Skip to main content
Tag

Patch Management

Microsoft Patch Tuesday Update | July 2023

By Patch Management, Patch Tuesday, Video, Webinars

Watch July’s Microsoft Patch Tuesday Forecast On Demand

Dive into this month’s bulletins and strategies for tackling the latest and most important Patch Tuesday updates.  Syxsense’s Chief Customer Success Officer, Rob Brown, covers all of the latest updates live.

Watch the Webinar

syxsense - patch management, cybersecurity, mobile device management, security scanning, remediation

Hosted by Rob Brown, Chief Customer Success Officer

During his 17 years at Syxsense, Rob’s role has evolved from onsite technical consultant through providing solutions around Patch Management, Vulnerability Management and Security Best Practices. His team have deployed over 100M patches to our global customers over the last decade.

July 12, 2023
Love0
"zero,Day,Exploit"and,Alert,Icon,On,Display,Of,Computer

Microsoft Office and Windows Zero-Day Fix: Syxsense Security Script Ready to Deploy

By Blog, Patch Management, Patch Tuesday

Microsoft Office and Windows Zero-Day Fix: Syxsense Security Script Ready to Deploy

On top of Microsoft’s Patch Tuesday update yesterday, an out-of-band zero-day vulnerability was released. Tagged as CVE-2023-36884, Microsoft highlighted that this vulnerability impacts Windows and Office users and confirmed that it was investigating multiple reports of targeted code execution specifically using Microsoft Office documents.

At this time, there is no patch available.

Syxsense has created a security script and workflow to remediate the issue with a countermeasure. It is available now for Syxsense Secure users to scan and identify your organizational impact and for Syxsense Enterprise users to scan and deploy the countermeasure immediately. Customers can find the workflow in their Syxsense Cortex library, named “Office and Windows HTML Remote Code Execution Vulnerability” or via its CVE number, CVE-2023-36884.

For additional details on this month’s Patch Tuesday release, including a few vulnerabilities currently being exploited, check out our latest blog post.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
July 12, 2023
Love0
July 2023 Patch Tuesday

July 2023 Patch Tuesday: Microsoft releases 130 fixes this month including 10 Critical

By Blog, Patch Management, Patch Tuesday

Microsoft releases 130 fixes this month including 10 Critical and 5 CVSS Rated over 9.0

There are 10 Critical and 120 Important severity fixes this month.  Microsoft Windows, Components, Office and Office Components, .NET and Visual Studio, Azure Active Directory and DevOps, Microsoft Dynamics, Printer Drivers, DNS Server and Remote Desktop have all received fixes this month.

An additional Microsoft zero-day vulnerability was released overnight. More details on that vulnerability and the Syxsense remediation can be found here.

Robert Brown, Head of Customer Success for Syxsense, said, “We have 5 patches that resolve vulnerabilities which have a CVSS score of more than 9 (Critical), and if you count all the individual CVSS scores together, July has a combined CVSS score of 861.7 up from 500.2 last month.  The average CVSS score was 7.2, which indicates a lot of very high profile and important updates were fixed in this release.”

Based on the Vendor Severity & CVSS Score, we have made a few recommendations below.  As usual we recommend our customers enter the CVE numbers below into your Patch Management solution and deploy as soon as testing is complete.

CVE-2023-32049 – Windows SmartScreen Security Feature Bypass Vulnerability
This vulnerability was found by the Microsoft Threat Intelligence team.  The attacker would be able to bypass the Open File – Security Warning prompt.

Note:  The vulnerability is being weaponized.

Syxscore

  • Vendor Severity: Important
  • CVSS: 8.8
  • Weaponized: Yes
  • Public Aware: No
  • Countermeasure: No

Syxscore Risk

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: None
  • User Interaction: Required
  • Scope (Jump Point): Unchanged / No

CVE-2023-35311 – Microsoft Outlook Security Feature Bypass Vulnerability
This vulnerability impacts Microsoft Outlook and the user would have to click on a specially crafted URL or email to be compromised by the attacker.  The Preview Pane is an attack vector, but additional user interaction is required.

Note:  The vulnerability is being weaponized.

Syxscore

  • Vendor Severity: Important
  • CVSS: 8.8
  • Weaponized: Yes
  • Public Aware: No
  • Countermeasure: No

Syxscore Risk

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: None
  • User Interaction: Required
  • Scope (Jump Point): Unchanged / No

CVE-2023-33150 – Microsoft Office Security Feature Bypass Vulnerability
In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.  In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.

Note:  The vulnerability has a Jump Point. In this case, successful exploitation of this vulnerability would allow an attacker to escape the Office Protected View.

Syxscore

  • Vendor Severity: Important
  • CVSS: 9.6
  • Weaponized: No
  • Public Aware: No
  • Countermeasure: No

Syxscore Risk

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: Low
  • User Interaction: Required
  • Scope (Jump Point): Changed / Yes
Reference Description Vendor Severity CVSS Score Weaponized Publicly Aware Countermeasure Additional Details Impact Exploitability Assessment
CVE-2023-32049 Windows SmartScreen Security Feature Bypass Vulnerability Important 8.8 Yes No Security Feature Bypass Exploitation Detected
CVE-2023-35311 Microsoft Outlook Security Feature Bypass Vulnerability Important 8.8 Yes No Security Feature Bypass Exploitation Detected
CVE-2023-32046 Windows MSHTML Platform Elevation of Privilege Vulnerability Important 7.8 Yes No Elevation of Privilege Exploitation Detected
CVE-2023-36874 Windows Error Reporting Service Elevation of Privilege Vulnerability Important 7.8 Yes No Elevation of Privilege Exploitation Detected
CVE-2023-33150 Microsoft Office Security Feature Bypass Vulnerability Important 9.6 No No

Scope = Changed, Jump Point = True

Successful exploitation of this vulnerability would allow an attacker to escape the Office Protected View.

