Security News > 2023 > July > Miscreants exploit five Microsoft bugs as Windows giant addresses 130 flaws

Patch Tuesday Microsoft today addressed 130 CVE-listed vulnerabilities in its products - and five of those bugs have already been exploited in the wild.
A full list of security updates and advisories in this month's Patch Tuesday batch can be found here from the IT giant, or here from the ZDI. In summary, there are fixes for Windows, Office,.
Crucially, there is no patch yet for CVE-2023-36884, and one may be provided via an emergency update or future scheduled Patch Tuesday, we're told.
Microsoft puts out Outlook fire, says everything's fine with Teams malware flaw You've patched right? '340K+ Fortinet firewalls' wide open to critical security bug It's 2023 and memory overwrite bugs are not just a thing, they're still number one To kill BlackLotus malware, patching is a good start, but.... The other four actively exploited issues do have patches available, and are conveniently divided into two categories: software security feature bypasses, and privilege escalation issues.
Coincidentally, Apple published so-called Rapid Security Response patches a day ahead of Patch Tuesday for Webkit vulnerabilities in iOS/iPadOS and macOS. Unfortunately, those patches were a little too good at blocking web content that could cause arbitrary code execution on vulnerable devices, and today Cupertino told users they may want to uninstall the RSR if they find they're unable to view stuff on the web.
SAP published 18 security updates as part of its July batch [PDF] of patches, including a fix for a critical issue in its IS-OIL software for the oil and gas industry.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/07/11/microsoft_patch_tuesday/
Related news
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- Windows 10 KB5051974 update force installs new Microsoft Outlook app (source)
- Microsoft fixes bug causing Windows Server 2025 boot errors (source)
- Microsoft to remove the Location History feature in Windows (source)
- Microsoft testing fix for Windows 11 bug breaking SSH connections (source)
- Microsoft launches ad-supported Office apps for Windows users (source)
- Microsoft tests ad-supported Office apps for Windows users (source)
- Microsoft fixes Outlook drag-and-drop broken by Windows updates (source)
- Microsoft lifts Windows 11 update block for some AutoCAD users (source)
- Microsoft replacing Remote Desktop app with Windows App in May (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-07-11 | CVE-2023-36884 | Race Condition vulnerability in Microsoft products Windows Search Remote Code Execution Vulnerability | 0.0 |