Advisory 33

Impact: High

TLP Rating: Clear

CERT Vanuatu (CERTVU) and the Office of the Chief Information Officer (OGCIO) provide the following advisory.


Microsoft has addressed 130 vulnerability and provide instructions to fully resolve several bugs. IT administrators and personnels are required apply necessary patches and updates for these vulnerabilities.

What is it?

What is it? Five new Zero-days Patch has been released for July including 1 zero-days CVE addressed in May 2023.

Technical Details of the vulnerabilities

  1. CVE-2023-24932 – Secure boot security bypass vulnerability. It is rated important for Windows Servers and desktop systems.
  2. CVE-2023-35311 – Security feature bypass vulnerability. An attacker could target a user through spear phishing with a specially crafted URL link and send via email. Once the Users clicks on the click on the link, the vulnerability is exploited.
  3. CVE-2023-36884 – Rated important for windows Server, desktop and Microsoft Office applications. The exploit is triggered when a user opens a Microsoft Office document crafted by an attacker.
  4. CVE-2023-36874 – Rated important for Server systems and desktop machines. An attacker needs local access to the target machine with permission to create folders and create perform traces of exploits to gain administrative privileges.
  5. CVE-2023-32046 – Rated imported for Server systems and desktop machines. The attacker can target specific user with a specially constructed file sent in an email or hosted on a website. If successful, the attacker gains the right of the user.

References

  1. https://www.techtarget.com/searchwindowsserver/news/366544377/Microsoft-repairs-5-zero-days-for-July-Patch-Tuesday
  2. https://nvd.nist.gov/vuln/detail/CVE-2023-24932
  3. https://nvd.nist.gov/vuln/detail/CVE-2023-32046
  4. https://nvd.nist.gov/vuln/detail/CVE-2023-35311