 Security Feature Bypass Exploitation Less Likely
CVE-2023-32038 Microsoft ODBC Driver Remote Code Execution Vulnerability Important 8.8 No No Remote Code Execution Exploitation Less Likely
CVE-2023-33134 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 8.8 No No Remote Code Execution Exploitation More Likely
CVE-2023-33159 Microsoft SharePoint Server Spoofing Vulnerability Important 8.8 No No Spoofing Exploitation Less Likely
CVE-2023-35300 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important 8.8 No No The authenticated attacker could take advantage of this vulnerability to execute malicious code through the RPC runtime. Remote Code Execution Exploitation Less Likely
CVE-2023-35302 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability Important 8.8 No No

Option 1 – Disable the Print Spooler service

If disabling the Print Spooler service is appropriate for your enterprise, use the following PowerShell commands:

Stop-Service -Name Spooler -Force
Set-Service -Name Spooler -StartupType Disabled

Impact of workaround Disabling the Print Spooler service disables the ability to print both locally and remotely.

Option 2 – Disable inbound remote printing through Group Policy

You can also configure the settings via Group Policy as follows:

Computer Configuration / Administrative Templates / Printers

Disable the “Allow Print Spooler to accept client connections:” policy to block remote attacks.

You must restart the Print Spooler service for the group policy to take effect.

 Remote Code Execution Exploitation Less Likely
CVE-2023-35303 USB Audio Class System Driver Remote Code Execution Vulnerability Important 8.8 No No Elevation of Privilege Exploitation Less Likely
CVE-2023-35322 Windows Deployment Services Remote Code Execution Vulnerability Important 8.8 No No Remote Code Execution Exploitation Less Likely
CVE-2023-35333 MediaWiki PandocUpload Extension Remote Code Execution Vulnerability Important 8.8 No No Remote Code Execution Exploitation Less Likely
CVE-2023-35364 Windows Kernel Elevation of Privilege Vulnerability Important 8.8 No No

Scope = Changed, Jump Point = True

In this case, a successful attack could be performed from a low privilege AppContainer. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment.

 Elevation of Privilege Exploitation Less Likely
CVE-2023-29347 Windows Admin Center Spoofing Vulnerability Important 8.7 No No

Scope = Changed, Jump Point = True

The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.

 Spoofing Exploitation Less Likely
CVE-2023-33171 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Important 8.2 No No

Scope = Changed, Jump Point = True

The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.

 Spoofing Exploitation Less Likely
CVE-2023-35335 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Important 8.2 No No

Scope = Changed, Jump Point = True

The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.

 Spoofing Exploitation Less Likely
CVE-2023-33127 .NET and Visual Studio Elevation of Privilege Vulnerability Important 8.1 No No Elevation of Privilege Exploitation Less Likely
CVE-2023-33170 ASP.NET and Visual Studio Security Feature Bypass Vulnerability Important 8.1 No No Security Feature Bypass Exploitation Less Likely
CVE-2023-21756 Windows Win32k Elevation of Privilege Vulnerability Important 7.8 No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Elevation of Privilege Exploitation Less Likely
CVE-2023-32047 Paint 3D Remote Code Execution Vulnerability Important 7.8 No No Remote Code Execution Exploitation Unlikely
CVE-2023-32051 Raw Image Extension Remote Code Execution Vulnerability Important 7.8 No No Remote Code Execution Exploitation Less Likely
CVE-2023-32053 Windows Installer Elevation of Privilege Vulnerability Important 7.8 No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Elevation of Privilege Exploitation Less Likely
CVE-2023-32056 Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability Important 7.8 No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Elevation of Privilege Exploitation Less Likely
CVE-2023-33148 Microsoft Office Elevation of Privilege Vulnerability Important 7.8 No No An attacker who successfully exploited this vulnerability could execute RPC functions that are restricted to local clients only. Elevation of Privilege Exploitation Less Likely
CVE-2023-33149 Microsoft Office Graphics Remote Code Execution Vulnerability Important 7.8 No No Remote Code Execution Exploitation Less Likely
CVE-2023-33154 Windows Partition Management Driver Elevation of Privilege Vulnerability Important 7.8 No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Elevation of Privilege Exploitation Less Likely
CVE-2023-33155 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Important 7.8 No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Elevation of Privilege Exploitation Less Likely
CVE-2023-33158 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No Remote Code Execution Exploitation Less Likely
CVE-2023-33161 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No Remote Code Execution Exploitation Less Likely
CVE-2023-35299 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Elevation of Privilege Exploitation Less Likely
CVE-2023-35304 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Elevation of Privilege Exploitation Less Likely
CVE-2023-35305 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Elevation of Privilege Exploitation Less Likely
CVE-2023-35312 Microsoft VOLSNAP.SYS Elevation of Privilege Vulnerability Important 7.8 No No An attacker who successfully exploited this vulnerability could gain administrator privileges. Elevation of Privilege Exploitation More Likely
CVE-2023-35317 Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability Important 7.8 No No An attacker who successfully exploited this vulnerability could gain administrator privileges. Elevation of Privilege Exploitation Less Likely
CVE-2023-35320 Connected User Experiences and Telemetry Elevation of Privilege Vulnerability Important 7.8 No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Elevation of Privilege Exploitation Less Likely
CVE-2023-35323 Windows OLE Remote Code Execution Vulnerability Important 7.8 No No Remote Code Execution Exploitation Less Likely
CVE-2023-35328 Windows Transaction Manager Elevation of Privilege Vulnerability Important 7.8 No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Elevation of Privilege Exploitation Less Likely
CVE-2023-35337 Win32k Elevation of Privilege Vulnerability Important 7.8 No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Elevation of Privilege Exploitation Less Likely
CVE-2023-35340 Windows CNG Key Isolation Service Elevation of Privilege Vulnerability Important 7.8 No No

