July’s Patch Tuesday has been a big one for Microsoft compared to recent months with a total of 130 vulnerabilities being patched divided between 9 critical and 121 important vulnerabilities. This release of Patch Tuesday is also accompanied by 2 publicly disclosed vulnerabilities and 6 vulnerabilities exploited in the wild.
A remote code execution vulnerability in Microsoft Message Queuing (MSMQ) component in Windows would allow a remote unauthenticated attacker to send malicious MSMQ packets to a vulnerable MSMQ server leading to arbitrary code execution. A mitigation of this is that the Message Queueing service needs to be enabled on the vulnerable server for this exploit to be successful. This vulnerability is not publicly disclosed or exploited in the wild but boasts an impressive CVSS of 9.8 making it a critical vulnerability.
Three Remote Code Execution vulnerabilities have been reported in Windows Routing and Remote Access Service that allows router and VPN gateway capabilities, each scoring a CVSS of 9.8. exploiting these vulnerabilities requires an attacker to send specially crafted packets to a vulnerable server. Fortunately, RRAS is not installed on Windows operating systems by default so those who haven’t installed and enabled the service aren’t affected by this attack.
This important, publicly disclosed, and exploited in the wild vulnerability has been investigated by Microsoft due to it being exploited in targeted attacks by threat actor Storm-0978, a Russian-based cybercriminal group. An attacker could create a specially crafted Microsoft Office document that enables them to perform remote code execution on the victim's machine, the malicious file would need to be opened to start a remote code execution exploit. Customers who use Microsoft Defender for Office are protected from attachments that attempt to exploit this vulnerability prior to this patch.
If a victim receives a specially crafted URL from an attacker and they open it, it will be able to bypass the Windows SmartScreen security feature prompt when downloading or opening a file from the internet. This important vulnerability is known to be actively exploited and was discovered by Microsoft’s threat intelligence centre.
This is the second vulnerability this month that has been seen exploited in the wild. With a CVSS of 8.8, this important vulnerability would allow an attacker to bypass the Microsoft Outlook Security Notice prompt when a user clicks on a specially crafted URL to be compromised by the attacker, similar to CVE-2023-32049. This can be exploited through the Preview Pane however “additional user interaction” is needed reports Microsoft.
For a full list of this month’s updates please see the links below:
Patch Tuesday release notes: https://msrc.microsoft.com/update-guide/releaseNote/2023-Jul
Security update guide: https://msrc.microsoft.com/update-guide/
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
