in multiple software, including Denial of Service (DoS), Elevation of Privilege (EoP), Information Disclosure, Remote Code Execution (RCE), Security Feature Bypass, and Spoofing. The July 2023 Microsoft vulnerabilities are classified as follows: Vulnerability CategoryQuantitySeveritiesSpoofing Vulnerability7Important: 7Denial of Service Vulnerability22Important: 22Elevation of Privilege Vulnerability33Important: 33Information Disclosure Vulnerability19Important: 19Remote Code Execution Vulnerability37Critical: 8Important: 29Security Feature Bypass Vulnerability13Critical: 1Important: 12

Qualys: CVE-2023-35311: Microsoft Outlook Security Feature Bypass Vulnerability An attacker must send a specially crafted URL to exploit this vulnerability. An attacker could bypass the Microsoft Outlook Security Notice prompt on successful exploitation.

Tenable: CVE-2023-35311 | Microsoft Outlook Security Feature Bypass Vulnerability

Tenable: CVE-2023-35311 is a security feature bypass vulnerability in Microsoft Outlook. It was assigned a CVSSv3 score of 8.8 and was exploited in the wild as a zero-day. Exploitation of this flaw requires an attacker to convince a potential victim to click on a malicious URL. Successful exploitation would result in the bypassing of the Microsoft Outlook Security Notice prompt, a feature designed to protect users. Microsoft says that while its Outlook Preview pane feature is an attack vector, user interaction is still required.

Rapid7: Broadly similar is CVE-2023-35311, which describes a bypass of the Microsoft Outlook Security Notice dialog via a specially-crafted URL.

ZDI: CVE-2023-35311 - Microsoft Outlook Security Feature Bypass Vulnerability. This bug is listed as being under active exploit, but as always, Microsoft provides no information on how broadly these attacks are spread. The bug allows attackers to bypass an Outlook Security Notice prompt after clicking a link. This is likely being paired with some other exploit designed to execute code when opening a file. Outlook should pop a warning dialog, but this vulnerability evades that user prompt. Considering how broadly Outlook is used, this should be your first priority for test and deployment.

Kaspersky: - CVE-2023-35311 — security feature bypass vulnerability in Outlook. Its exploitation helps cybercriminals avoid showing warnings when using preview.

Dark Reading: Two of the five vulnerabilities that are being actively exploited are security bypass flaws. One affects Microsoft Outlook (CVE-2023-35311) and the other involves Windows SmartScreen (CVE-2023-32049). Both vulnerabilities require user interaction, meaning an attacker would only be able to exploit them by convincing a user to click on a malicious URL. With CVE-2023-32049, an attacker would be able to bypass the Open File - Security Warning prompt, while CVE-2023-35311 gives attackers a way to sneak their attack by the Microsoft Outlook Security Notice prompt.

Dark Reading: "It's important to note [CVE-2023-35311] specifically allows bypassing Microsoft Outlook security features and does not enable remote code execution or privilege escalation," said Mike Walters, vice president of vulnerability and threat research at Action1. "Therefore, attackers are likely to combine it with other exploits for a comprehensive attack. The vulnerability affects all versions of Microsoft Outlook from 2013 onwards," he noted in an email to Dark Reading.

Krebs on Security: On the Windows side, there are at least four vulnerabilities patched this month that earned high CVSS (badness) scores and that are already being exploited in active attacks, according to Microsoft. They include CVE-2023-32049, which is a hole in Windows SmartScreen that lets malware bypass security warning prompts; and CVE-2023-35311 allows attackers to bypass security features in Microsoft Outlook.

The Hacker News: - CVE-2023-35311 (CVSS score: 8.8) - Microsoft Outlook Security Feature Bypass Vulnerability

Sophos Naked Security: CVE-2023-32049 and CVE-2023-35311 are security bypass exploits, meaning that criminals can abuse these bugs to sidestep security protections that would otherwise jump in to help you avoid malware infection or a possible attack.

High (62)

4. Elevation of Privilege - Windows MSHTML Platform (CVE-2023-32046) - High [579]

Description: Windows MSHTML Platform Elevation of Privilege Vulnerability

Qualys: Microsoft Patch Tuesday for July 2023 This month’s Patch Tuesday edition has fixed six zero-day vulnerabilities known to be exploited in the wild. Nine of these 132 vulnerabilities are rated as critical and 122 as important. Microsoft has not addressed any vulnerabilities related to Microsoft Edge (Chromium-based) in this month’s Patch Tuesday Edition. This month’s security updates included one Defense-in-depth update (ADV230001) and one for the Trend Micro EFI Modules (ADV230002). CISA has added four zero-day vulnerabilities (CVE-2023-32046, CVE-2023-32049, CVE-2023-35311, and CVE-2023-36874) to its Known Exploited Vulnerabilities Catalog and requested users to patch it before August 1, 2023. Microsoft Patch Tuesday, July edition includes updates for vulnerabilities in Microsoft Office and Components, Windows Layer-2 Bridge Network Driver, Windows Local Security Authority (LSA), Windows Media, Windows Message Queuing, Windows MSHTML Platform, Windows Netlogon, Win32K, Microsoft Power Apps, and more. Microsoft has fixed several flaws in multiple software, including Denial of Service (DoS), Elevation of Privilege (EoP), Information Disclosure, Remote Code Execution (RCE), Security Feature Bypass, and Spoofing. The July 2023 Microsoft vulnerabilities are classified as follows: Vulnerability CategoryQuantitySeveritiesSpoofing Vulnerability7Important: 7Denial of Service Vulnerability22Important: 22Elevation of Privilege Vulnerability33Important: 33Information Disclosure Vulnerability19Important: 19Remote Code Execution Vulnerability37Critical: 8Important: 29Security Feature Bypass Vulnerability13Critical: 1Important: 12

Qualys: CVE-2023-32046: Windows MSHTML Platform Elevation of Privilege Vulnerability Windows MSHTML is a browser engine that renders web pages frequently connected to Internet Explorer. Even though the Internet Explorer (IE) 11 desktop application has reached the end of support, MSHTML vulnerabilities are still relevant today and are being patched by Microsoft. The vulnerability can be exploited in both email and web-based attack scenarios. In an email attack scenario, an attacker must send the specially crafted file to the users and convince them to open it. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file to exploit the vulnerability.