Scope = Changed, Jump Point = True

In this case, a successful attack could be performed from a low privilege AppContainer. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment.

 Elevation of Privilege Exploitation Less Likely
CVE-2023-35342 Windows Image Acquisition Elevation of Privilege Vulnerability Important 7.8 No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Elevation of Privilege Exploitation Less Likely
CVE-2023-35343 Windows Geolocation Service Remote Code Execution Vulnerability Important 7.8 No No Remote Code Execution Exploitation Less Likely
CVE-2023-35353 Connected User Experiences and Telemetry Elevation of Privilege Vulnerability Important 7.8 No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Elevation of Privilege Exploitation Less Likely
CVE-2023-35356 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Elevation of Privilege Exploitation Less Likely
CVE-2023-35357 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Elevation of Privilege Exploitation Less Likely
CVE-2023-35358 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Elevation of Privilege Exploitation Less Likely
CVE-2023-35362 Windows Clip Service Elevation of Privilege Vulnerability Important 7.8 No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Elevation of Privilege Exploitation Less Likely
CVE-2023-35363 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Elevation of Privilege Exploitation Less Likely
CVE-2023-35374 Paint 3D Remote Code Execution Vulnerability Important 7.8 No No

You can check the package version in PowerShell:

Get-AppxPackage -Name Microsoft.MSPaint

 Remote Code Execution Exploitation Less Likely
CVE-2023-36867 Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability Important 7.8 No No Remote Code Execution Exploitation Less Likely
CVE-2023-32044 Microsoft Message Queuing Denial of Service Vulnerability Important 7.5 No No Denial of Service Exploitation Less Likely
CVE-2023-32045 Microsoft Message Queuing Denial of Service Vulnerability Important 7.5 No No Denial of Service Exploitation Less Likely
CVE-2023-32084 HTTP.sys Denial of Service Vulnerability Important 7.5 No No Denial of Service Exploitation Less Likely
CVE-2023-33163 Windows Network Load Balancing Remote Code Execution Vulnerability Important 7.5 No No Remote Code Execution Exploitation Less Likely
CVE-2023-35298 HTTP.sys Denial of Service Vulnerability Important 7.5 No No Denial of Service Exploitation Less Likely
CVE-2023-35309 Microsoft Message Queuing Remote Code Execution Vulnerability Important 7.5 No No Remote Code Execution Exploitation Less Likely
CVE-2023-35325 Windows Print Spooler Information Disclosure Vulnerability Important 7.5 No No Information Disclosure Exploitation Less Likely
CVE-2023-35330 Windows Extended Negotiation Denial of Service Vulnerability Important 7.5 No No Denial of Service Exploitation Less Likely
CVE-2023-35338 Windows Peer Name Resolution Protocol Denial of Service Vulnerability Important 7.5 No No Denial of Service Exploitation Less Likely
CVE-2023-35339 Windows CryptoAPI  Denial of Service Vulnerability Important 7.5 No No Denial of Service Exploitation Less Likely
CVE-2023-35348 Active Directory Federation Service Security Feature Bypass Vulnerability Important 7.5 No No Scope = Changed, Jump Point = True Security Feature Bypass Exploitation Less Likely
CVE-2023-21526 Windows Netlogon Information Disclosure Vulnerability Important 7.4 No No An attacker who successfully exploited this vulnerability could intercept and potentially modify traffic between client and server systems. Information Disclosure Exploitation More Likely
CVE-2023-32054 Volume Shadow Copy Elevation of Privilege Vulnerability Important 7.3 No No Elevation of Privilege Exploitation Less Likely
CVE-2023-35350 Windows Active Directory Certificate Services (AD CS) Remote Code Execution Vulnerability Important 7.2 No No Remote Code Execution Exploitation Less Likely
CVE-2023-35347 Microsoft Store Install Service Elevation of Privilege Vulnerability Important 7.1 No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Elevation of Privilege Exploitation Less Likely
CVE-2023-32050 Windows Installer Elevation of Privilege Vulnerability Important 7.0 No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Elevation of Privilege Exploitation Less Likely
CVE-2023-33152 Microsoft ActiveX Remote Code Execution Vulnerability Important 7.0 No No Remote Code Execution Exploitation Less Likely
CVE-2023-35360 Windows Kernel Elevation of Privilege Vulnerability Important 7.0 No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Elevation of Privilege Exploitation Less Likely
CVE-2023-35361 Windows Kernel Elevation of Privilege Vulnerability Important 7.0 No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Elevation of Privilege Exploitation Less Likely
CVE-2023-32043 Windows Remote Desktop Security Feature Bypass Vulnerability Important 6.8 No No Security Feature Bypass Exploitation Less Likely
CVE-2023-33153 Microsoft Outlook Remote Code Execution Vulnerability Important 6.8 No No Remote Code Execution Exploitation Less Likely
CVE-2023-35332 Windows Remote Desktop Protocol Security Feature Bypass Important 6.8 No No Security Feature Bypass Exploitation Less Likely
CVE-2023-32055 Active Template Library Elevation of Privilege Vulnerability Important 6.7 No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Elevation of Privilege Exploitation Less Likely
CVE-2023-35313 Windows Online Certificate Status Protocol (OCSP) SnapIn Remote Code Execution Vulnerability Important 6.7 No No Remote Code Execution Exploitation Less Likely
CVE-2023-32033 Microsoft Failover Cluster Remote Code Execution Vulnerability Important 6.6 No No Remote Code Execution Exploitation Less Likely
CVE-2023-35310 Windows DNS Server Remote Code Execution Vulnerability Important 6.6 No No Remote Code Execution Exploitation Less Likely
CVE-2023-35344 Windows DNS Server Remote Code Execution Vulnerability Important 6.6 No No Remote Code Execution Exploitation Less Likely
CVE-2023-35345 Windows DNS Server Remote Code Execution Vulnerability Important 6.6 No No Remote Code Execution Exploitation Less Likely
CVE-2023-35346 Windows DNS Server Remote Code Execution Vulnerability Important 6.6 No No Remote Code Execution Exploitation Less Likely
CVE-2023-32034 Remote Procedure Call Runtime Denial of Service Vulnerability Important 6.5 No No Denial of Service Exploitation Less Likely
