Microsoft made a significant security update release on July Patch Tuesday, addressing a total of 130 new vulnerabilities, including five zero-day exploits. This release poses a significant challenge for IT departments due to the high number of vulnerabilities and the complexity of some of the required mitigations.
Among the vulnerabilities addressed in this release, nine were rated as critical. This means that they have the potential to cause severe damage if exploited by threat actors. Chris Goettl, Vice President of Security Product Management at Ivanti, expressed concern about the potential impact of these vulnerabilities, stating, “I have a feeling July is going to have a lot of collateral damage, a lot of operational impact and a lot of deferred updates for a period of time.”
One of the zero-day vulnerabilities addressed in this release is a Secure Boot security feature bypass vulnerability (CVE-2023-24932). Microsoft had previously released a fix for this vulnerability in May, but the July revision makes it easier to deploy the necessary files to revoke system boot managers and audit this action through the event log. Microsoft has provided instructions for this deployment and urges customers to follow through to enhance the security of their systems.
Another important zero-day exploit addressed in this release is a Microsoft Outlook vulnerability (CVE-2023-35311), which allows for a security feature bypass. This vulnerability has a high CVSS rating of 8.8, indicating its potential severity. An attacker could target a user with a specially crafted URL using the Outlook preview pane as an attack vector. However, the user would need to click the link for the attacker to exploit the vulnerability.
In addition to the zero-days, Microsoft also addressed several other vulnerabilities that pose potential risks. One of these is a Windows Error Reporting Service elevation-of-privilege vulnerability (CVE-2023-36874) that affects Windows desktop and server systems. To exploit this vulnerability and gain administrator privileges, the attacker needs local access to the target machine with permissions to create folders and performance traces.
Microsoft also released two advisories as part of this update. The first advisory (ADV230001) highlights the exploitation of drivers certified by Microsoft’s Windows Hardware Developer Program to gain administrator privileges. The company has taken steps to prevent further damage by revoking trust in these drivers and driver signing certificates.
The second advisory (ADV230002) relates to additional protections provided by Microsoft to supplement a fix released by Trend Micro for a security feature bypass vulnerability in one of its products. These measures aim to strengthen security and prevent further exploitation.
Finally, this update includes advancements in two key authentication protocols, Kerberos and Netlogon. Microsoft issued patches in November 2022 to address vulnerabilities in these protocols, and the July Patch Tuesday marks the next steps in their remediation. These updates aim to strengthen the protocols and allow administrators to test any impact on their infrastructure before implementing more stringent configurations.
Overall, the July Patch Tuesday from Microsoft includes a significant number of vulnerabilities and updates. IT departments will face a challenging task in addressing these vulnerabilities and implementing the necessary mitigations. Microsoft advises organizations to promptly patch their systems to minimize exposure to potential threats.