Tenable: CVE-2023-32046 | Windows MSHTML Platform Elevation of Privilege Vulnerability

Tenable: CVE-2023-32046 is an EoP vulnerability in Microsoft’s MSHTML (Trident) engine that was exploited in the wild as a zero-day. It was assigned a CVSSv3 score of 7.8 and patches are available for all supported versions of Windows. To exploit this vulnerability, an attacker would need to create a specially crafted file and use social engineering techniques to convince their target to open the document. Microsoft’s advisory also includes a note suggesting that users who install Security Only updates should also install the Internet Explorer Cumulative update to fully address this vulnerability.

Tenable: The discovery of CVE-2023-32046 follows CVE-2021-40444, another zero-day flaw in Microsoft’s MSHTML that was exploited in the wild and patched as part of Microsoft’s September 2021’s Patch Tuesday release. It was used by a variety of threat actors, from advanced persistent threat actors and ransomware groups. While CVE-2021-40444 didn’t make our top 5 list in the 2021 Threat Landscape Retrospective, the vulnerability was part of a group of noteworthy vulnerabilities that nearly made our list.

Rapid7: CVE-2023-32046 describes a vulnerability in the MSHTML browser rendering engine which would allow an attacker to act with the same rights as the exploited user account. Successful exploitation requires the victim to open a specially-crafted malicious file, typically delivered either via email or a web page. Assets where Internet Explorer 11 has been fully disabled are still vulnerable until patched; the MSHTML engine remains installed within Windows regardless of the status of IE11, since it is used in other contexts (e.g. Outlook).

ZDI: CVE-2023-32046 - Windows MSHTML Platform Elevation of Privilege Vulnerability. This is the final bug listed as being under active attack this month, but it’s not a straightforward privilege escalation. Instead of granting the attacker SYSTEM privileges, it only elevates to the level of the user running the affected application. Of course, many applications run with elevated privileges, so this point may be moot. It still requires a user to click a link or open a file, so remain wary of suspicious-looking attachments or messages.

Kaspersky: The most dangerous of the freshly discovered IE vulnerabilities is CVE-2023-32046, and it’s already being used in real attacks. Its successful exploitation allows cybercriminals to elevate their privileges to those of the victim. Attack scenarios involve the creation of a malicious file that’s sent to the victim by mail or hosted on a compromised website. All attackers need then is to convince the user to follow the link and open the file.

Dark Reading: The other elevation of privilege bug in the July security update that attackers are already actively exploiting is CVE-2023-32046 in Microsoft's Windows MSHTM platform, aka the "Trident" browser rendering engine. As with many other bugs, this one too requires some level of user interaction. In an email attack scenario to exploit the bug, an attacker would need to send a targeted user a specially crafted file and get the user to open it. In a Web-based attack, an attacker would need to host a malicious website — or use a compromised one — to host a specially crafted file and then convince a victim to open it, Microsoft said.

Krebs on Security: The two other zero-day threats this month for Windows are both privilege escalation flaws. CVE-2023-32046 affects a core Windows component called MSHTML, which is used by Windows and other applications, like Office, Outlook and Skype. CVE-2023-36874 is an elevation of privilege bug in the Windows Error Reporting Service.

Krebs on Security: KB5028185 (2023-07 Cumulative Update for Windows 11 Version 22H2 for x64-based Systems) includes fixes for CVE-2023-32049, CVE-2023-32046, CVE-2023-36874 and others, but we have also seen it cause problems for RDP.

The Hacker News: - CVE-2023-32046 (CVSS score: 7.8) - Windows MSHTML Platform Elevation of Privilege Vulnerability

5. Elevation of Privilege - Windows Error Reporting Service (CVE-2023-36874) - High [555]

Description: Windows Error Reporting Service Elevation of Privilege Vulnerability

Qualys: Microsoft Patch Tuesday for July 2023 This month’s Patch Tuesday edition has fixed six zero-day vulnerabilities known to be exploited in the wild. Nine of these 132 vulnerabilities are rated as critical and 122 as important. Microsoft has not addressed any vulnerabilities related to Microsoft Edge (Chromium-based) in this month’s Patch Tuesday Edition. This month’s security updates included one Defense-in-depth update (ADV230001) and one for the Trend Micro EFI Modules (ADV230002). CISA has added four zero-day vulnerabilities (CVE-2023-32046, CVE-2023-32049, CVE-2023-35311, and CVE-2023-36874) to its Known Exploited Vulnerabilities Catalog and requested users to patch it before August 1, 2023. Microsoft Patch Tuesday, July edition includes updates for vulnerabilities in Microsoft Office and Components, Windows Layer-2 Bridge Network Driver, Windows Local Security Authority (LSA), Windows Media, Windows Message Queuing, Windows MSHTML Platform, Windows Netlogon, Win32K, Microsoft Power Apps, and more. Microsoft has fixed several flaws in multiple software, including Denial of Service (DoS), Elevation of Privilege (EoP), Information Disclosure, Remote Code Execution (RCE), Security Feature Bypass, and Spoofing. The July 2023 Microsoft vulnerabilities are classified as follows: Vulnerability CategoryQuantitySeveritiesSpoofing Vulnerability7Important: 7Denial of Service Vulnerability22Important: 22Elevation of Privilege Vulnerability33Important: 33Information Disclosure Vulnerability19Important: 19Remote Code Execution Vulnerability37Critical: 8Important: 29Security Feature Bypass Vulnerability13Critical: 1Important: 12

Qualys: CVE-2023-36874: Windows Error Reporting Service Elevation of Privilege Vulnerability Windows Error Reporting is an event-based feedback infrastructure designed to collect information on the issues that Windows detects. The service reports the information to Microsoft and provides users with available solutions. To exploit the vulnerability, an attacker must have local access to the targeted machine, and the user must have permission to create folders and performance traces on the device, with restricted privileges that regular users have by default. On successful exploitation, an attacker could gain administrator privileges.

Tenable: CVE-2023-36874 | Windows Error Reporting Service Elevation of Privilege Vulnerability

Tenable: CVE-2023-36874 is an EoP vulnerability in the Microsoft Windows Error Reporting Service. It was assigned a CVSSv3 score of 7.8 and was exploited in the wild as a zero-day. To exploit this flaw, an attacker would need to have already gained local access to a target system and have certain basic user privileges. Successful exploitation would allow an attacker to obtain administrative privileges on the target system. Discovery of this flaw is credited to Vlad Stolyarov and Maddie Stone, researchers at Google’s Threat Analysis Group (TAG). At the time this blog post was published, no specific details about its exploitation were available.