CVE-2023-32035 Remote Procedure Call Runtime Denial of Service Vulnerability Important 6.5 No No Denial of Service Exploitation Less Likely
CVE-2023-32037 Windows Layer-2 Bridge Network Driver Information Disclosure Vulnerability Important 6.5 No No Information Disclosure Exploitation Less Likely
CVE-2023-32042 OLE Automation Information Disclosure Vulnerability Important 6.5 No No Information Disclosure Exploitation Less Likely
CVE-2023-32083 Microsoft Failover Cluster Information Disclosure Vulnerability Important 6.5 No No An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Information Disclosure Exploitation Less Likely
CVE-2023-33151 Microsoft Outlook Spoofing Vulnerability Important 6.5 No No Spoofing Exploitation Less Likely
CVE-2023-33164 Remote Procedure Call Runtime Denial of Service Vulnerability Important 6.5 No No Denial of Service Exploitation Less Likely
CVE-2023-33166 Remote Procedure Call Runtime Denial of Service Vulnerability Important 6.5 No No Denial of Service Exploitation Less Likely
CVE-2023-33167 Remote Procedure Call Runtime Denial of Service Vulnerability Important 6.5 No No Denial of Service Exploitation Less Likely
CVE-2023-33168 Remote Procedure Call Runtime Denial of Service Vulnerability Important 6.5 No No Denial of Service Exploitation Less Likely
CVE-2023-33169 Remote Procedure Call Runtime Denial of Service Vulnerability Important 6.5 No No Denial of Service Exploitation Less Likely
CVE-2023-33172 Remote Procedure Call Runtime Denial of Service Vulnerability Important 6.5 No No Denial of Service Exploitation Less Likely
CVE-2023-33173 Remote Procedure Call Runtime Denial of Service Vulnerability Important 6.5 No No Denial of Service Exploitation Less Likely
CVE-2023-35296 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability Important 6.5 No No An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Information Disclosure Exploitation Less Likely
CVE-2023-35308 Windows MSHTML Platform Security Feature Bypass Vulnerability Important 6.5 No No Security Feature Bypass Exploitation Less Likely
CVE-2023-35316 Remote Procedure Call Runtime Information Disclosure Vulnerability Important 6.5 No No An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Information Disclosure Exploitation Less Likely
CVE-2023-35318 Remote Procedure Call Runtime Denial of Service Vulnerability Important 6.5 No No Denial of Service Exploitation Less Likely
CVE-2023-35319 Remote Procedure Call Runtime Denial of Service Vulnerability Important 6.5 No No Denial of Service Exploitation Less Likely
CVE-2023-35321 Windows Deployment Services Denial of Service Vulnerability Important 6.5 No No Denial of Service Exploitation Less Likely
CVE-2023-35329 Windows Authentication Denial of Service Vulnerability Important 6.5 No No Denial of Service Exploitation Less Likely
CVE-2023-35331 Windows Local Security Authority (LSA) Denial of Service Vulnerability Important 6.5 No No Denial of Service Exploitation Less Likely
CVE-2023-35336 Windows MSHTML Platform Security Feature Bypass Vulnerability Important 6.5 No No Security Feature Bypass Exploitation Less Likely
CVE-2023-35351 Windows Active Directory Certificate Services (AD CS) Remote Code Execution Vulnerability Important 6.5 No No Remote Code Execution Exploitation Less Likely
CVE-2023-36868 Azure Service Fabric on Windows Information Disclosure Vulnerability Important 6.5 No No Information Disclosure Exploitation Less Likely
CVE-2023-36871 Azure Active Directory Security Feature Bypass Vulnerability Important 6.5 No No Security Feature Bypass N/A
CVE-2023-33156 Microsoft Defender Elevation of Privilege Vulnerability Important 6.3 No No An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Elevation of Privilege Exploitation Less Likely
CVE-2023-35341 Microsoft DirectMusic Information Disclosure Vulnerability Important 6.2 No No Information Disclosure Exploitation Less Likely
CVE-2023-32039 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability Important 5.5 No No An attacker who successfully exploited this vulnerability could view heap memory from a privileged process running on the server. Information Disclosure Exploitation Less Likely
CVE-2023-32040 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability Important 5.5 No No An attacker who successfully exploited this vulnerability could view heap memory from a privileged process running on the server. Information Disclosure Exploitation Less Likely
CVE-2023-32041 Windows Update Orchestrator Service Information Disclosure Vulnerability Important 5.5 No No Information Disclosure Exploitation Less Likely
CVE-2023-32085 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability Important 5.5 No No An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Information Disclosure Exploitation Less Likely
CVE-2023-33162 Microsoft Excel Information Disclosure Vulnerability Important 5.5 No No Information Disclosure Exploitation Less Likely
CVE-2023-33174 Windows Cryptographic Information Disclosure Vulnerability Important 5.5 No No An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Information Disclosure Exploitation Less Likely
CVE-2023-35306 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability Important 5.5 No No An attacker who successfully exploited this vulnerability could view heap memory from a privileged process running on the server. Information Disclosure Exploitation Less Likely
CVE-2023-35324 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability Important 5.5 No No An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Information Disclosure Exploitation Less Likely
CVE-2023-35326 Windows CDP User Components Information Disclosure Vulnerability Important 5.5 No No Information Disclosure Exploitation Less Likely
CVE-2023-36872 VP9 Video Extensions Information Disclosure Vulnerability Important 5.5 No No An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Information Disclosure Exploitation Less Likely
CVE-2023-32052 Microsoft Power Apps Spoofing Vulnerability Important 5.4 No No Spoofing Exploitation Less Likely
CVE-2023-35314 Remote Procedure Call Runtime Denial of Service Vulnerability Important 5.3 No No Denial of Service Exploitation Less Likely
CVE-2023-35373 Mono Authenticode Validation Spoofing Vulnerability Important 5.3 No No Spoofing Exploitation Less Likely
CVE-2023-33165 Microsoft SharePoint Server Security Feature Bypass Vulnerability Important 4.3 No No Security Feature Bypass Exploitation Less Likely
Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
July 11, 2023
Love0
Third Party Update from Syxsense

