Microsoft in its July 2023 Patch Tuesday release addresses 6 zero-days and 132 flaws
Below is the list of the addressed vulnerabilities in the July 2023 Patch Tuesday release:
Tag | CVE ID | CVE Title | Severity |
---|---|---|---|
.NET and Visual Studio | CVE-2023-33127 | .NET and Visual Studio Elevation of Privilege Vulnerability | Important |
ASP.NET and Visual Studio | CVE-2023-33170 | ASP.NET and Visual Studio Security Feature Bypass Vulnerability | Important |
Azure Active Directory | CVE-2023-36871 | Azure Active Directory Security Feature Bypass Vulnerability | Important |
Azure Active Directory | CVE-2023-35348 | Active Directory Federation Service Security Feature Bypass Vulnerability | Important |
Microsoft Dynamics | CVE-2023-33171 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important |
Microsoft Dynamics | CVE-2023-35335 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | Important |
Microsoft Graphics Component | CVE-2023-33149 | Microsoft Office Graphics Remote Code Execution Vulnerability | Important |
Microsoft Graphics Component | CVE-2023-21756 | Windows Win32k Elevation of Privilege Vulnerability | Important |
Microsoft Media-Wiki Extensions | CVE-2023-35333 | MediaWiki PandocUpload Extension Remote Code Execution Vulnerability | Important |
Microsoft Office | CVE-2023-33148 | Microsoft Office Elevation of Privilege Vulnerability | Important |
Microsoft Office | CVE-2023-36884 | Office and Windows HTML Remote Code Execution Vulnerability | Important |
Microsoft Office | CVE-2023-33150 | Microsoft Office Security Feature Bypass Vulnerability | Important |
Microsoft Office Access | CVE-2023-33152 | Microsoft ActiveX Remote Code Execution Vulnerability | Important |
Microsoft Office Excel | CVE-2023-33158 | Microsoft Excel Remote Code Execution Vulnerability | Important |
Microsoft Office Excel | CVE-2023-33161 | Microsoft Excel Remote Code Execution Vulnerability | Important |
Microsoft Office Excel | CVE-2023-33162 | Microsoft Excel Information Disclosure Vulnerability | Important |
Microsoft Office Outlook | CVE-2023-33151 | Microsoft Outlook Spoofing Vulnerability | Important |
Microsoft Office Outlook | CVE-2023-33153 | Microsoft Outlook Remote Code Execution Vulnerability | Important |
Microsoft Office Outlook | CVE-2023-35311 | Microsoft Outlook Security Feature Bypass Vulnerability | Important |
Microsoft Office SharePoint | CVE-2023-33134 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
Microsoft Office SharePoint | CVE-2023-33160 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Critical |
Microsoft Office SharePoint | CVE-2023-33165 | Microsoft SharePoint Server Security Feature Bypass Vulnerability | Important |
Microsoft Office SharePoint | CVE-2023-33157 | Microsoft SharePoint Remote Code Execution Vulnerability | Critical |
Microsoft Office SharePoint | CVE-2023-33159 | Microsoft SharePoint Server Spoofing Vulnerability | Important |
Microsoft Power Apps | CVE-2023-32052 | Microsoft Power Apps Spoofing Vulnerability | Important |
Microsoft Printer Drivers | CVE-2023-32085 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Important |
Microsoft Printer Drivers | CVE-2023-35302 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | Important |
Microsoft Printer Drivers | CVE-2023-35296 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Important |
Microsoft Printer Drivers | CVE-2023-35324 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Important |
Microsoft Printer Drivers | CVE-2023-32040 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Important |
Microsoft Printer Drivers | CVE-2023-35306 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Important |
Microsoft Printer Drivers | CVE-2023-32039 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | Important |
Microsoft Windows Codecs Library | CVE-2023-35303 | USB Audio Class System Driver Remote Code Execution Vulnerability | Important |