Rapid7: A separate vulnerability in the Windows Error Reporting Service allows elevation to the Administrator role via abuse of Windows performance tracing. To exploit CVE-2023-36874, an attacker must already have existing local access to an asset, so this vulnerability will most likely make up part of a longer exploit chain.

ZDI: CVE-2023-36874 - Windows Error Reporting Service Elevation of Privilege Vulnerability. This is the second bug listed as under active attack for July, but it doesn’t affect every user on a system. To elevate to administrative privileges, an attacker would need to have access to a user account with the ability to create folders and performance traces on the target system. Standard user accounts don’t have these permissions by default. Privilege escalations are often combined with code execution exploits to spread malware, and that’s likely the case here as well.

Kaspersky: - CVE-2023-36874 — privilege escalation vulnerability in the Windows Error reporting service. Allows attackers to elevate privileges if they already have normal permissions to create folders and technical performance monitoring files.

Dark Reading: The two other zero-days in Microsoft's latest set of patches both enable privilege escalation. Researchers at Google's Threat Analysis Group discovered one of them. The flaw, tracked as CVE-2023-36874, is an elevation of privilege issue in the Windows Error Reporting (WER) service that gives attackers a way to gain administrative rights on vulnerable systems. An attacker would need local access to an affected system to exploit the flaw, which they could gain via other exploits or via credential misuse.

Krebs on Security: The two other zero-day threats this month for Windows are both privilege escalation flaws. CVE-2023-32046 affects a core Windows component called MSHTML, which is used by Windows and other applications, like Office, Outlook and Skype. CVE-2023-36874 is an elevation of privilege bug in the Windows Error Reporting Service.

Krebs on Security: KB5028185 (2023-07 Cumulative Update for Windows 11 Version 22H2 for x64-based Systems) includes fixes for CVE-2023-32049, CVE-2023-32046, CVE-2023-36874 and others, but we have also seen it cause problems for RDP.

The Hacker News: - CVE-2023-36874 (CVSS score: 7.8) - Windows Error Reporting Service Elevation of Privilege Vulnerability

6. Remote Code Execution - Microsoft Message Queuing (CVE-2023-32057) - High [554]

Description: Microsoft Message Queuing Remote Code Execution Vulnerability

Qualys: CVE-2023-32057: Microsoft Message Queuing Remote Code Execution Vulnerability Message Queuing (MSMQ) is a protocol developed by Microsoft to ensure reliable communication between Windows computers across different networks, even when a host is temporarily not connected (by maintaining a message queue of undelivered messages). An attacker must send a malicious MSMQ packet to an MSMQ server to exploit this vulnerability. On successful exploitation, an attacker may perform remote code execution on the server side.

Qualys: CVE-2023-32057: Microsoft Message Queuing Remote Code Execution Vulnerability This vulnerability has a CVSSv3.1 9.8 / 8.5 Policy Compliance Control IDs (CIDs): 4030      Status of the ‘Windows Message Queuing Service’ 14916    Status of Windows Services 14297    Status of the open network connections and listening ports (Qualys Agent only)

Qualys: CVE-2023-32057: Microsoft Message Queuing Remote Code Execution Vulnerability This vulnerability has a CVSSv3.1 score of 9.8/10.

Tenable: CVE-2023-32057 | Microsoft Message Queuing Remote Code Execution Vulnerability

Rapid7: The remainder of this month’s critical RCE patches target flaws in the Windows Layer-2 Bridge Network Driver (CVE-2023-35315), and usual suspects Windows Message Queuing (CVE-2023-32057) and Windows PGM (CVE-2023-35297).

ZDI: CVE-2023-32057 - Microsoft Message Queuing Remote Code Execution Vulnerability. Not only is this tied for the highest-rated CVSS (9.8) bug this month, but it’s also nearly identical to a CVE patched back in April. It was even reported by the same researcher. That has all the hallmarks of a failed patch. Either way, this bug could allow unauthenticated remote attackers to execute code with elevated privileges on affected systems where the message queuing service is enabled. You can block TCP port 1801 as a mitigation, but the better choice is to test and deploy the update quickly. Let’s also hope the quality of this patch is higher than the last one.

Krebs on Security: I’m surprised you didn’t mention CVE-2023-32057 which is the most critical of the bunch, i.e., a completely trivial RCE for the MSMQ service. True, it’s an optional service and generally only used on servers, but those are also the most critical endpoints to protect.

7. Remote Code Execution - Windows Routing and Remote Access Service (RRAS) (CVE-2023-35365) - High [538]

Description: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

Qualys: CVE-2023-35365, CVE-2023-35366, and CVE-2023-35367: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Routing and Remote Access service (RRAS) is an open platform for networking and routing that provides dial-up or VPN connections for remote users or site-to-site connectivity. It provides routing services to organizations via secure VPN connections via the Internet, local area networks (LAN), wide area networks (WAN), or both. To exploit this vulnerability, an attacker must send specially crafted packets to a server configured with the Routing and Remote Access Service running.

Qualys: CVE-2023-35365 and CVE-2023-35366: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability This vulnerability has a CVSSv3.1 9.8 / 8.5 Policy Compliance Control IDs (CIDs): 11511    List of installed features on the system

Tenable: CVE-2023-35365, CVE-2023-35366 and CVE-2023-35367 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

Tenable: CVE-2023-35365, CVE-2023-35366, CVE-2023-35367 are RCE vulnerabilities in the Windows Routing and Remote Access Service (RRAS) of Windows operating systems, each of which were assigned a CVSSv3 score of 9.8. RRAS is a service in Windows that can be used as a VPN gateway or router. Exploitation requires an attacker to send crafted packets to an impacted server. RRAS is not installed or configured in Windows by default and those users who have not enabled the feature are not impacted by these vulnerabilities. Microsoft has given these vulnerabilities a rating of “Exploitation less likely” using the Microsoft Exploitability Index

Rapid7: Eight further critical RCE vulnerabilities are also patched, including three related vulnerabilities in the Windows Routing and Remote Access Service (RRAS) with CVSS v3 base score of 9.8 (CVE-2023-35365, CVE-2023-35366, and CVE-2023-35367). In each case, an attacker can send specially-crafted packets to vulnerable assets to achieve RCE. Happily, RRAS is not installed or configured by default, but admins with RRAS-enabled Windows Server installations will undoubtedly want to prioritize remediation.

