What We Do
How We Do
Resources
Company
Partners
Apply to become an e3 ecosystem partner with eSentire, the Authority in Managed Detection and Response.
Login to the Partner Portal for resources and content for current partners.
Get Started
Security advisories

Update - Microsoft Zero-Day Vulnerabilities

July 12, 2023 | 2 MINS READ

Speak With A Security Expert Now

TALK TO AN EXPERT

THE THREAT

Microsoft has disclosed five actively exploited zero-day vulnerabilities in the July Patch Tuesday release. It is critical that organizations prioritize the patching of these vulnerabilities as exploitation is ongoing. The zero-day vulnerabilities from this release are classified as Remote Code Execution (RCE), Privilege Escalation, and Security Feature Bypass. One vulnerability from this release (CVE-2023-36884) is confirmed to be exploited by the Russian-based threat actor group Storm-0978. Real-world attacks were identified impacting military and government bodies primarily in Europe.

It should be noted that all of the exploited vulnerabilities from this release require either user interaction or previous access to the vulnerable system; this reduces the likelihood of rapid adoption and widespread exploitation. All five vulnerabilities are reported to be exploited in targeted attacks at this time.

What we're doing about it

What you should do about it

Additional information

This month Microsoft addressed a total of 130 separate vulnerabilities. This is by far the largest number of vulnerabilities included in a Microsoft Patch Tuesday release this year. Additionally, this is the last Patch Tuesday before BlackHat, which may explain the above-average zero-day count. While the zero-day vulnerabilities are most concerning, there are five additional vulnerabilities that Microsoft tracks as “exploitation more likely.”

The zero-day vulnerabilities from this release are as follows:

CVE-2023-36884 (CVSS: 8.3) - Office and Windows HTML Remote Code Execution Vulnerability

CVE-2023-35311 (CVSS: 8.8) - Microsoft Outlook Security Feature Bypass Vulnerability

CVE-2023-32049 (CVSS: 8.8) - Windows SmartScreen Security Feature Bypass Vulnerability

CVE-2023-32046 (CVSS: 7.8) - Windows MSHTML Platform Elevation of Privilege Vulnerability

CVE-2023-36874 (CVSS: 7.8) - Windows Error Reporting Service Elevation of Privilege Vulnerability

References:

[1] https://msrc.microsoft.com/update-guide/vulnerability
[2] https://www.microsoft.com/en-us/security/blog/2023/07/11/storm-0978-attacks-reveal-financial-and-espionage-motives/
[3] https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884
[4] https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35311
[5] https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32049
[6] https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32046
[7] https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36874

View Most Recent Advisories