June 2023 3rd Party Roundup Webinar

By Patch Management, Patch Tuesday, Video, Webinars

Don’t miss out on June’s powerful Patch Management Update.

Fill out the form to the right to watch as we dive into June’s bulletins and show you strategies for tackling the latest and most important Patch updates. Our IT industry expert, Jon Cassell, Syxsense’s Senior Solutions Architect, covers all of the latest updates.

Syxsense spots critical threats early and deploys instantly, with curated patch content that includes risk assessment, patch prioritization, and dedicated Patch scheduling for simple deployment every month.

Our experts have deployed over 100 million patches. Join us as we tackle this month’s updates and then get your own customized demo to see how Syxsense can help you manage Patch vulnerabilities and more.

Watch the Webinar

Jon_Cassell

Hosted By: Jon Cassell, Syxsense Senior Solutions Architect

Jon is currently a Senior Solutions Architect at Syxsense and has been working in the IT and Infrastructure industries for the last 15 years. Before working at Syxsense, he was an IT Manager for a large financial services firm and has a background in Accounting and Tax consultation. He currently holds an MCSA in Server Infrastructure, A+, Network+, Security+, and Server+ certifications.

June 27, 2023
Love0

Spotlight Webinar: Patching Doesn’t Have to Be Torture — Learn How to Streamline with Syxsense

By Patch Management, Spotlight Webinar, Video, Webinars

Spotlight Webinar: Patching Doesn’t Have to Be Torture — Learn How to Streamline with Syxsense

In June’s class Syxsense’s Pre-Sales Manager Graham Brooks demonstrated how you can streamline patching with Syxsense’s automations and unified endpoint management controls.

Watch the Webinar

June 22, 2023
Love0

Microsoft Patch Tuesday Update | June 2023

By Patch Management, Patch Tuesday, Video, Webinars

Watch June’s Microsoft Patch Tuesday Forecast On Demand

Dive into this month’s bulletins and strategies for tackling the latest and most important Patch Tuesday updates.  Syxsense’s Chief Customer Success Officer, Rob Brown, covers all of the latest updates live.

Watch the Webinar

syxsense - patch management, cybersecurity, mobile device management, security scanning, remediation

Hosted by Rob Brown, Chief Customer Success Officer

During his 17 years at Syxsense, Rob’s role has evolved from onsite technical consultant through providing solutions around Patch Management, Vulnerability Management and Security Best Practices. His team have deployed over 100M patches to our global customers over the last decade.

