On July 11, Microsoft released security bulletins to fix 132 vulnerabilities.
With the July Patch Tuesday, Microsoft also fixed six zero-day vulnerabilities. For your quick reference, the following are the zero-day vulnerabilities:
CVE-2023-32046 – Windows MSHTML Platform Elevation of Privilege Vulnerability
CVE-2023-32049 – Windows SmartScreen Security Feature Bypass Vulnerability
CVE-2023-36874 – Windows Error Reporting Service Elevation of Privilege Vulnerability
CVE-2023-36884 – Office and Windows HTML Remote Code Execution Vulnerability
CVE-2023-35311 – Microsoft Outlook Security Feature Bypass Vulnerability
ADV230001 – Guidance on Microsoft Signed Drivers Being Used Maliciously
The Qualys Threat Research Unit (TRU) finds CVE-2023-36884 particularly interesting. Microsoft attributes this vulnerability to a threat actor named Storm-0978/RomCom. Additionally, due to the nature of these vulnerabilities, the chances that a threat actor will combine CVE-2023-32049, and CVE-2023-35311 with CVE-2023-36884 are high.
What is interesting about this threat actor, which can be — attributed to the Russian region — is that this group employs clever tactics to stay under the radar. It also uses ransomware-laced activities, which might help its real espionage goals remain undetected.
More surprising is that no patches have been released for this vulnerability. Microsoft mentions that Microsoft Defender for Office 365 already protects systems by enabling the “Block all Office applications” as per the attack surface reduction rules on creating child processes.
About Patch Tuesday
Patch Tuesday (also known as Update Tuesday) is an unofficial term used to refer to when Microsoft, Adobe, Oracle, and others regularly release software patches for their software products. It is widely referred to in this way by the industry. Microsoft formalized Patch Tuesday in October 2003. Patch Tuesday occurs on the second Tuesday of each month.
Security implication
An obvious security implication is that security problems that have a solution are withheld from the public for up to a month. This policy is adequate when the vulnerability is not widely known or is extremely obscure, but that is not always the case.
There have been cases where vulnerability information became public or worms were circulating before the next scheduled Patch Tuesday. In critical cases Microsoft issues corresponding patches as they become ready, alleviating the risk if updates are checked for and installed frequently.
About Qualys Endpoint Security
Endpoint security is comprised of cybersecurity technologies focused on defending endpoints from malware and ransomware. An endpoint is any connected device such as desktops, laptops, mobile devices, operational technology (OT) and IoT nodes.
Common endpoint security solutions include endpoint protection platforms (EPP), endpoint detection and response (EDR), extended detection and response (XDR) and managed detection and response (MDR).
Qualys offers Multi-Vector EDR and Context XDR, both of which include endpoint protection platform (EPP) functionality.
Learn more about Qualys' Endpoint Security Solutions and which one is right for your organization.
