www.isgtech.com
Open in
urlscan Pro
151.101.194.159
Public Scan
URL:
https://www.isgtech.com/microsoft-critical-actively-exploited-vulnerabilities-july-2023/
Submission: On March 05 via api from IL — Scanned from IL
Submission: On March 05 via api from IL — Scanned from IL
Form analysis 0 forms found in the DOM
Text Content
Skip to content
* Services
How We Help
Leveling Up IT Operations
LaunchPoint Assessment
Managed Services
Professional Services
Infrastructure
Network Management
Server and Storage Management
Firewall / Perimeter
Workforce Productivity
Managed Microsoft 365
Hosted Voice VoIP
Data Protection
Backup & Disaster Recovery
Microsoft 365 Backup
Cybersecurity
Managed Security
Prevention Security
Endpoint Protection
Threat Detection
READY TO LEVEL UP YOUR IT OPERATIONS?
Get Started
* Industries
* Healthcare
* Finance
* Government
* Education
* About
* About
* People
* Process
* Careers
* Client Spotlight
* News & Insights
* Contact
*
BLOG
MICROSOFT CRITICAL & ACTIVELY EXPLOITED VULNERABILITIES – JULY 2023
On July 11, 2023, Microsoft published their July 2023 Security Update with
patches for 130 vulnerabilities and 2 advisories, with 6 of these being actively
exploited in the wild.
This article provides mitigation guidance regarding multiple critical
vulnerabilities.
If you are an ISG customer that utilizes our endpoint and/or server management
services, we are and will be addressing these vulnerabilities as patches become
available.
SUMMARY
WindowsImpacted ProductsWindows Server 2012 R2, Windows Server 2012, Windows
Server 2008 R2 Service Pack 1, Windows Server 2008 Service Pack 2, Windows
Server 2016, Windows Server 2019, Windows Server 2022Windows 10, Windows 10
Version 22H2, Windows 11 Version 22H2, Windows 10 Version 21H2, Windows 11
Version 21H2, Windows 10 Version 1809
CVE-2023-32057 (CVSS 9.8 – Critical): Microsoft Message Queuing Remote Code
Execution Vulnerability – A threat actor could successfully exploit this
vulnerability and achieve remote code execution on the server side by sending a
specially crafted malicious Message Queuing Service (MSMQ) packet to a MSMQ
server.
CVE-2023-35365, CVE-2023-35366, CVE-2023-35367 (CVSS 9.8 – Critical): Windows
Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability – A
threat actor could successfully exploit these vulnerabilities and achieve remote
code execution by sending specially crafted packets to a server configured with
the Routing and Remote Access Service running.
CVE-2023-32046 (CVSS 7.8 – High): Windows MSHTML Platform Elevation of Privilege
Vulnerability – To exploit this vulnerability, a threat actor needs the user to
open a malicious file that has been delivered to them via email or a compromised
website. Successful execution of this vulnerability results in the threat actor
gaining the privileges of the user who opened the malicious file.
* Note: This vulnerability is being actively exploited.
CVE-2023-32049 (CVSS 8.8 – High): Windows SmartScreen Security Feature Bypass
Vulnerability – Exploitation requires the user to click on a specially crafted
URL and results in the threat actor being able to bypass the Open File –
Security Warning prompt.
* Note: This vulnerability is being actively exploited.
CVE-2023-36874 (CVSS 7.8 – High): Windows Error Reporting Service Elevation of
Privilege Vulnerability – A threat actor with local access to the target machine
with restricted, normal user privileges can exploit this vulnerability to gain
administrator privileges on the machine.
* Note: This vulnerability is being actively exploited.
CVE-2023-36884 (CVSS 8.3 – High): Office and Windows HTML Remote Code Execution
Vulnerability – A publicly disclosed and unpatched vulnerability involves threat
actors convincing a user to open a malicious Microsoft Office document to enable
remote code execution.
* Note: This vulnerability is being actively exploited. Microsoft has observed
the threat actor tracked as Storm-0978 exploiting this vulnerability in a
phishing campaign targeting defense and government entities in Europe and
North America.
ADV230001: Guidance on Microsoft Signed Drivers Being Used Maliciously – Threat
actors who had already gained administrator privileges on compromised systems
were using drivers certified with Microsoft’s Windows Hardware Developer Program
(MWHDP) in post exploitation activity. Microsoft has revoked the code-signing
certificates and developer accounts associated with this activity.
* Note: This flaw is being actively exploited.