June 14, 2023
Love0

June 2023 Patch Tuesday: Microsoft releases 69 fixes this month including 6 Critical and 4 CVSS Rated 9.8

By Blog, Patch Management, Patch Tuesday

Microsoft releases 69 fixes this month including 6 Critical and 4 CVSS Rated 9.8

There are 6 Critical, 60 Important, 2 Moderate and a single Low severity fix this month.  Microsoft Windows, Windows Components, Office and Office Components, Exchange Server, Microsoft Edge (Chromium-based), SharePoint Server, .NET and Visual Studio, Microsoft Teams and the Remote Desktop Client have all received fixes this month.

Robert Brown, Head of Customer Success for Syxsense said, “We have 4 patches that resolve vulnerabilities which have a CVSS score of more than 9 (Critical) and if you count all the individual CVSS scores together, June has a combined CVSS score of 500.2 up from 275.3 last month.”

Based on the Vendor Severity & CVSS Score, we have made a few recommendations below.  As usual we recommend our customers enter the CVE numbers below into your Patch Management solution and deploy as soon as testing is complete.

CVE-2023-29357 – Microsoft SharePoint Server Elevation of Privilege Vulnerability
An attacker who has gained access to spoofed JWT authentication tokens can use them to execute a network attack which bypasses authentication and allows them to gain access to the privileges of an authenticated user.

Note:  The vulnerability is More Likely to be Exploited

Syxscore
  • Vendor Severity: Critical
  • CVSS: 9.8
  • Weaponized: No
  • Public Aware: No
  • Countermeasure: Yes
Syxscore Risk
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged / No

 

CVE-2023-29363 – Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
When Windows message queuing service is running in a PGM Server environment, an attacker could send a specially crafted file over the network to achieve remote code execution and attempt to trigger malicious code.

  • Vendor Severity: Critical
  • CVSS: 9.8
  • Weaponized: No
  • Public Aware: No
  • Countermeasure: Yes
Syxscore Risk
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged / No

 

CVE-2023-32009 – Windows Collaborative Translation Framework Elevation of Privilege Vulnerability
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

