July 2023 Patch Tuesday
-
It's that time again, yet another patch tuesday, and this one is kind of crazy.
We have the follow count of vulnerabilities:
- 37 Remote Code Executition
- 33 Elevation of Privilege
- 22 DoS
- 19 Information Disclosure
- 13 Security Feature Bypass
- 7 Spoofing
Of those vulnerabilities 6 of them are Zero Days:
- CVE-2023-32046 - Windows MSHTML Elevation of Privilege
- CVE-2023-32049 - SmartScreen Bypass
- CVE-2023-36874 - Error Reporting Elevation of Privilege
- CVE-2023-36884 - Office and Windows HTML Code Execution
- CVE-2023-35311 - Outlook Preview Pane Security Bypass
Out of these bugs, the only one that requires admin intervention is CVE-2023-36884, notably you should add the following registry keys (note that this is in .reg file format) IF you do not have the "Block all Office Apps from creating child processes" ASR enabled.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION] "Excel.exe"=dword:00000001 "Graph.exe"=dword:00000001 "MSAccess.exe"=dword:00000001 "MSPub.exe"=dword:00000001 "PowerPoint.exe"=dword:00000001 "Visio.exe"=dword:00000001 "WinProj.exe"=dword:00000001 "WinWord.exe"=dword:00000001 "Wordpad.exe"=dword:00000001
Additionally, Microsoft published a security advisor related to some drivers that were signed being used maliciously after initial compromise. Microsoft has revoked those certificates from the program and blocked them. You can read more about that in ADV230001
Thanks again Microsoft for keeping all of sysadmins in business and making money
For the full list of all the vulnerabilities patched you can go to the release notes
-
No issues on my Win 11 laptop so far since updating. AD servers are updating later tonight so we'll see how that goes in the morning.
-
This is the same patch that will start enforcing that fix in Active Directory right?
-
BillyScott that’s enforced in this round of updates if you’re on about the Kerberos signing, yes.
-
BillyScott as katos pointed out yes Kerberos signing is enforced in this round of updates.
I can also come back after the AD updates last night and say that it had zero impact on our business this morning. So far everything is business as usual.