Security News > 2023 > July > Microsoft July 2023 Patch Tuesday warns of 6 zero-days, 132 flaws

Today is Microsoft's July 2023 Patch Tuesday, with security updates for 132 flaws, including six actively exploited and thirty-seven remote code execution vulnerabilities.

"An attacker must have local access to the targeted machine and the user must be able to create folders and performance traces on the machine, with restricted privileges that normal users have by default," warns Microsoft.

Microsoft has released guidance on a publicly disclosed, unpatched zero-day that allows remote code execution using specially-crafted Microsoft Office documents.

"Microsoft is investigating reports of a series of remote code execution vulnerabilities impacting Windows and Office products. Microsoft is aware of targeted attacks that attempt to exploit these vulnerabilities by using specially-crafted Microsoft Office documents," explains the advisory for CVE-2023-36884.

Microsoft has fixed an actively exploited zero-day vulnerability in Microsoft Outlook that bypasses security warnings and works in the preview pane.

"The attacker would be able to bypass the Microsoft Outlook Security Notice prompt," explains Microsoft.

News URL

https://www.bleepingcomputer.com/news/microsoft/microsoft-july-2023-patch-tuesday-warns-of-6-zero-days-132-flaws/