Skip to main content

Microsoft Monthly Security Update (July 2023)

Release Date: 12 Jul 2023 5827 Views

RISK: High Risk

TYPE: Operating Systems - Windows OS

TYPE: Windows OS

Microsoft has released monthly security update for their products:

 

Vulnerable ProductRisk LevelImpactsNotes
WindowsHigh Risk High RiskElevation of Privilege
Denial of Service
Information Disclosure
Remote Code Execution
Security Restriction Bypass
Spoofing

CVE-2023-32046 is being exploited in the wild.

The vulnerability can be exploited to gain the rights of the user that is running the affected application, but this CVE is required local access and user interaction. It is rated as high risk.

 

CVE-2023-32049 is being exploited in the wild.

The vulnerability can be exploited to bypass the Open File - Security Warning prompt, but this CVE is required user interaction. It is rated as high risk.

 

CVE-2023-36874 is being exploited in the wild.

The vulnerability can be exploited to gain administrator privileges, but this CVE is required local access. It is rated as high risk.

Microsoft OfficeHigh RiskHigh RiskElevation of Privilege
Remote Code Execution
Security Restriction Bypass
Spoofing
Information Disclosure

CVE-2023-35311 is being exploited in the wild.

The vulnerability can be exploited to bypass the Microsoft Outlook Security Notice prompt, but this CVE is required user interaction. It is rated as high risk.

 

CVE-2023-36884 is being exploited in the wild.

The vulnerability can be exploited by creating a specially crafted Microsoft Office document that enables them to perform remote code execution in the context of the victim, but this CVE is required user interaction. It is rated as high risk.

Extended Security Updates (ESU)High Risk High RiskDenial of Service
Information Disclosure
Remote Code Execution
Security Restriction Bypass
Elevation of Privilege

CVE-2023-32046 is being exploited in the wild.

The vulnerability can be exploited to gain the rights of the user that is running the affected application, but this CVE is required local access and user interaction. It is rated as high risk.

 

CVE-2023-36874 is being exploited in the wild.

The vulnerability can be exploited to gain administrator privileges, but this CVE is required local access. It is rated as high risk.

AppsMedium Risk Medium RiskRemote Code Execution 
Developer ToolsMedium Risk Medium RiskRemote Code Execution
Elevation of Privilege
Security Restriction Bypass
Spoofing
 
System CenterMedium Risk Medium RiskElevation of Privilege 
Microsoft DynamicsLow Risk Low RiskSpoofing 
AzureMedium Risk Medium RiskInformation Disclosure 

 

Number of 'Extremely High Risk' product(s): 0

Number of 'High Risk' product(s): 3

Number of 'Medium Risk' product(s): 4

Number of 'Low Risk' product(s): 1

Evaluation of overall 'Risk Level': High Risk


Impact

  • Denial of Service
  • Elevation of Privilege
  • Information Disclosure
  • Remote Code Execution
  • Spoofing
  • Security Restriction Bypass

System / Technologies affected

  • Windows
  • Microsoft Office
  • Extended Security Updates (ESU)
  • Apps
  • Developer Tools
  • System Center
  • Microsoft Dynamics
  • Azure

Solutions

Before installation of the software, please visit the vendor web-site for more details.

  •  Apply fixes issued by the vendor.

Vulnerability Identifier


Source


Related Link