ZDI: The July 2023 Security Update Review

Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,603
Content source
https://www.zerodayinitiative.com/blog/2023/7/10/the-july-2023-security-update-review
It’s the second Tuesday of the month, which means Adobe and Microsoft have released their latest security patches. Take a break from your regularly scheduled activities and join us as we review the details of their latest advisories. If you’d rather watch the video recap, you can check out the Patch Report webcast on our YouTube channel. It should be posted within a couple of hours after the release.
Click to expand...
Apple Patches for July 2023

Apple doesn’t conform to “Patch Tuesday,” but they started things off yesterday with an emergency patch for macOS, iOS, and iPadOS. The bug in Webkit is labeled as CVE-2023-34750. Apple notes the vulnerability has been reported to be under active attack. Apple terms these emergency patches as “Rapid Security Response (RSR)” and reserves them for the most critical components where exploitation has been detected in the wild. Apple also notes this update is causing problems rendering certain websites. You should expect an update in the near future. I would anticipate this CVE to be patched on other supported macOS versions soon as well.
Click to expand...
Adobe Patches for July 2023

For July, Adobe released two patches addressing 15 CVEs in Adobe InDesign and ColdFusion. The patch for ColdFusion is arguably more critical as it contains a CVSS 9.8-rated remote code execution bug. The bulletin also recommends reading (and implementing) the ColdFusion Lockdown guide and updating your ColdFusion JDK/JRE to the latest version of the LTS releases for JDK 17 where applicable. The fix for InDesign corrects one Critical and 11 Important rated bugs. The most sever of these could lead to code execution when opening a specially crafted file.

None of the bugs fixed by Adobe this month are listed as publicly known or under active attack at the time of release. Adobe categorizes these updates as a deployment priority rating of 3.
Click to expand...
Microsoft Patches for July 2023

This month, Microsoft released 130 new patches addressing CVES in Microsoft Windows and Windows Components; Office and Office Components; .NET and Visual Studio; Azure Active Directory and DevOps; Microsoft Dynamics; Printer Drivers; DNS Server; and Remote Desktop. One of these CVEs was reported through the ZDI program, but if you check out our upcoming page, you’ll find quite a few more awaiting resolution.

Of the new patches released today, nine are rated Critical and 121 are rated Important in severity. This volume of fixes is the highest we’ve seen in the last few years, although it’s not unusual to see Microsoft ship a large number of patches right before the Black Hat USA conference. It will be interesting to see if the August release, which comes the day before the Black Hat briefings, will also be a large release.

None of the CVEs released today are listed as being publicly known, but five(!) are listed as being under active attack at the time of release.
Click to expand...
The next Patch Tuesday will be on August 8, and we’ll return with details and patch analysis then. I’ll be blogging from Las Vegas while attending the Black Hat conference, so say hello if you see me. I like it when people say hello. Until then, stay safe, happy patching, and may all your reboots be smooth and clean!
Click to expand...
www.zerodayinitiative.com

Zero Day Initiative — The July 2023 Security Update Review

It’s the second Tuesday of the month, which means Adobe and Microsoft have released their latest security patches. Take a break from your regularly scheduled activities and join us as we review the details of their latest advisories. If you’d rather watch the video recap, you can check it out here.
www.zerodayinitiative.com www.zerodayinitiative.com
 
  • +Reputation
  • Like
  • Thanks
Reactions: Nevi, harlan4096, [correlate] and 1 other person
Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,603
Ghacks: The Windows July 2023 security updates are here and they patch critical issues
Microsoft released security updates for client and server versions of its Windows operating system today. The security updates address vulnerabilities in all supported versions of Windows and are available via Windows Update and other update management systems.

Our overview of the Microsoft Windows July 2023 Patch Day helps home users and administrators navigate the releases easily. It includes links to all released updates and support pages, download options, a list of known issues for each client version of Windows, and much more.

Microsoft revealed in one of the released advisories that "drivers certified by Microsoft’s Windows Hardware Developer Program were being used maliciously in post-exploitation activity".

You can download the following Excel spreadsheet. It lists the released security updates of the May 2023 Microsoft Patch Day. Click on the following link to download it: windows-security-updates-july-2023

Executive Summary​

  • The July 2023 release consists of a total of 130 CVEs and 2 advisories.
  • Affected products include all supported versions of Windows as well as Microsoft Office, Windows Remote Desktop, Microsoft Power Apps, Windows SmartScreen and other company products.
  • The following Windows client version have known issues: Windows 10 version 1809, Windows 10 version 21H2 and 22H2, Windows 11 version 21H2 and 22H2
  • The following Windows server versions have known issues: Windows Server 2008, Windows Server 2008 R2, Windows Server 2019 and 2022.
  • Microsoft has renamed Azure AD to Microsoft Entra ID.
Click to expand...
www.ghacks.net

The Windows July 2023 security updates are here and they patch critical issues - gHacks Tech News

Microsoft released security updates for client and server versions of its Windows operating system today on the July 2023 Patch Day.
www.ghacks.net
 
  • Like
Reactions: Nevi, silversurfer and harlan4096
Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,603
BleepingComputer: Microsoft July 2023 Patch Tuesday warns of 6 zero-days, 132 flaws
Today is Microsoft's July 2023 Patch Tuesday, with security updates for 132 flaws, including six actively exploited and thirty-seven remote code execution vulnerabilities.

While thirty-seven RCE bugs were fixed, Microsoft only rated nine as 'Critical.' However, one of the RCE flaws remains unpatched and is actively exploited in attacks seen by numerous cybersecurity firms.

The number of bugs in each vulnerability category is listed below:
  • 33 Elevation of Privilege Vulnerabilities
  • 13 Security Feature Bypass Vulnerabilities
  • 37 Remote Code Execution Vulnerabilities
  • 19 Information Disclosure Vulnerabilities
  • 22 Denial of Service Vulnerabilities
  • 7 Spoofing Vulnerabilities
Microsoft has not fixed any Microsoft Edge vulnerabilities in July at this time.

This month's Patch Tuesday fixes six zero-day vulnerabilities, with all of them exploited in attacks and one of them publicly disclosed.
Click to expand...
www.bleepingcomputer.com

Microsoft July 2023 Patch Tuesday warns of 6 zero-days, 132 flaws

Today is Microsoft's July 2023 Patch Tuesday, with security updates for 132 flaws, including six actively exploited and thirty-seven remote code execution vulnerabilities.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
  • +Reputation
Reactions: vtqhtr413, Nevi, Viking and 3 others
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • +Reputation
ZDI: The October 2023 Security Update Review
Replies
2
Views
1,288
News Archive
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Like
    • +Reputation
Security News ZDI: The March 2024 Security Update Review
Replies
1
Views
746
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Like
    • +Reputation
Security News ZDI: The December 2023 Security Update Review
Replies
1
Views
1,024
Security News
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top