Security News > 2023 > July > Miscreants exploit five Microsoft bugs as Windows giant addresses 130 flaws

Patch Tuesday Microsoft today addressed 130 CVE-listed vulnerabilities in its products - and five of those bugs have already been exploited in the wild.

A full list of security updates and advisories in this month's Patch Tuesday batch can be found here from the IT giant, or here from the ZDI. In summary, there are fixes for Windows, Office,.

Crucially, there is no patch yet for CVE-2023-36884, and one may be provided via an emergency update or future scheduled Patch Tuesday, we're told.

Microsoft puts out Outlook fire, says everything's fine with Teams malware flaw You've patched right? '340K+ Fortinet firewalls' wide open to critical security bug It's 2023 and memory overwrite bugs are not just a thing, they're still number one To kill BlackLotus malware, patching is a good start, but.... The other four actively exploited issues do have patches available, and are conveniently divided into two categories: software security feature bypasses, and privilege escalation issues.

Coincidentally, Apple published so-called Rapid Security Response patches a day ahead of Patch Tuesday for Webkit vulnerabilities in iOS/iPadOS and macOS. Unfortunately, those patches were a little too good at blocking web content that could cause arbitrary code execution on vulnerable devices, and today Cupertino told users they may want to uninstall the RSR if they find they're unable to view stuff on the web.

SAP published 18 security updates as part of its July batch [PDF] of patches, including a fix for a critical issue in its IS-OIL software for the oil and gas industry.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/07/11/microsoft_patch_tuesday/