Dark Reading: Security researchers pointed to three RCE vulnerabilities in the Windows Routing and Remote Access Service (RRAS) (CVE-2023-35365, CVE-2023-35366, and CVE-2023-35367) as meriting priority attention as all. Microsoft has assessed all three vulnerabilities as critical and all three have a CVSS score of 9.8. The service is not available by default on Windows Server and basically enables computers running the OS to function as routers, VPN servers, and dial-up servers, said Automox's Bowyer. "A successful attacker could modify network configurations, steal data, move to other more critical/important systems, or create additional accounts for persistent access to the device."

8. Remote Code Execution - Windows Routing and Remote Access Service (RRAS) (CVE-2023-35366) - High [538]

Description: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

Qualys: CVE-2023-35365, CVE-2023-35366, and CVE-2023-35367: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Routing and Remote Access service (RRAS) is an open platform for networking and routing that provides dial-up or VPN connections for remote users or site-to-site connectivity. It provides routing services to organizations via secure VPN connections via the Internet, local area networks (LAN), wide area networks (WAN), or both. To exploit this vulnerability, an attacker must send specially crafted packets to a server configured with the Routing and Remote Access Service running.

Qualys: CVE-2023-35365 and CVE-2023-35366: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability This vulnerability has a CVSSv3.1 9.8 / 8.5 Policy Compliance Control IDs (CIDs): 11511    List of installed features on the system

Tenable: CVE-2023-35365, CVE-2023-35366 and CVE-2023-35367 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

Tenable: CVE-2023-35365, CVE-2023-35366, CVE-2023-35367 are RCE vulnerabilities in the Windows Routing and Remote Access Service (RRAS) of Windows operating systems, each of which were assigned a CVSSv3 score of 9.8. RRAS is a service in Windows that can be used as a VPN gateway or router. Exploitation requires an attacker to send crafted packets to an impacted server. RRAS is not installed or configured in Windows by default and those users who have not enabled the feature are not impacted by these vulnerabilities. Microsoft has given these vulnerabilities a rating of “Exploitation less likely” using the Microsoft Exploitability Index

Rapid7: Eight further critical RCE vulnerabilities are also patched, including three related vulnerabilities in the Windows Routing and Remote Access Service (RRAS) with CVSS v3 base score of 9.8 (CVE-2023-35365, CVE-2023-35366, and CVE-2023-35367). In each case, an attacker can send specially-crafted packets to vulnerable assets to achieve RCE. Happily, RRAS is not installed or configured by default, but admins with RRAS-enabled Windows Server installations will undoubtedly want to prioritize remediation.

Dark Reading: Security researchers pointed to three RCE vulnerabilities in the Windows Routing and Remote Access Service (RRAS) (CVE-2023-35365, CVE-2023-35366, and CVE-2023-35367) as meriting priority attention as all. Microsoft has assessed all three vulnerabilities as critical and all three have a CVSS score of 9.8. The service is not available by default on Windows Server and basically enables computers running the OS to function as routers, VPN servers, and dial-up servers, said Automox's Bowyer. "A successful attacker could modify network configurations, steal data, move to other more critical/important systems, or create additional accounts for persistent access to the device."

9. Remote Code Execution - Windows Routing and Remote Access Service (RRAS) (CVE-2023-35367) - High [538]

Description: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

Qualys: CVE-2023-35365, CVE-2023-35366, and CVE-2023-35367: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Routing and Remote Access service (RRAS) is an open platform for networking and routing that provides dial-up or VPN connections for remote users or site-to-site connectivity. It provides routing services to organizations via secure VPN connections via the Internet, local area networks (LAN), wide area networks (WAN), or both. To exploit this vulnerability, an attacker must send specially crafted packets to a server configured with the Routing and Remote Access Service running.

Tenable: CVE-2023-35365, CVE-2023-35366 and CVE-2023-35367 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

Tenable: CVE-2023-35365, CVE-2023-35366, CVE-2023-35367 are RCE vulnerabilities in the Windows Routing and Remote Access Service (RRAS) of Windows operating systems, each of which were assigned a CVSSv3 score of 9.8. RRAS is a service in Windows that can be used as a VPN gateway or router. Exploitation requires an attacker to send crafted packets to an impacted server. RRAS is not installed or configured in Windows by default and those users who have not enabled the feature are not impacted by these vulnerabilities. Microsoft has given these vulnerabilities a rating of “Exploitation less likely” using the Microsoft Exploitability Index

Rapid7: Eight further critical RCE vulnerabilities are also patched, including three related vulnerabilities in the Windows Routing and Remote Access Service (RRAS) with CVSS v3 base score of 9.8 (CVE-2023-35365, CVE-2023-35366, and CVE-2023-35367). In each case, an attacker can send specially-crafted packets to vulnerable assets to achieve RCE. Happily, RRAS is not installed or configured by default, but admins with RRAS-enabled Windows Server installations will undoubtedly want to prioritize remediation.

Dark Reading: Security researchers pointed to three RCE vulnerabilities in the Windows Routing and Remote Access Service (RRAS) (CVE-2023-35365, CVE-2023-35366, and CVE-2023-35367) as meriting priority attention as all. Microsoft has assessed all three vulnerabilities as critical and all three have a CVSS score of 9.8. The service is not available by default on Windows Server and basically enables computers running the OS to function as routers, VPN servers, and dial-up servers, said Automox's Bowyer. "A successful attacker could modify network configurations, steal data, move to other more critical/important systems, or create additional accounts for persistent access to the device."

10. Elevation of Privilege - Microsoft Office (CVE-2023-33148) - High [510]

Description: Microsoft Office Elevation of Privilege Vulnerability

11. Remote Code Execution - Microsoft PostScript and PCL6 Class Printer Driver (CVE-2023-35302) - High [502]

Description: Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability

Qualys: CVE-2023-35302: Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability This vulnerability has a CVSSv3.1 8.8 / 7.7 Policy Compliance Control IDs (CIDs): 1368      Status of the ‘Print Spooler’ service 21711    Status of the ‘Allow Print Spooler to accept client connections’ group policy setting

Qualys: CVE-2023-35302: Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability This vulnerability has a CVSSv3.1 score of 8.8/10.

