Service Notices

All Notices > Security Notices > Microsoft Releases July 2023 Security Updates

Microsoft Releases July 2023 Security Updates

Jul 14, 2023 GMT+08:00

I. Overview

Microsoft has released its July 2023 Security Updates. A total of 130 security vulnerabilities have been disclosed, among which 9 are marked as important vulnerabilities. Attackers can exploit these vulnerabilities to implement remote code execution, privilege escalation, and security feature bypass. The affected applications include Microsoft Windows, Microsoft Office, Microsoft Visual Studio and .NET.

For details, visit the Microsoft official website:

https://msrc.microsoft.com/update-guide/releaseNote/2023-Jul

The following vulnerabilities have been exploited by attackers:

Microsoft Outlook Security Feature Bypass Vulnerability (CVE-2023-35311): 0-day vulnerability. A remote attacker would lure a user into clicking a specially crafted URL to trigger the vulnerability. Successful exploitation of this vulnerability can bypass the Microsoft Outlook Security Notice prompt and execute arbitrary code on the compromised system. This vulnerability has been exploited in the wild, and the risk is high.

Office and Windows HTML Remote Code Execution Vulnerability (CVE-2023-36884): 0-day vulnerability. A remote attacker would lure a user into opening a specially crafted Microsoft Office document to trigger the vulnerability. Successful exploitation of the vulnerability can cause remote code execution. This vulnerability has been exploited in the wild, and the risk is high.

Windows Error Reporting Service Elevation of Privilege Vulnerability (CVE-2023-36874): 0-day vulnerability. Successful exploitation of this vulnerability allows attackers to obtain management privileges of the target system. This vulnerability has been exploited in the wild, and the risk is high.

Windows SmartScreen Security Feature Bypass Vulnerability (CVE-2023-32049): 0-day vulnerability. A remote attacker would lure a user into clicking a specially crafted URL to trigger the vulnerability. Successful exploitation of this vulnerability can bypass the Open File - Security Warning prompt and execute arbitrary code on the target system. This vulnerability has been exploited in the wild, and the risk is high.

Windows MSHTML Platform Elevation of Privilege Vulnerability (CVE-2023-32046): 0-day vulnerability. A remote attacker would lure a user into opening a specially crafted file to trigger the vulnerability. Successful exploitation of the vulnerability can cause arbitrary code execution on the target system. This vulnerability has been exploited in the wild, and the risk is high.

In addition, pay attention to the wild exploitation of the Microsoft signature driver. The Microsoft ID is ADV230001. For details, see the Microsoft official description.

6 vulnerabilities (such as CVE-2023-33134, CVE-2023-33157, and CVE-2023-35312) are marked as Exploitation More Likely. For details, see the official announcement. Please perform security self-check and security hardening in a timely manner to reduce attack risks.

II. Severity

Severity: important

(Severity: low, moderate, important, and critical)

III. Affected Products

Microsoft Windows, Microsoft Office, Visual Studio, and .NET.

IV. Vulnerability Details

CVE ID	Vulnerability	Severity	Description
CVE-2023-35297	Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability	Important	A remote attacker would send a specially crafted data packet to the target server to trigger the vulnerability. Successful exploitation of the vulnerability will cause remote code execution.
CVE-2023-35367 CVE-2023-35366 CVE-2023-35365	Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability	Important	A remote attacker would send a specially crafted data packet to the target server to trigger the vulnerability. Successful exploitation of the vulnerability will cause remote code execution.
CVE-2023-32057	Microsoft Message Queuing Remote Code Execution Vulnerability	Important	To exploit this vulnerability, an attacker would need to send a specially crafted malicious MSMQ packet to an MSMQ server. This could result in remote code execution on the server side.
CVE-2023-35352	Windows Remote Desktop Security Feature Bypass Vulnerability	Important	An attacker who successfully exploited the vulnerability could bypass certificate or private key authentication when establishing a remote desktop protocol session.
CVE-2023-35315	Windows Layer-2 Bridge Network Driver Code Execution Vulnerability	Important	An unauthenticated attacker could exploit the vulnerability by sending a specially crafted request to a target server. Successful exploitation of the vulnerability can lead to remote code execution.
CVE-2023-33160	Microsoft SharePoint Server Remote Code Execution Vulnerability	Important	A remote attacker triggers a vulnerability by passing specially crafted input to an affected application. Successful exploitation of the vulnerability can lead to remote code execution on the target system.
CVE-2023-33157	Microsoft SharePoint Remote Code Execution Vulnerability	Important	An authenticated attacker who has obtained access to the management list can exploit this vulnerability to remotely execute code on the target server.

(Note: Vulnerabilities listed above are important ones. For more information, refer to the official website of Microsoft.)

V. Security Recommendations

1. Use Windows Update or download patches from the following address to fix the vulnerabilities:

https://msrc.microsoft.com/update-guide

2. Back up data remotely to protect your data.

Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.