Microsoft Monthly Security Update (July 2023)
Microsoft has released monthly security update for their products:
| Vulnerable Product | Risk Level | Impacts | Notes |
| Windows |  High Risk | Elevation of Privilege Denial of Service Information Disclosure Remote Code Execution Security Restriction Bypass Spoofing | CVE-2023-32046 is being exploited in the wild. The vulnerability can be exploited to gain the rights of the user that is running the affected application, but this CVE is required local access and user interaction. It is rated as high risk.
CVE-2023-32049 is being exploited in the wild. The vulnerability can be exploited to bypass the Open File – Security Warning prompt, but this CVE is required user interaction. It is rated as high risk.
CVE-2023-36874 is being exploited in the wild. The vulnerability can be exploited to gain administrator privileges, but this CVE is required local access. It is rated as high risk. |
| Microsoft Office | High Risk | Elevation of Privilege Remote Code Execution Security Restriction Bypass Spoofing Information Disclosure | CVE-2023-35311 is being exploited in the wild. The vulnerability can be exploited to bypass the Microsoft Outlook Security Notice prompt, but this CVE is required user interaction. It is rated as high risk.
CVE-2023-36884 is being exploited in the wild. The vulnerability can be exploited by creating a specially crafted Microsoft Office document that enables them to perform remote code execution in the context of the victim, but this CVE is required user interaction. It is rated as high risk. |
| Extended Security Updates (ESU) | High Risk | Denial of Service Information Disclosure Remote Code Execution Security Restriction Bypass Elevation of Privilege | CVE-2023-32046 is being exploited in the wild. The vulnerability can be exploited to gain the rights of the user that is running the affected application, but this CVE is required local access and user interaction. It is rated as high risk.
CVE-2023-36874 is being exploited in the wild. The vulnerability can be exploited to gain administrator privileges, but this CVE is required local access. It is rated as high risk. |
| Apps |  Medium Risk | Remote Code Execution | |
| Developer Tools | Medium Risk | Remote Code Execution Elevation of Privilege Security Restriction Bypass Spoofing | |
| System Center | Medium Risk | Elevation of Privilege | |
| Microsoft Dynamics |  Low Risk | Spoofing | |
| Azure | Medium Risk | Information Disclosure |
Number of ‘Extremely High Risk’ product(s): 0
Number of ‘High Risk’ product(s): 3
Number of ‘Medium Risk’ product(s): 4
Number of ‘Low Risk’ product(s): 1
Evaluation of overall ‘Risk Level’: High Risk
RISK: High Risk
TYPE: Operating Systems – Windows OS
Impact
- Denial of Service
- Elevation of Privilege
- Information Disclosure
- Remote Code Execution
- Spoofing
- Security Restriction Bypass
System / Technologies affected
- Windows
- Microsoft Office
- Extended Security Updates (ESU)
- Apps
- Developer Tools
- System Center
- Microsoft Dynamics
- Azure
Solutions
Before installation of the software, please visit the vendor web-site for more details.
- Apply fixes issued by the vendor.
Vulnerability Identifier
Source
Related Link
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