12. Security Feature Bypass - Active Directory Federation Service (CVE-2023-35348) - High [496]

Description: Active Directory Federation Service Security Feature Bypass Vulnerability

Qualys: CVE-2023-35348: Active Directory Federation Service Security Feature Bypass Vulnerability Note: This is Post Patch ActivityThis vulnerability has a CVSSv3.1 score of 8.8/10. The next Patch Tuesday will be on August 8, and we’ll be back with details and patch analysis. Until next Patch Tuesday, stay safe and secure. Be sure to subscribe to the ‘This Month in Vulnerabilities and Patches webinar.’

13. Security Feature Bypass - Azure Active Directory (CVE-2023-36871) - High [496]

Description: Azure Active Directory Security Feature Bypass Vulnerability

14. Remote Code Execution - RPC (CVE-2023-35300) - High [490]

Description: Remote Procedure Call Runtime Remote Code Execution Vulnerability

15. Remote Code Execution - Windows Deployment Services (CVE-2023-35322) - High [490]

Description: Windows Deployment Services Remote Code Execution Vulnerability

16. Remote Code Execution - Microsoft ODBC Driver (CVE-2023-32038) - High [488]

Description: Microsoft ODBC Driver Remote Code Execution Vulnerability

17. Remote Code Execution - Microsoft Message Queuing (CVE-2023-35309) - High [483]

Description: Microsoft Message Queuing Remote Code Execution Vulnerability

18. Security Feature Bypass - ASP.NET and Visual Studio (CVE-2023-33170) - High [479]

Description: ASP.NET and Visual Studio Security Feature Bypass Vulnerability

19. Remote Code Execution - Windows Layer-2 Bridge Network Driver (CVE-2023-35315) - High [478]

Description: Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability

Qualys: CVE-2023-35315: Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability An unauthenticated attacker must send specially crafted file operation requests to a Windows Server configured as a Layer-2 Bridge to exploit the vulnerability. An attacker must gain access to the restricted network before running an attack. Successful exploitation of the vulnerability will lead to remote code execution on the target system.

Rapid7: The remainder of this month’s critical RCE patches target flaws in the Windows Layer-2 Bridge Network Driver (CVE-2023-35315), and usual suspects Windows Message Queuing (CVE-2023-32057) and Windows PGM (CVE-2023-35297).

20. Remote Code Execution - Microsoft SharePoint (CVE-2023-33157) - High [473]

Description: Microsoft SharePoint Remote Code Execution Vulnerability

Qualys: CVE-2023-33157: Microsoft SharePoint Remote Code Execution Vulnerability Microsoft SharePoint is a web-based document management and collaboration platform that strengthens teamwork. The application helps in sharing files, data, news, and resources. An attacker must be authenticated to the target site as at least a Site Member and have Manage List permissions to exploit this vulnerability. On successful exploitation, an attacker may perform a remote attack to gain access to the victim’s information and the ability to alter data. An attacker may also cause downtime for the targeted environment by exploiting the vulnerability.

Rapid7: Anyone responsible for on-prem SharePoint should patch to avoid a variety of potential impacts from exploitation of CVE-2023-33157 and CVE-2023-33160, including information disclosure and editing, as well as reduced availability of the targeted environment. While both of these vulnerabilities require that an attacker already be authenticated as a user with at least Site Member privileges, this isn’t necessarily much of a defense, since this is the lowest standard permission group with the least privileges other than the read-only Site Visitor role, and will typically be widely granted. Microsoft assesses exploitation as more likely for both of these.

Dark Reading: Microsoft's mammoth July update contained fixes for four RCE vulnerabilities in SharePoint server, which has become a popular attacker target recently. Microsoft rated two of the bugs as "important" (CVE-2023-33134 and CVE-2023-33159) and the other two as "critical" (CVE-2023-33157 and CVE-2023-33160). "All of them require the attacker to be authenticated or the user to perform an action that, luckily, reduces the risk of a breach," said Yoav Iellin, senior researcher at Silverfort. "Even so, as SharePoint can contain sensitive data and is usually exposed from outside the organization, those who use the on-premises or hybrid versions should update."

21. Remote Code Execution - Windows DNS Server (CVE-2023-35310) - High [471]

Description: Windows DNS Server Remote Code Execution Vulnerability

22. Remote Code Execution - Windows DNS Server (CVE-2023-35344) - High [471]

Description: Windows DNS Server Remote Code Execution Vulnerability

23. Remote Code Execution - Windows DNS Server (CVE-2023-35345) - High [471]

Description: Windows DNS Server Remote Code Execution Vulnerability

24. Remote Code Execution - Windows DNS Server (CVE-2023-35346) - High [471]

Description: Windows DNS Server Remote Code Execution Vulnerability

25. Remote Code Execution - Microsoft Outlook (CVE-2023-33153) - High [469]

Description: Microsoft Outlook Remote Code Execution Vulnerability

26. Remote Code Execution - Windows Active Directory Certificate Services (AD CS) (CVE-2023-35350) - High [466]

Description: Windows Active Directory Certificate Services (AD CS) Remote Code Execution Vulnerability

27. Remote Code Execution - Windows Online Certificate Status Protocol (OCSP) SnapIn (CVE-2023-35313) - High [466]

Description: Windows Online Certificate Status Protocol (OCSP) SnapIn Remote Code Execution Vulnerability

28. Security Feature Bypass - Microsoft Office (CVE-2023-33150) - High [463]

Description: Microsoft Office Security Feature Bypass Vulnerability

29. Remote Code Execution - Windows Active Directory Certificate Services (AD CS) (CVE-2023-35351) - High [454]

Description: Windows Active Directory Certificate Services (AD CS) Remote Code Execution Vulnerability

30. Remote Code Execution - Windows Geolocation Service (CVE-2023-35343) - High [454]

Description: Windows Geolocation Service Remote Code Execution Vulnerability

31. Remote Code Execution - Windows Network Load Balancing (CVE-2023-33163) - High [454]

Description: Windows Network Load Balancing Remote Code Execution Vulnerability

32. Remote Code Execution - Windows OLE (CVE-2023-35323) - High [454]

Description: Windows OLE Remote Code Execution Vulnerability

33. Remote Code Execution - Windows Pragmatic General Multicast (PGM) (CVE-2023-35297) - High [454]

Description: Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability

Qualys: CVE-2023-35297: Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability Pragmatic General Multicast (PGM) is a multicast computer network transport protocol appropriate for multi-receiver file transfer applications. PGM provides a reliable sequence of packets to multiple recipients simultaneously. An attack can be performed only on the systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN).