Microsoft OfficeImpacted ProductsMicrosoft Word 2013 RT Service Pack 1,
Microsoft Word 2016 , Microsoft Office LTSC 2021, Microsoft 365 Apps for
Enterprise, Microsoft Office 2019
CVE-2023-33150 (CVSS 9.6 – Critical): Microsoft Outlook Security Feature Bypass
Vulnerability – To exploit this vulnerability, a threat actor would require a
user to open a malicious file that has been delivered to them via email or a
malicious or compromised website and click through Office Security Prompt(s). As
a result the threat actor can escape the Office Protected View.
CVE-2023-35311 (CVSS 8.8 – High): Microsoft Outlook Security Feature Bypass
Vulnerability – Exploitation requires the user to click on a specially crafted
URL and results in the threat actor being able to bypass the Microsoft Outlook
Security Notice prompt.
* Note: This vulnerability is being actively exploited.
CVE-2023-36884 (CVSS 8.3 – High): Office and Windows HTML Remote Code Execution
Vulnerability – A publicly disclosed and unpatched vulnerability involves threat
actors convincing a user to open a malicious Microsoft Office document to enable
remote code execution.
* Note: This vulnerability also impacts Microsoft Windows products.
RECOMMENDATIONS
RECOMMENDATION #1: APPLY SECURITY UPDATES TO IMPACTED PRODUCTS
ISG Technology and our security partners strongly recommend applying the
available security updates to all impacted products to prevent potential
exploitation. For those vulnerable to CVE-2023-32046, Microsoft recommends
customers who install Security Only updates install the IE Cumulative updates
for this vulnerability.
Note: As always, we recommend following change management best practices for
deploying security patches, including testing changes in a dev environment
before deploying to production to avoid operational impact.
Windows 10 Version 1607
CVE-2023-24897, CVE-2023-32015, CVE-2023-32014, CVE-2023-29363
Security Update: 5027123, 5027219
Windows 10 Version 1809
CVE-2023-24897, CVE-2023-32013, CVE-2023-32015, CVE-2023-32014, CVE-2023-29363
Security Update: 5027536, 5027222
Windows 10 Version 21H2
CVE-2023-24897, CVE-2023-32013, CVE-2023-32015, CVE-2023-32014, CVE-2023-29363
Security Update: 5027537, 5027215
Windows 10 Version 22H2
CVE-2023-24897, CVE-2023-32013, CVE-2023-32015, CVE-2023-32014, CVE-2023-29363
Security Update: 5027538, 5027215
Windows 10
CVE-2023-24897, CVE-2023-32015, CVE-2023-32014, CVE-2023-29363
Security Update: 5027230
Windows 11 Version 22H2
CVE-2023-24897, CVE-2023-32013, CVE-2023-32015, CVE-2023-32014, CVE-2023-29363
Security Update: 5027119, 5027231
Windows 11 Version 21H2
CVE-2023-24897, CVE-2023-32013, CVE-2023-32015, CVE-2023-32014, CVE-2023-29363
Security Update: 5027539, 5027223
Windows Server 2008 R2
CVE-2023-24897, CVE-2023-32015, CVE-2023-32014, CVE-2023-29363
Monthly Rollup: 5027540, 5027275
Security Update: 5027531, 5027256
Windows Server 2008
CVE-2023-24897, CVE-2023-32015, CVE-2023-32014, CVE-2023-29363
Monthly Rollup: 5027543, 5027279
Security Update: 5027534, 5027277
Windows Server 2012
CVE-2023-24897, CVE-2023-32015, CVE-2023-32014, CVE-2023-29363
Monthly Rollup: 5027541, 5027283
Security Update: 5027532, 5027281
Windows Server 2012 R2
CVE-2023-24897, CVE-2023-32015, CVE-2023-32014, CVE-2023-29363
Monthly Rollup: 5027542, 5027271
Security Update: 5027533, 5027282
Windows Server 2016
CVE-2023-24897, CVE-2023-32015, CVE-2023-32014, CVE-2023-29363
Security Update: 5027219, 5027123
Windows Server 2019
CVE-2023-24897, CVE-2023-32013, CVE-2023-32015, CVE-2023-32014, CVE-2023-29363
Security Update: 5027536, 5027222
Windows Server 2022
CVE-2023-24897, CVE-2023-32013, CVE-2023-32015, CVE-2023-32014, CVE-2023-29363
Security Update: 5027544, 5027225
Microsoft Visual Studio 2017 Version 15.9
CVE-2023-24897
Release Notes
Microsoft Visual Studio 2022 Version 17.2
CVE-2023-24897
Release Notes
Microsoft Visual Studio 2019 Version 16.11
CVE-2023-24897
Release Notes
Microsoft Visual Studio 2022 Version 17.0
CVE-2023-24897
Release Notes
Microsoft Visual Studio 2022 Version 17.4
CVE-2023-24897
Release Notes
Microsoft Visual Studio 2022 Version 17.6
CVE-2023-24897
Release Notes
Microsoft Visual Studio 2013 Update 5
CVE-2023-24897
Security Update: 5026610
Microsoft Visual Studio 2015 Update 3
CVE-2023-24897
Security Update: 5025792
.NET 7.0
CVE-2023-24897
Security Update: 5027798
.NET 6.0
CVE-2023-24897
Security Update: 5027797
Microsoft SharePoint Server 2019
CVE-2023-29357
Security Update: 5002402, 5002403
RECOMMENDATION #2: DISABLE MESSAGE QUEUING SERVICE (MSMQ) IF NOT REQUIRED
To be vulnerable, CVE-2023-32057 requires Message Queuing (MSMQ) service to be
enabled. Consider disabling MSMQ if the service is not required in your
environment to prevent exploitation.