Microsoft Windows Codecs Library | CVE-2023-36872 | VP9 Video Extensions Information Disclosure Vulnerability | Important |
Microsoft Windows Codecs Library | CVE-2023-32051 | Raw Image Extension Remote Code Execution Vulnerability | Important |
Mono Authenticode | CVE-2023-35373 | Mono Authenticode Validation Spoofing Vulnerability | Important |
Paint 3D | CVE-2023-35374 | Paint 3D Remote Code Execution Vulnerability | Important |
Paint 3D | CVE-2023-32047 | Paint 3D Remote Code Execution Vulnerability | Important |
Role: DNS Server | CVE-2023-35310 | Windows DNS Server Remote Code Execution Vulnerability | Important |
Role: DNS Server | CVE-2023-35346 | Windows DNS Server Remote Code Execution Vulnerability | Important |
Role: DNS Server | CVE-2023-35345 | Windows DNS Server Remote Code Execution Vulnerability | Important |
Role: DNS Server | CVE-2023-35344 | Windows DNS Server Remote Code Execution Vulnerability | Important |
Service Fabric | CVE-2023-36868 | Azure Service Fabric on Windows Information Disclosure Vulnerability | Important |
Visual Studio Code | CVE-2023-36867 | Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability | Important |
Windows Active Directory Certificate Services | CVE-2023-35351 | Windows Active Directory Certificate Services (AD CS) Remote Code Execution Vulnerability | Important |
Windows Active Directory Certificate Services | CVE-2023-35350 | Windows Active Directory Certificate Services (AD CS) Remote Code Execution Vulnerability | Important |
Windows Active Template Library | CVE-2023-32055 | Active Template Library Elevation of Privilege Vulnerability | Important |
Windows Admin Center | CVE-2023-29347 | Windows Admin Center Spoofing Vulnerability | Important |
Windows App Store | CVE-2023-35347 | Microsoft Install Service Elevation of Privilege Vulnerability | Important |
Windows Authentication Methods | CVE-2023-35329 | Windows Authentication Denial of Service Vulnerability | Important |
Windows CDP User Components | CVE-2023-35326 | Windows CDP User Components Information Disclosure Vulnerability | Important |
Windows Certificates | ADV230001 | Guidance on Microsoft Signed Drivers Being Used Maliciously | None |
Windows Clip Service | CVE-2023-35362 | Windows Clip Service Elevation of Privilege Vulnerability | Important |
Windows Cloud Files Mini Filter Driver | CVE-2023-33155 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | Important |
Windows Cluster Server | CVE-2023-32033 | Microsoft Failover Cluster Remote Code Execution Vulnerability | Important |
Windows CNG Key Isolation Service | CVE-2023-35340 | Windows CNG Key Isolation Service Elevation of Privilege Vulnerability | Important |
Windows Common Log File System Driver | CVE-2023-35299 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important |
Windows Connected User Experiences and Telemetry | CVE-2023-35320 | Connected User Experiences and Telemetry Elevation of Privilege Vulnerability | Important |
Windows Connected User Experiences and Telemetry | CVE-2023-35353 | Connected User Experiences and Telemetry Elevation of Privilege Vulnerability | Important |
Windows CryptoAPI | CVE-2023-35339 | Windows CryptoAPI Denial of Service Vulnerability | Important |
Windows Cryptographic Services | CVE-2023-33174 | Windows Cryptographic Information Disclosure Vulnerability | Important |
Windows Defender | CVE-2023-33156 | Microsoft Defender Elevation of Privilege Vulnerability | Important |
Windows Deployment Services | CVE-2023-35322 | Windows Deployment Services Remote Code Execution Vulnerability | Important |
Windows Deployment Services | CVE-2023-35321 | Windows Deployment Services Denial of Service Vulnerability | Important |
Windows EFI Partition | ADV230002 | Microsoft Guidance for Addressing Security Feature Bypass in Trend Micro EFI Modules | Important |
Windows Error Reporting | CVE-2023-36874 | Windows Error Reporting Service Elevation of Privilege Vulnerability | Important |