Rapid7: The remainder of this month’s critical RCE patches target flaws in the Windows Layer-2 Bridge Network Driver (CVE-2023-35315), and usual suspects Windows Message Queuing (CVE-2023-32057) and Windows PGM (CVE-2023-35297).

34. Remote Code Execution - USB Audio Class System Driver (CVE-2023-35303) - High [452]

Description: USB Audio Class System Driver Remote Code Execution Vulnerability

35. Security Feature Bypass - Windows Remote Desktop (CVE-2023-35332) - High [448]

Description: Windows Remote Desktop Protocol Security Feature Bypass

Dark Reading: Organizations that have to comply with regulations such as FEDRAMP, PCI, HIPAA, SOC2, and similar regulations should pay attention to CVE-2023-35332: a Windows Remote Desktop Protocol Security Feature Bypass flaw, said Dor Dali, head of research at Cyolo. The vulnerability has to do with the usage of outdated and deprecated protocols, including Datagram Transport Layer Security (DTLS) version 1.0, which presents substantial security and compliance risk to organizations, he said. In situations where an organization cannot immediately update, they should disable UDP support in the RDP gateway, he said.

36. Security Feature Bypass - Windows Remote Desktop (CVE-2023-35352) - High [448]

Description: Windows Remote Desktop Security Feature Bypass Vulnerability

Qualys: CVE-2023-35352: Windows Remote Desktop Security Feature Bypass Vulnerability Windows Remote Desktop helps to connect Windows, Android, or iOS devices to a Windows 10 PC from afar. Successful exploitation of the vulnerability would allow an attacker to bypass certificate or private key authentication when establishing a remote desktop protocol session. A remote attacker may exploit this vulnerability in a low-complexity attack.

Rapid7: CVE-2023-35352 will be of interest to anyone running an RDP server. Although the advisory is short on detail, an attacker could bypass certificate or private key authentication when establishing a remote desktop protocol session. Although the CVSS v3 base score of 7.5 falls short of the critical band, this is only because Microsoft has scored this vulnerability as having no impact on either confidentiality or availability, probably because the scoring is against the RDP service itself rather than whatever may be accessed downstream; this seems like a case where CVSS cannot fully capture the potential risk, and Microsoft’s Security Update Severity Rating System does rank this vulnerability as critical.

37. Remote Code Execution - Microsoft SharePoint Server (CVE-2023-33134) - High [440]

Description: Microsoft SharePoint Server Remote Code Execution Vulnerability

Qualys: Other Microsoft Vulnerability Highlights CVE-2023-21526 is an information disclosure vulnerability in Windows Netlogon. The vulnerability can be exploited in a man-in-the-middle (MITM) attack. To read or manipulate network communications, the attacker must insert themself into the logical network channel that connects the target with the requested resource. A successful exploit may lead to interception and potential modification of traffic between client and server systems. CVE-2023-33134 is a remote code execution vulnerability in the Microsoft SharePoint Server. An attacker must have the “Use Remote Interfaces” and “Add and Customize Pages” permissions to exploit this vulnerability on a Policy Center site. In a network-based attack, an attacker must be authenticated to a SharePoint Online tenant associated with a hybrid deployment to tamper with data. The vulnerability is exploited when this altered data is synchronized to the on-premises server. On the on-premises server, the attacker’s code will be executed in the context of the SharePoint timer service. CVE-2023-35312 is an elevation of privilege vulnerability in Microsoft VOLSNAP.SYS. Successful exploitation of the vulnerability would allow an attacker to gain ADMINISTRATOR privileges.

Dark Reading: Microsoft's mammoth July update contained fixes for four RCE vulnerabilities in SharePoint server, which has become a popular attacker target recently. Microsoft rated two of the bugs as "important" (CVE-2023-33134 and CVE-2023-33159) and the other two as "critical" (CVE-2023-33157 and CVE-2023-33160). "All of them require the attacker to be authenticated or the user to perform an action that, luckily, reduces the risk of a breach," said Yoav Iellin, senior researcher at Silverfort. "Even so, as SharePoint can contain sensitive data and is usually exposed from outside the organization, those who use the on-premises or hybrid versions should update."

38. Remote Code Execution - Microsoft SharePoint Server (CVE-2023-33160) - High [440]

Description: Microsoft SharePoint Server Remote Code Execution Vulnerability

Qualys: CVE-2023-33160: Microsoft SharePoint Server Remote Code Execution Vulnerability To exploit this vulnerability, an attacker must be authenticated to the target site as the Site Member at the least. On successful exploitation, an attacker may perform a remote attack to get access to the victim’s information and the ability to alter data. An attacker may also cause downtime for the targeted environment by exploiting the vulnerability. An attacker could use deserialization of unsafe data input vulnerability to exploit the vulnerable APIs. To exploit the vulnerability, a user must use a vulnerable API on an affected version of SharePoint with specially crafted input, potentially leading to remote code execution on the SharePoint Server.

Rapid7: Anyone responsible for on-prem SharePoint should patch to avoid a variety of potential impacts from exploitation of CVE-2023-33157 and CVE-2023-33160, including information disclosure and editing, as well as reduced availability of the targeted environment. While both of these vulnerabilities require that an attacker already be authenticated as a user with at least Site Member privileges, this isn’t necessarily much of a defense, since this is the lowest standard permission group with the least privileges other than the read-only Site Visitor role, and will typically be widely granted. Microsoft assesses exploitation as more likely for both of these.

Dark Reading: Microsoft's mammoth July update contained fixes for four RCE vulnerabilities in SharePoint server, which has become a popular attacker target recently. Microsoft rated two of the bugs as "important" (CVE-2023-33134 and CVE-2023-33159) and the other two as "critical" (CVE-2023-33157 and CVE-2023-33160). "All of them require the attacker to be authenticated or the user to perform an action that, luckily, reduces the risk of a breach," said Yoav Iellin, senior researcher at Silverfort. "Even so, as SharePoint can contain sensitive data and is usually exposed from outside the organization, those who use the on-premises or hybrid versions should update."

