![]() ![]() An attacker could bypass the Open File – Security Warning prompt on successful exploitation. CVE-2023-32049: Windows SmartScreen Security Feature Bypass VulnerabilityĪn attacker must make the users click on a specially crafted URL to exploit the vulnerability. An attacker could bypass the Microsoft Outlook Security Notice prompt on successful exploitation. CVE-2023-35311: Microsoft Outlook Security Feature Bypass VulnerabilityĪn attacker must send a specially crafted URL to exploit this vulnerability. On successful exploitation, an attacker could gain administrator privileges. To exploit the vulnerability, an attacker must have local access to the targeted machine, and the user must have permission to create folders and performance traces on the device, with restricted privileges that regular users have by default. ![]() The service reports the information to Microsoft and provides users with available solutions. Windows Error Reporting is an event-based feedback infrastructure designed to collect information on the issues that Windows detects. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file to exploit the vulnerability.ĬVE-2023-36874: Windows Error Reporting Service Elevation of Privilege Vulnerability.In an email attack scenario, an attacker must send the specially crafted file to the users and convince them to open it.The vulnerability can be exploited in both email and web-based attack scenarios. Even though the Internet Explorer (IE) 11 desktop application has reached the end of support, MSHTML vulnerabilities are still relevant today and are being patched by Microsoft. Windows MSHTML is a browser engine that renders web pages frequently connected to Internet Explorer. Zero-day Vulnerabilities Patched in July Patch Tuesday Edition CVE-2023-32046: Windows MSHTML Platform Elevation of Privilege Vulnerability The critical severity vulnerabilities could lead to arbitrary code execution and security feature bypass. Out of 15 vulnerabilities, only three are rated as critical. The advisories addressed 15 vulnerabilities in Adobe InDesign and Adobe ColdFusion. The July 2023 Microsoft vulnerabilities are classified as follows: Vulnerability CategoryĪdobe has released two security advisories in this month’s updates. Microsoft has fixed several flaws in multiple software, including Denial of Service (DoS), Elevation of Privilege (EoP), Information Disclosure, Remote Code Execution (RCE), Security Feature Bypass, and Spoofing. Microsoft Patch Tuesday, July edition includes updates for vulnerabilities in Microsoft Office and Components, Windows Layer-2 Bridge Network Driver, Windows Local Security Authority (LSA), Windows Media, Windows Message Queuing, Windows MSHTML Platform, Windows Netlogon, Win32K, Microsoft Power Apps, and more. ![]() This month’s security updates included one Defense-in-depth update ( ADV230001) and one for the Trend Micro EFI Modules ( ADV230002).ĬISA has added four zero-day vulnerabilities (CVE-2023-32046, CVE-2023-32049, CVE-2023-35311, and CVE-2023-36874) to its Known Exploited Vulnerabilities Catalog and requested users to patch it before August 1, 2023. ![]() Microsoft has not addressed any vulnerabilities related to Microsoft Edge (Chromium-based) in this month’s Patch Tuesday Edition. Nine of these 132 vulnerabilities are rated as critical and 122 as important. This month’s Patch Tuesday edition has fixed six zero-day vulnerabilities known to be exploited in the wild. Microsoft has released July’s edition of Patch Tuesday! This installment of security updates addressed 132 security vulnerabilities in various products, features, and roles. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |