Microsoft’s July 2023 Patch Tuesday Addresses 130 CVEs

On July 11, Microsoft published its July 2023 Patch Tuesday release which patched 130 CVEs with nine rated as critical and 121 rated as important.

As part of its July release, Microsoft patched five zero-day vulnerabilities that were exploited in the wild:

• CVE-2023-35311: Microsoft Outlook Security Feature Bypass Vulnerability
• CVE-2023-32049: Windows SmartScreen Security Feature Bypass Vulnerability
• CVE-2023-36884: Office and Windows HTML Remote Code Execution Vulnerability
• CVE-2023-36874: Windows Error Reporting Service Elevation of Privilege Vulnerability
• CVE-2023-32046: Windows MSHTML Platform Elevation of Privilege Vulnerability

Microsoft also published an advisory (ADV230001) regarding the malicious use of Microsoft Signed Drivers as part of post-compromise activity.

This month’s update includes patches for:

• ASP.NET and .NET
• Microsoft Dynamics
• Microsoft Graphics Component
• Microsoft Media-Wiki Extensions
• Microsoft Office
• Microsoft Office Access
• Microsoft Office Excel
• Microsoft Office Outlook
• Microsoft Office SharePoint
• Microsoft Power Apps
• Microsoft Printer Drivers
• Microsoft Windows Codecs Library
• NET and Visual Studio
• Paint 3D
• Role: DNS Server
• Windows Active Template Library
• Windows Admin Center
• Windows App Store
• Windows Authentication Methods
• Windows CDP User Components
• Windows Cluster Server
• Windows Cloud Files Mini Filter Driver
• Windows Common Log File System Driver
• Windows Connected User Experiences and Telemetry
• Windows CryptoAPI
• Windows Cryptographic Services
• Windows CNG Key Isolation Service
• Windows Deployment Services
• Windows EFI Partition
• Windows Failover Cluster
• Windows Geolocation Service
• Windows HTTP.sys
• Windows Image Acquisition
• Windows Installer
• Windows Kernel
• Windows Layer-2 Bridge Network Driver
• Windows Layer 2 Tunneling Protocol
• Windows Local Security Authority (LSA)
• Windows Message Queuing
• Windows MSHTML Platform
• Windows Netlogon
• Windows ODBC Driver
• Windows OLE
• Windows Online Certificate Status Protocol (OCSP) SnapIn
• Windows Partition Management Driver
• Windows Peer Name Resolution Protocol
• Windows PGM
• Windows Power Apps
• Windows Print Spooler Components
• Windows Printer Drivers
• Windows Remote Desktop
• Windows Remote Procedure Call
• Windows Server Update Service
• Windows SmartScreen
• Windows SPNEGO Extended Negotiation
• Windows Transaction Manager
• Windows Update Orchestrator Service
• Windows VOLSNAP.SYS
• Windows Volume Shadow Copy
• Windows Win32K

For more information, please visit our blog.