  • Vendor Severity: Important
  • CVSS: 8.8
  • Weaponized: No
  • Public Aware: No
  • Countermeasure: No
Syxscore Risk
  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges: Low
  • User Interaction: None
  • Scope (Jump Point): Changed / Yes
Reference Description Vendor Severity CVSS Score Weaponized Publicly Aware Countermeasure Additional Details Impact Exploitability Assessment
CVE-2023-29357 Microsoft SharePoint Server Elevation of Privilege Vulnerability Critical 9.8 No No Customers who have enabled the AMSI integration feature and use Microsoft Defender across their SharePoint Server farm(s) are protected from this vulnerability. Elevation of Privilege Exploitation More Likely
CVE-2023-29363 Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability Critical 9.8 No No None The Windows message queuing service, which is a Windows component, needs to be enabled for a system to be exploitable by this vulnerability. This feature can be added via the Control Panel. Remote Code Execution Exploitation Less Likely
CVE-2023-32014 Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability Critical 9.8 No No None The Windows message queuing service, which is a Windows component, needs to be enabled for a system to be exploitable by this vulnerability. This feature can be added via the Control Panel. Remote Code Execution Exploitation Less Likely
CVE-2023-32015 Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability Critical 9.8 No No None The Windows message queuing service, which is a Windows component, needs to be enabled for a system to be exploitable by this vulnerability. This feature can be added via the Control Panel. Remote Code Execution Exploitation Less Likely
CVE-2023-29362 Remote Desktop Client Remote Code Execution Vulnerability Important 8.8 No No None Remote Code Execution Exploitation Less Likely
CVE-2023-29372 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Important 8.8 No No None Remote Code Execution Exploitation Less Likely
CVE-2023-29373 Microsoft ODBC Driver Remote Code Execution Vulnerability Important 8.8 No No None Remote Code Execution Exploitation Less Likely
CVE-2023-32009 Windows Collaborative Translation Framework Elevation of Privilege Vulnerability Important 8.8 No No None Scope: Changed
Jump Point: True		 Elevation of Privilege Exploitation Less Likely
CVE-2023-32031 Microsoft Exchange Server Remote Code Execution Vulnerability Important 8.8 No No None Remote Code Execution Exploitation More Likely
CVE-2023-33131 Microsoft Outlook Remote Code Execution Vulnerability Important 8.8 No No None Remote Code Execution Exploitation Less Likely
CVE-2023-29351 Windows Group Policy Elevation of Privilege Vulnerability Important 8.1 No No None Elevation of Privilege Exploitation Less Likely
CVE-2023-24936 .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability Moderate 8.1 No No None Elevation of Privilege Exploitation Less Likely
CVE-2023-28310 Microsoft Exchange Server Remote Code Execution Vulnerability Important 8.0 No No None Remote Code Execution Exploitation More Likely
CVE-2023-24897 .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability Critical 7.8 No No None Remote Code Execution Exploitation Less Likely
CVE-2023-24895 .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability Important 7.8 No No None Remote Code Execution Exploitation Less Likely
CVE-2023-29326 .NET Framework Remote Code Execution Vulnerability Important 7.8 No No None Remote Code Execution Exploitation Less Likely
CVE-2023-29346 NTFS Elevation of Privilege Vulnerability Important 7.8 No No None An attacker who successfully exploited this vulnerability could gain administrator privileges. Elevation of Privilege Exploitation Less Likely
CVE-2023-29358 Windows GDI Elevation of Privilege Vulnerability Important 7.8 No No None Elevation of Privilege Exploitation More Likely
CVE-2023-29359 GDI Elevation of Privilege Vulnerability Important 7.8 No No None An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Elevation of Privilege Exploitation More Likely
CVE-2023-29360 Windows TPM Device Driver Elevation of Privilege Vulnerability Important 7.8 No No None An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Elevation of Privilege Exploitation More Likely
CVE-2023-29365 Windows Media Remote Code Execution Vulnerability Important 7.8 No No None Remote Code Execution Exploitation Less Likely
CVE-2023-29366 Windows Geolocation Service Remote Code Execution Vulnerability Important 7.8 No No None Remote Code Execution Exploitation Less Likely
CVE-2023-29367 iSCSI Target WMI Provider Remote Code Execution Vulnerability Important 7.8 No No None Remote Code Execution Exploitation Less Likely
CVE-2023-29370 Windows Media Remote Code Execution Vulnerability Important 7.8 No No None Remote Code Execution Exploitation Less Likely
CVE-2023-29371 Windows GDI Elevation of Privilege Vulnerability Important 7.8 No No None An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Elevation of Privilege Exploitation More Likely
CVE-2023-32008 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Important 7.8 No No None Remote Code Execution Exploitation Less Likely
CVE-2023-32017 Microsoft PostScript Printer Driver Remote Code Execution Vulnerability Important 7.8 No No None Remote Code Execution Exploitation Less Likely
CVE-2023-32018 Windows Hello Remote Code Execution Vulnerability Important 7.8 No No None Remote Code Execution Exploitation Less Likely
CVE-2023-32029 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No None Remote Code Execution Exploitation Less Likely
CVE-2023-33137 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No None Remote Code Execution Exploitation Less Likely
CVE-2023-33146 Microsoft Office Remote Code Execution Vulnerability Important 7.8 No No None Remote Code Execution Exploitation Less Likely
CVE-2023-32022 Windows Server Service Security Feature Bypass Vulnerability Important 7.6 No No None Only AD-detached clusters are affected by this vulnerability. Security Feature Bypass Exploitation Less Likely
CVE-2023-29331 .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability Important 7.5 No No None Denial of Service Exploitation Less Likely
CVE-2023-32011 Windows iSCSI Discovery Service Denial of Service Vulnerability Important 7.5 No No None Denial of Service Exploitation Less Likely
CVE-2023-32030 .NET and Visual Studio Denial of Service Vulnerability Important 7.5 No No None Denial of Service Exploitation Less Likely
CVE-2023-33141 Yet Another Reverse Proxy (YARP) Denial of Service Vulnerability Important 7.5 No No None Denial of Service Exploitation Less Likely
CVE-2023-33126 .NET and Visual Studio Remote Code Execution Vulnerability Important 7.3 No No None Remote Code Execution Exploitation Less Likely
CVE-2023-33128 .NET and Visual Studio Remote Code Execution Vulnerability Important 7.3 No No None Remote Code Execution Exploitation Less Likely
CVE-2023-33130 Microsoft SharePoint Server Spoofing Vulnerability Important 7.3 No No None Spoofing Exploitation Less Likely
CVE-2023-33133 Microsoft Excel Remote Code Execution Vulnerability Important 7.3 No No None Remote Code Execution Exploitation Less Likely
CVE-2023-33135 .NET and Visual Studio Elevation of Privilege Vulnerability Important 7.3 No No None Elevation of Privilege Exploitation Less Likely
CVE-2023-21565 Azure DevOps Server Spoofing Vulnerability Important 7.1 No No None Spoofing Exploitation Less Likely
CVE-2023-29337 NuGet Client Remote Code Execution Vulnerability Important 7.1 No No None Remote Code Execution Exploitation Less Likely
CVE-2023-32021 Windows SMB Witness Service Security Feature Bypass Vulnerability Important 7.1 No No None Security Feature Bypass Exploitation Less Likely
CVE-2023-29361 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Important 7.0 No No None An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Elevation of Privilege Exploitation More Likely
CVE-2023-29364 Windows Authentication Elevation of Privilege Vulnerability Important 7.0 No No None An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Elevation of Privilege Exploitation Less Likely
CVE-2023-29368 Windows Filtering Platform Elevation of Privilege Vulnerability Important 7.0 No No None Elevation of Privilege Exploitation Less Likely
CVE-2023-32010 Windows Bus Filter Driver Elevation of Privilege Vulnerability Important 7.0 No No None Elevation of Privilege Exploitation Less Likely
CVE-2023-32013 Windows Hyper-V Denial of Service Vulnerability Critical 6.5 No No None Denial of Service Exploitation Less Likely
CVE-2023-24937 Windows CryptoAPI  Denial of Service Vulnerability Important 6.5 No No None Denial of Service Exploitation Less Likely
CVE-2023-24938 Windows CryptoAPI  Denial of Service Vulnerability Important 6.5 No No None Denial of Service Exploitation Less Likely
CVE-2023-29352 Windows Remote Desktop Security Feature Bypass Vulnerability Important 6.5 No No None Security Feature Bypass Exploitation Less Likely
CVE-2023-29369 Remote Procedure Call Runtime Denial of Service Vulnerability Important 6.5 No No None Denial of Service Exploitation Less Likely
CVE-2023-32032 .NET and Visual Studio Elevation of Privilege Vulnerability Important 6.5 No No None Elevation of Privilege Exploitation Less Likely
CVE-2023-33129 Microsoft SharePoint Denial of Service Vulnerability Important 6.5 No No None Denial of Service Exploitation Less Likely
CVE-2023-33140 Microsoft OneNote Spoofing Vulnerability Important 6.5 No No None Spoofing Exploitation Less Likely
CVE-2023-33142 Microsoft SharePoint Server Elevation of Privilege Vulnerability Important 6.5 No No None Elevation of Privilege Exploitation Less Likely
CVE-2023-32012 Windows Container Manager Service Elevation of Privilege Vulnerability Important 6.3 No No None Elevation of Privilege Exploitation Less Likely
CVE-2023-33132 Microsoft SharePoint Server Spoofing Vulnerability Important 6.3 No No None Spoofing Exploitation Less Likely
CVE-2023-32016 Windows Installer Information Disclosure Vulnerability Important 5.5 No No None Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. Information Disclosure Exploitation Less Likely
CVE-2023-33139 Visual Studio Information Disclosure Vulnerability Important 5.5 No No None Information Disclosure Exploitation Less Likely
CVE-2023-21569 Azure DevOps Server Spoofing Vulnerability Moderate 5.5 No No None Spoofing Exploitation Less Likely
CVE-2023-29353 Sysinternals Process Monitor for Windows Denial of Service Vulnerability Low 5.5 No No None Denial of Service Exploitation Less Likely
CVE-2023-24896 Dynamics Finance and Operations Cross-site Scripting Vulnerability Important 5.4 No No None Scope: Changed
Jump Point: True		 Spoofing Exploitation Less Likely
CVE-2023-29355 DHCP Server Service Information Disclosure Vulnerability Important 5.3 No No Customers who have not configured their DHCP server as a failover are not affected by this vulnerability. Information Disclosure Exploitation Less Likely
CVE-2023-33144 Visual Studio Code Spoofing Vulnerability Important 5.0 No No None Spoofing Exploitation Less Likely
CVE-2023-32019 Windows Kernel Information Disclosure Vulnerability Important 4.7 No No None Information Disclosure Exploitation Less Likely
CVE-2023-32020 Windows DNS Spoofing Vulnerability Important 3.7 No No None Spoofing Exploitation Less Likely
CVE-2023-32024 Microsoft Power Apps Spoofing Vulnerability Important 3.0 No No None Spoofing Exploitation Less Likely
Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
June 13, 2023
Love0
Third Party Update from Syxsense