39. Remote Code Execution - Paint 3D (CVE-2023-32047) - High [438]

Description: Paint 3D Remote Code Execution Vulnerability

40. Remote Code Execution - Paint 3D (CVE-2023-35374) - High [438]

Description: Paint 3D Remote Code Execution Vulnerability

41. Remote Code Execution - Raw Image Extension (CVE-2023-32051) - High [438]

Description: Raw Image Extension Remote Code Execution Vulnerability

42. Security Feature Bypass - Windows Remote Desktop (CVE-2023-32043) - High [436]

Description: Windows Remote Desktop Security Feature Bypass Vulnerability

43. Remote Code Execution - Visual Studio Code GitHub Pull Requests and Issues Extension (CVE-2023-36867) - High [435]

Description: Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability

44. Remote Code Execution - Microsoft Office Graphics (CVE-2023-33149) - High [433]

Description: Microsoft Office Graphics Remote Code Execution Vulnerability

45. Elevation of Privilege - .NET and Visual Studio (CVE-2023-33127) - High [429]

Description: .NET and Visual Studio Elevation of Privilege Vulnerability

46. Remote Code Execution - MediaWiki PandocUpload Extension (CVE-2023-35333) - High [428]

Description: MediaWiki PandocUpload Extension Remote Code Execution Vulnerability

47. Security Feature Bypass - Windows MSHTML Platform (CVE-2023-35308) - High [425]

Description: Windows MSHTML Platform Security Feature Bypass Vulnerability

Kaspersky: The remaining two vulnerabilities — CVE-2023-35308 and CVE-2023-35336 — can be used to bypass security features. The first allows a cybercriminal to create a file bypassing the Mark-of-the-Web mechanism so that the file can be opened by Microsoft Office applications without Protected View mode. And both holes can be used to trick a victim into accessing a URL in a less restrictive Internet Security Zone than intended.

48. Security Feature Bypass - Windows MSHTML Platform (CVE-2023-35336) - High [425]

Description: Windows MSHTML Platform Security Feature Bypass Vulnerability

Kaspersky: The remaining two vulnerabilities — CVE-2023-35308 and CVE-2023-35336 — can be used to bypass security features. The first allows a cybercriminal to create a file bypassing the Mark-of-the-Web mechanism so that the file can be opened by Microsoft Office applications without Protected View mode. And both holes can be used to trick a victim into accessing a URL in a less restrictive Internet Security Zone than intended.

49. Remote Code Execution - Microsoft Excel (CVE-2023-33158) - High [421]

Description: Microsoft Excel Remote Code Execution Vulnerability

50. Remote Code Execution - Microsoft Excel (CVE-2023-33161) - High [421]

Description: Microsoft Excel Remote Code Execution Vulnerability

51. Memory Corruption - Microsoft Edge (CVE-2023-3217) - High [419]

Description: Chromium: CVE-2023-3217 Use after free in WebXR. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2023-3217 was published before July 2023 Patch Tuesday from 2023-06-14 to 2023-07-10

52. Remote Code Execution - Microsoft Failover Cluster (CVE-2023-32033) - High [416]

Description: Microsoft Failover Cluster Remote Code Execution Vulnerability

53. Remote Code Execution - Microsoft ODBC Driver for SQL Server (CVE-2023-29356) - High [416]

Description: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

MS PT Extended: CVE-2023-29356 was published before July 2023 Patch Tuesday from 2023-06-14 to 2023-07-10

54. Remote Code Execution - Microsoft ODBC Driver for SQL Server (CVE-2023-32025) - High [416]

Description: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

MS PT Extended: CVE-2023-32025 was published before July 2023 Patch Tuesday from 2023-06-14 to 2023-07-10

55. Remote Code Execution - Microsoft ODBC Driver for SQL Server (CVE-2023-32026) - High [416]

Description: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

MS PT Extended: CVE-2023-32026 was published before July 2023 Patch Tuesday from 2023-06-14 to 2023-07-10

56. Remote Code Execution - Microsoft ODBC Driver for SQL Server (CVE-2023-32027) - High [416]

Description: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

MS PT Extended: CVE-2023-32027 was published before July 2023 Patch Tuesday from 2023-06-14 to 2023-07-10

57. Remote Code Execution - Microsoft ODBC and OLE DB (CVE-2023-29349) - High [416]

Description: Microsoft ODBC and OLE DB Remote Code Execution Vulnerability

MS PT Extended: CVE-2023-29349 was published before July 2023 Patch Tuesday from 2023-06-14 to 2023-07-10

58. Remote Code Execution - Microsoft OLE DB (CVE-2023-32028) - High [416]

Description: Microsoft OLE DB Remote Code Execution Vulnerability

MS PT Extended: CVE-2023-32028 was published before July 2023 Patch Tuesday from 2023-06-14 to 2023-07-10

59. Memory Corruption - Microsoft Edge (CVE-2023-3214) - High [407]

Description: Chromium: CVE-2023-3214 Use after free in Autofill payments. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2023-3214 was published before July 2023 Patch Tuesday from 2023-06-14 to 2023-07-10

60. Memory Corruption - Microsoft Edge (CVE-2023-3216) - High [407]

Description: Chromium: CVE-2023-3216 Type Confusion in V8. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2023-3216 was published before July 2023 Patch Tuesday from 2023-06-14 to 2023-07-10

61. Memory Corruption - Microsoft Edge (CVE-2023-3420) - High [407]

Description: Chromium: CVE-2023-3420 Type Confusion in V8. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2023-3420 was published before July 2023 Patch Tuesday from 2023-06-14 to 2023-07-10

62. Memory Corruption - Microsoft Edge (CVE-2023-3421) - High [407]

Description: Chromium: CVE-2023-3421 Use after free in Media. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2023-3421 was published before July 2023 Patch Tuesday from 2023-06-14 to 2023-07-10

63. Denial of Service - Microsoft Message Queuing (CVE-2023-32044) - High [405]

Description: Microsoft Message Queuing Denial of Service Vulnerability

64. Denial of Service - Microsoft Message Queuing (CVE-2023-32045) - High [405]

Description: Microsoft Message Queuing Denial of Service Vulnerability

65. Remote Code Execution - Microsoft ActiveX (CVE-2023-33152) - High [404]

Description: Microsoft ActiveX Remote Code Execution Vulnerability

Medium (78)

66. Memory Corruption - Microsoft Edge (CVE-2023-3215) - Medium [395]

Description: Chromium: CVE-2023-3215 Use after free in WebRTC. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2023-3215 was published before July 2023 Patch Tuesday from 2023-06-14 to 2023-07-10

67. Denial of Service - Windows CryptoAPI (CVE-2023-35339) - Medium [389]

Description: Windows CryptoAPI Denial of Service Vulnerability

68. Denial of Service - Windows Extended Negotiation (CVE-2023-35330) - Medium [389]

Description: Windows Extended Negotiation Denial of Service Vulnerability

69. Denial of Service - Windows Peer Name Resolution Protocol (CVE-2023-35338) - Medium [389]

Description: Windows Peer Name Resolution Protocol Denial of Service Vulnerability

