Microsoft has released critical security updates addressing multiple vulnerabilities including remote code execution flaws in Windows and Office products.
Critical Security Update Guide - Microsoft
Microsoft has released security updates addressing 83 vulnerabilities across its product line, including 12 critical vulnerabilities that could allow remote code execution.
Affected Products
The updates affect multiple Microsoft products:
- Windows 10 and Windows 11
- Windows Server 2019, 2022, and Azure editions
- Microsoft Office and Office 365
- Microsoft Edge
- .NET Framework
Critical Vulnerabilities
CVE-2023-23397 (CVSS 9.8)
A critical remote code execution vulnerability in Microsoft Outlook allows attackers to execute code when a user opens a specially crafted email. This vulnerability is being actively exploited in the wild.
CVE-2023-23398 (CVSS 8.8)
Another critical flaw in Microsoft Word could allow remote code execution when a user opens a specially crafted document.
CVE-2023-23401 (CVSS 9.3)
A Windows elevation of privilege vulnerability that could allow an attacker to gain system privileges.
Mitigation Steps
- Install updates immediately - All affected products should be updated as soon as possible.
- Enable automatic updates - Configure systems to automatically install security updates.
- Deploy additional controls - Implement application whitelisting and exploit mitigation technologies.
- Train users - Educate users about phishing attempts and suspicious attachments.
Timeline
- Release date: July 11, 2023
- Next security update: August 8, 2023
- Exploitation status: CVE-2023-23397 is being actively exploited in attacks
Additional Resources
Organizations should prioritize deploying updates for Outlook and Office applications immediately due to active exploitation of CVE-2023-23397.
Comments
Please log in or register to join the discussion