Microsoft's July 'Patch Tuesday' finds record amount of Cyber Security threats
Every second Tuesday of each month is Microsoft’s monthly Patch Tuesday, this month however was an eye-raising month when compared to Microsoft’s March Patch Release, as July has now broken the record for the most found vulnerabilities. Patches for this month include six zero-day vulnerabilities, 37 remote code execution vulnerabilities with another 89 security flaws.
Vulnerabilities Found:
33 Elevation of Privilege Vulnerabilities
13 Security Feature Bypass Vulnerabilities
38 Remote Code Execution Vulnerabilities
19 Information Disclosure Vulnerabilities
22 Denial of Service Vulnerabilities
7 Spoofing Vulnerabilities
Among the six zero-day vulnerabilities, two was listed as "important", while four were classified as "critical" . These include exploits that can bypass email security scanning allowing malicious content to be sent to the victim, remote code injecting which allows a threat actor anywhere in the world to target your device and also an exploit to bypass Microsoft’s SmartScreen Security Feature, allowing malicious applications to be executed.
CVE-2023-35311 - With a CVSS score of 8.8 | Vulnerability: Microsoft Outlook Security Feature Bypass Vulnerability
CVE-2023-32049 - With a CVSS score of 8.8 | Vulnerability: Microsoft Windows Defender SmartScreen Security Feature Bypass Vulnerability
CVE-2023-36884 - With a CVSS score of 8.3 | Vulnerability: Microsoft Office and Windows HTML Remote Code Execution Vulnerability
CVE-2023-32046 - With a CVSS score of 7.8 | Vulnerability: Vulnerability NameDate AddedDue DateRequired ActionMicrosoft Windows MSHTML Platform Privilege Escalation Vulnerability
CVE-2023-36874 - With a CVSS score of 7.8 | Vulnerability: Microsoft Windows Error Reporting Service Privilege Escalation Vulnerability
The other 89 vulnerabilities addressed in this update are classified as "important" or "moderate". The majority of these vulnerabilities could potentially allow an attacker to execute arbitrary code or access sensitive data on a system.
Microsoft has made it clear that it is taking these vulnerabilities very seriously and is urging users to update their systems as soon as possible. In a blog post announcing the updates, Microsoft stated that "These vulnerabilities pose a significant risk to users and have the potential to be exploited for malicious purposes."
In addition to the security updates, Microsoft also released several new features and improvements in this latest update. These include enhancements to Windows Defender Antivirus, updates to the Microsoft Malware Protection Engine, and improvements to Microsoft Edge.
Overall, the July 2023 Patch Tuesday security update from Microsoft is an important reminder that even the most secure systems can be vulnerable to new threats. Businesses and individual users must stay up to date with the latest security patches and take a proactive approach to protecting their valuable data and systems. By following the best practices for cybersecurity and staying abreast of the latest threats, users can help ensure that they stay safe and secure online.
Your Security is our Priority
Your friendly Support Team
Speak to us about all your computer needs
This is Part of our Cyber Security awareness educational campaign. Through this training, you will learn awareness and key principles, and best practices to protect yourself, your organisation, and the public from cyber attackers. You will also be equipped with the knowledge to identify potential threats and take action before any damage can occur.