70. Denial of Service - RPC (CVE-2023-32034) - Medium [377]

Description: Remote Procedure Call Runtime Denial of Service Vulnerability

71. Denial of Service - RPC (CVE-2023-32035) - Medium [377]

Description: Remote Procedure Call Runtime Denial of Service Vulnerability

72. Denial of Service - RPC (CVE-2023-33164) - Medium [377]

Description: Remote Procedure Call Runtime Denial of Service Vulnerability

73. Denial of Service - RPC (CVE-2023-33166) - Medium [377]

Description: Remote Procedure Call Runtime Denial of Service Vulnerability

74. Denial of Service - RPC (CVE-2023-33167) - Medium [377]

Description: Remote Procedure Call Runtime Denial of Service Vulnerability

75. Denial of Service - RPC (CVE-2023-33168) - Medium [377]

Description: Remote Procedure Call Runtime Denial of Service Vulnerability

76. Denial of Service - RPC (CVE-2023-33169) - Medium [377]

Description: Remote Procedure Call Runtime Denial of Service Vulnerability

77. Denial of Service - RPC (CVE-2023-33172) - Medium [377]

Description: Remote Procedure Call Runtime Denial of Service Vulnerability

78. Denial of Service - RPC (CVE-2023-33173) - Medium [377]

Description: Remote Procedure Call Runtime Denial of Service Vulnerability

79. Denial of Service - RPC (CVE-2023-35314) - Medium [377]

Description: Remote Procedure Call Runtime Denial of Service Vulnerability

80. Denial of Service - RPC (CVE-2023-35318) - Medium [377]

Description: Remote Procedure Call Runtime Denial of Service Vulnerability

81. Denial of Service - RPC (CVE-2023-35319) - Medium [377]

Description: Remote Procedure Call Runtime Denial of Service Vulnerability

82. Denial of Service - Windows Authentication (CVE-2023-35329) - Medium [377]

Description: Windows Authentication Denial of Service Vulnerability

83. Denial of Service - Windows Deployment Services (CVE-2023-35321) - Medium [377]

Description: Windows Deployment Services Denial of Service Vulnerability

84. Elevation of Privilege - Windows Server Update Service (WSUS) (CVE-2023-32056) - Medium [377]

Description: Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability

85. Memory Corruption - Microsoft Edge (CVE-2023-3422) - Medium [371]

Description: Chromium: CVE-2023-3422 Use after free in Guest View. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2023-3422 was published before July 2023 Patch Tuesday from 2023-06-14 to 2023-07-10

86. Denial of Service - Windows Local Security Authority (LSA) (CVE-2023-35331) - Medium [365]

Description: Windows Local Security Authority (LSA) Denial of Service Vulnerability

87. Elevation of Privilege - Windows Partition Management Driver (CVE-2023-33154) - Medium [365]

Description: Windows Partition Management Driver Elevation of Privilege Vulnerability

88. Elevation of Privilege - Windows Kernel (CVE-2023-35364) - Medium [358]

Description: Windows Kernel Elevation of Privilege Vulnerability

89. Security Feature Bypass - Microsoft SharePoint Server (CVE-2023-33165) - Medium [351]

Description: Microsoft SharePoint Server Security Feature Bypass Vulnerability

90. Information Disclosure - Windows Netlogon (CVE-2023-21526) - Medium [347]

Description: Windows Netlogon Information Disclosure Vulnerability

Qualys: Other Microsoft Vulnerability Highlights CVE-2023-21526 is an information disclosure vulnerability in Windows Netlogon. The vulnerability can be exploited in a man-in-the-middle (MITM) attack. To read or manipulate network communications, the attacker must insert themself into the logical network channel that connects the target with the requested resource. A successful exploit may lead to interception and potential modification of traffic between client and server systems. CVE-2023-33134 is a remote code execution vulnerability in the Microsoft SharePoint Server. An attacker must have the “Use Remote Interfaces” and “Add and Customize Pages” permissions to exploit this vulnerability on a Policy Center site. In a network-based attack, an attacker must be authenticated to a SharePoint Online tenant associated with a hybrid deployment to tamper with data. The vulnerability is exploited when this altered data is synchronized to the on-premises server. On the on-premises server, the attacker’s code will be executed in the context of the SharePoint timer service. CVE-2023-35312 is an elevation of privilege vulnerability in Microsoft VOLSNAP.SYS. Successful exploitation of the vulnerability would allow an attacker to gain ADMINISTRATOR privileges.

91. Information Disclosure - Windows Print Spooler (CVE-2023-35325) - Medium [347]

Description: Windows Print Spooler Information Disclosure Vulnerability

92. Spoofing - Windows Admin Center (CVE-2023-29347) - Medium [347]

Description: Windows Admin Center Spoofing Vulnerability

Tenable: CVE-2023-29347 | Windows Admin Center Spoofing Vulnerability

Tenable: CVE-2023-29347 is a spoofing vulnerability in Windows Admin Center (WAC) assigned a CVSSv3 score of 8.7 and a max severity rating of important. The vulnerability lies in the web server component of WAC, however malicious scripts would execute on a victims browser, so Microsoft’s CVSS scoring reflects this as a scope change. There are several ways a remote, authenticated attacker can exploit the vulnerability: through a malicious script imported into the WAC HTML form, through a.csv file imported to the user interface or through the WAC API. Successful exploitation allows the attacker to perform operations on the WAC server using the privileges of the victim.

93. Elevation of Privilege - Windows Kernel (CVE-2023-35304) - Medium [346]

Description: Windows Kernel Elevation of Privilege Vulnerability

94. Elevation of Privilege - Windows Kernel (CVE-2023-35305) - Medium [346]

Description: Windows Kernel Elevation of Privilege Vulnerability

95. Elevation of Privilege - Windows Kernel (CVE-2023-35356) - Medium [346]

Description: Windows Kernel Elevation of Privilege Vulnerability

96. Elevation of Privilege - Windows Kernel (CVE-2023-35357) - Medium [346]

Description: Windows Kernel Elevation of Privilege Vulnerability

97. Elevation of Privilege - Windows Kernel (CVE-2023-35358) - Medium [346]

Description: Windows Kernel Elevation of Privilege Vulnerability