Background / What has happened?
The Australian Signals Directorate’s Australian Cyber Security Centre (ASD's ACSC) has reviewed the Microsoft July 2023 Security Update.
- The Security Update provided patches for 132 vulnerabilities.
- 6 vulnerabilities are believed to have been exploited.
- 9 vulnerabilities are rated ‘Critical’.
The following vulnerabilities are important based on their severity, widespread use of the related product and/or likelihood of exploitation.
Office and Windows HTML RCE unpatched 0-day (CVE-2023-36884)
- A Critical rated vulnerability which allows Arbitrary Code Execution in situations where victims are convinced to open a malicious file.
- The malicious file may be of a type that the user likely considers safe, such as a word document with no macros.
- This is an actively exploited 0-day vulnerability.
- Microsoft has not yet provided a patch, and all affected users are encouraged to apply mitigations.
- Mitigations are found in the Microsoft Guidance page: (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884).
- System administrators should keep an eye out for a patch for this in future Microsoft monthly releases.
Windows Remote Desktop Authentication Bypass (CVE-2023-35352)
- A Critical rated vulnerability which allows attackers to bypass certain authentication configurations.
- Bypass certificate or private key authentication when establishing a remote desktop protocol session.
- RDP is widely used amongst organizations for remote workers, and internal systems.
Windows Message Queuing RCE (CVE-2023-32057)
- A Critical rated vulnerability which allows attackers Remote Code Execution.
- MSMQ is not enabled by default. A user can check if MSMQ is running by looking for a service called ‘Message Queuing’.
- A user can also check if TCP Port 1801 is listening on the machine.
Mitigation / How do I stay secure?
Technical subject matter experts that use Microsoft products should read the associated security update guides available for their products.
General users should consider enabling automatic patching of Microsoft products if they have not already done so. Advice is available on the Protect Yourself: Updates page.
Assistance / Where can I go for help?
Organisations or individuals that have been impacted or require assistance can contact us via 1300 CYBER1 (1300 292 371).