Note: You can check by looking for a service running named “Message Queuing” and
for TCP port 1801 listening on the system.
If disabling MSMQ is not feasible, consider blocking inbound connections to TCP
port 1801 from suspicious sources.
RECOMMENDATION #3: DISABLE THE ROUTING AND REMOTE ACCESS SERVICE (RRAS) ROLE IF
NOT REQUIRED
To be vulnerable, CVE-2023-35367 requires the Routing and Remote Access Service
(RRAS) role to be enabled, which is not installed by default. Consider disabling
RRAS if the service is not required in your environment to prevent exploitation.
REFERENCES
Microsoft Vulnerability Advisories:
* CVE-2023-32057 –
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-32057
* CVE-2023-33150 –
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-33150
* CVE-2023-35365 –
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-35365
* CVE-2023-35366 –
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-35366
* CVE-2023-35367 –
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-35367
* CVE-2023-32046 –
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-32046
* CVE-2023-32049 –
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-32049
* CVE-2023-35311 –
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-35311
* CVE-2023-36874 –
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-36874
* CVE-2023-36884 –
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-36884
* ADV230001 –
https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV230001
* CVE-2023-36884 Exploitation Details –
https://www.microsoft.com/en-us/security/blog/2023/07/11/storm-0978-attacks-reveal-financial-and-espionage-motives/
NEED HELP?
If you need help with any of these patches, please contact us or talk to your
ISG Representative.
ISG Technology Recognized on CRN’s 2023 Security 100 List
Remote Code Execution Vulnerability Affecting FortiOS and FortiProxy
(CVE-2023-33308)
What We Do
* Managed Services
* Professional Services
* Data Center Services
Recent Posts
* 26
Feb
Strategic or Stalled? Assessing the State of Your Tech Initiatives Comments
Off on Strategic or Stalled? Assessing the State of Your Tech Initiatives
* 21
Feb
Have You Benchmarked Your IT Maturity Level? Here’s Where to Start. Comments
Off on Have You Benchmarked Your IT Maturity Level? Here’s Where to Start.
* 19
Feb
ISG Technology Recognized on CRN’s 2024 Security 100 List Comments Off on ISG
Technology Recognized on CRN’s 2024 Security 100 List
NAVIGATION
Home
Services
Client Spotlight
About
People
Process
Careers
News & Insights
Contact
SOLUTIONS
Managed Services
Professional Services
Server/Storage Management
INDUSTRIES
Healthcare
Finance
Governement
Education
LOCATIONS
Kansas City (HQ)
Springfield
Topeka
Oklahoma City
St. Louis
Wichita
(833) 394-6365
Powered by Lemonade Stand | Privacy Policy
ISG Technology © 2024 All Rights reserved.
* Services
* Services
* Leveling Up IT Operations
* LaunchPoint Assessment
* Managed Services
* Professional Services
* Infrastructure
* Infrastructure
* Network Management
* Server and Storage Management
* Firewall / Perimeter
* Workforce Productivity
* Workforce Productivity
* Managed Microsoft 365
* Hosted Voice VoIP
* Data Protection
* Data Protection
* Backup & Disaster Recovery
* Microsoft 365 Backup
* Cybersecurity
* Cybersecurity
* Managed Security
* Prevention Security
* Endpoint Protection
* Threat Detection
* Industries
* Industries
* Healthcare
* Finance
* Government
* Education
* About
* About
* About
* People
* Process
* Careers
* Client Spotlight
* News & Insights
* Contact
* (833) 394-6365
*