Windows Failover Cluster | CVE-2023-32083 | Microsoft Failover Cluster Information Disclosure Vulnerability | Important |
Windows Geolocation Service | CVE-2023-35343 | Windows Geolocation Service Remote Code Execution Vulnerability | Important |
Windows HTTP.sys | CVE-2023-32084 | HTTP.sys Denial of Service Vulnerability | Important |
Windows HTTP.sys | CVE-2023-35298 | HTTP.sys Denial of Service Vulnerability | Important |
Windows Image Acquisition | CVE-2023-35342 | Windows Image Acquisition Elevation of Privilege Vulnerability | Important |
Windows Installer | CVE-2023-32053 | Windows Installer Elevation of Privilege Vulnerability | Important |
Windows Installer | CVE-2023-32050 | Windows Installer Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2023-35304 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2023-35363 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2023-35305 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2023-35356 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2023-35357 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2023-35358 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Windows Layer 2 Tunneling Protocol | CVE-2023-32037 | Windows Layer-2 Bridge Network Driver Information Disclosure Vulnerability | Important |
Windows Layer-2 Bridge Network Driver | CVE-2023-35315 | Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability | Critical |
Windows Local Security Authority (LSA) | CVE-2023-35331 | Windows Local Security Authority (LSA) Denial of Service Vulnerability | Important |
Windows Media | CVE-2023-35341 | Microsoft DirectMusic Information Disclosure Vulnerability | Important |
Windows Message Queuing | CVE-2023-32057 | Microsoft Message Queuing Remote Code Execution Vulnerability | Critical |
Windows Message Queuing | CVE-2023-35309 | Microsoft Message Queuing Remote Code Execution Vulnerability | Important |
Windows Message Queuing | CVE-2023-32045 | Microsoft Message Queuing Denial of Service Vulnerability | Important |
Windows Message Queuing | CVE-2023-32044 | Microsoft Message Queuing Denial of Service Vulnerability | Important |
Windows MSHTML Platform | CVE-2023-32046 | Windows MSHTML Platform Elevation of Privilege Vulnerability | Important |
Windows MSHTML Platform | CVE-2023-35336 | Windows MSHTML Platform Security Feature Bypass Vulnerability | Important |
Windows MSHTML Platform | CVE-2023-35308 | Windows MSHTML Platform Security Feature Bypass Vulnerability | Important |
Windows Netlogon | CVE-2023-21526 | Windows Netlogon Information Disclosure Vulnerability | Important |
Windows Network Load Balancing | CVE-2023-33163 | Windows Network Load Balancing Remote Code Execution Vulnerability | Important |
Windows NT OS Kernel | CVE-2023-35361 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Windows NT OS Kernel | CVE-2023-35364 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Windows NT OS Kernel | CVE-2023-35360 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Windows ODBC Driver | CVE-2023-32038 | Microsoft ODBC Driver Remote Code Execution Vulnerability | Important |
Windows OLE | CVE-2023-32042 | OLE Automation Information Disclosure Vulnerability | Important |
Windows Online Certificate Status Protocol (OCSP) SnapIn | CVE-2023-35323 | Windows OLE Remote Code Execution Vulnerability | Important |
Windows Online Certificate Status Protocol (OCSP) SnapIn | CVE-2023-35313 | Windows Online Certificate Status Protocol (OCSP) SnapIn Remote Code Execution Vulnerability | Important |
Windows Partition Management Driver | CVE-2023-33154 | Windows Partition Management Driver Elevation of Privilege Vulnerability | Important |
Windows Peer Name Resolution Protocol | CVE-2023-35338 | Windows Peer Name Resolution Protocol Denial of Service Vulnerability | Important |
Windows PGM | CVE-2023-35297 | Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | Critical |