May 2023 3rd Party Roundup Webinar

By Patch Management, Patch Tuesday, Video, Webinars

Don’t miss out on May’s powerful Patch Management Update.

Fill out the form to the right to watch as we dive into May’s bulletins and show you strategies for tackling the latest and most important Patch updates. Our IT industry expert, Jon Cassell, Syxsense’s Senior Solutions Architect, covers all of the latest updates.

Syxsense spots critical threats early and deploys instantly, with curated patch content that includes risk assessment, patch prioritization, and dedicated Patch scheduling for simple deployment every month.

Our experts have deployed over 100 million patches. Join us as we tackle this month’s updates and then get your own customized demo to see how Syxsense can help you manage Patch vulnerabilities and more.

Watch the Webinar

Jon_Cassell

Hosted By: Jon Cassell, Syxsense Senior Solutions Architect

Jon is currently a Senior Solutions Architect at Syxsense and has been working in the IT and Infrastructure industries for the last 15 years. Before working at Syxsense, he was an IT Manager for a large financial services firm and has a background in Accounting and Tax consultation. He currently holds an MCSA in Server Infrastructure, A+, Network+, Security+, and Server+ certifications.

May 30, 2023
Love0
Deploying Real Time Device Attestation and Configuration Compliance with Syxsense Cortex

May Spotlight Webinar: Vulnerability Management

By Spotlight Webinar, Video, Webinars

The Syxsense Spotlight Webinar Series is dedicated to teaching the fundamentals of cybersecurity.

In May’s class Syxsense’s Pre-Sales Manager, Graham Brooks, will demonstrate how to deploy and manage device trust using Syxsense Cortex.

Webinar on Demand

Graham Brooks

Hosted by: Graham Brooks, Syxsense Pre-Sales Manager

Graham is currently a Pre-Sales Manager at Syxsense and has been working in the IT and Security industries for the last 7 years. Before working at Syxsense he was an IT Analyst for a major DOE and DOD Security manufacturing company. He currently holds the RHCSA and Security Plus certifications.

May 16, 2023
Love0
May 2023 Patch Tuesday Updates

Microsoft Patch Tuesday Update | May 2023

By Patch Management, Patch Tuesday, Video, Webinars

Watch May’s Microsoft Patch Tuesday Forecast On Demand

Dive into this month’s bulletins and strategies for tackling the latest and most important Patch Tuesday updates.  Syxsense’s Chief Customer Success Officer, Rob Brown, covers all of the latest updates live.

Watch the Webinar

syxsense - patch management, cybersecurity, mobile device management, security scanning, remediation

Hosted by Rob Brown, Chief Customer Success Officer

During his 17 years at Syxsense, Rob’s role has evolved from onsite technical consultant through providing solutions around Patch Management, Vulnerability Management and Security Best Practices. His team have deployed over 100M patches to our global customers over the last decade.

May 10, 2023
Love0