Windows Print Spooler Components | CVE-2023-35325 | Windows Print Spooler Information Disclosure Vulnerability | Important |
Windows Remote Desktop | CVE-2023-35352 | Windows Remote Desktop Security Feature Bypass Vulnerability | Critical |
Windows Remote Desktop | CVE-2023-32043 | Windows Remote Desktop Security Feature Bypass Vulnerability | Important |
Windows Remote Desktop | CVE-2023-35332 | Windows Remote Desktop Protocol Security Feature Bypass | Important |
Windows Remote Procedure Call | CVE-2023-35300 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | Important |
Windows Remote Procedure Call | CVE-2023-33168 | Remote Procedure Call Runtime Denial of Service Vulnerability | Important |
Windows Remote Procedure Call | CVE-2023-33173 | Remote Procedure Call Runtime Denial of Service Vulnerability | Important |
Windows Remote Procedure Call | CVE-2023-33172 | Remote Procedure Call Runtime Denial of Service Vulnerability | Important |
Windows Remote Procedure Call | CVE-2023-32035 | Remote Procedure Call Runtime Denial of Service Vulnerability | Important |
Windows Remote Procedure Call | CVE-2023-33166 | Remote Procedure Call Runtime Denial of Service Vulnerability | Important |
Windows Remote Procedure Call | CVE-2023-32034 | Remote Procedure Call Runtime Denial of Service Vulnerability | Important |
Windows Remote Procedure Call | CVE-2023-33167 | Remote Procedure Call Runtime Denial of Service Vulnerability | Important |
Windows Remote Procedure Call | CVE-2023-33169 | Remote Procedure Call Runtime Denial of Service Vulnerability | Important |
Windows Remote Procedure Call | CVE-2023-35318 | Remote Procedure Call Runtime Denial of Service Vulnerability | Important |
Windows Remote Procedure Call | CVE-2023-33164 | Remote Procedure Call Runtime Denial of Service Vulnerability | Important |
Windows Remote Procedure Call | CVE-2023-35319 | Remote Procedure Call Runtime Denial of Service Vulnerability | Important |
Windows Remote Procedure Call | CVE-2023-35316 | Remote Procedure Call Runtime Information Disclosure Vulnerability | Important |
Windows Remote Procedure Call | CVE-2023-35314 | Remote Procedure Call Runtime Denial of Service Vulnerability | Important |
Windows Routing and Remote Access Service (RRAS) | CVE-2023-35367 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Critical |
Windows Routing and Remote Access Service (RRAS) | CVE-2023-35366 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Critical |
Windows Routing and Remote Access Service (RRAS) | CVE-2023-35365 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Critical |
Windows Server Update Service | CVE-2023-35317 | Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability | Important |
Windows Server Update Service | CVE-2023-32056 | Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability | Important |
Windows SmartScreen | CVE-2023-32049 | Windows SmartScreen Security Feature Bypass Vulnerability | Important |
Windows SPNEGO Extended Negotiation | CVE-2023-35330 | Windows Extended Negotiation Denial of Service Vulnerability | Important |
Windows Transaction Manager | CVE-2023-35328 | Windows Transaction Manager Elevation of Privilege Vulnerability | Important |
Windows Update Orchestrator Service | CVE-2023-32041 | Windows Update Orchestrator Service Information Disclosure Vulnerability | Important |
Windows VOLSNAP.SYS | CVE-2023-35312 | Microsoft VOLSNAP.SYS Elevation of Privilege Vulnerability | Important |
Windows Volume Shadow Copy | CVE-2023-32054 | Volume Shadow Copy Elevation of Privilege Vulnerability | Important |
Windows Win32K | CVE-2023-35337 | Win32k Elevation of Privilege Vulnerability | Important |
Important Links and References:
https://msrc.microsoft.com/update-guide/releaseNote/2023-Jul
About Author:
Suman Tiwari is a Cyber Security Professional by Profession and photographer by passion.
His Linkedin profile can be visited here for more details.