On this recent Patch Tuesday, Microsoft released a significant number of security patches for July 2023. With more than 100 vulnerabilities addressed, including four zero-day exploits, it is crucial to take immediate action to safeguard your system.
Tackling Zero-Day Security Holes: A Closer Look
Among the patched vulnerabilities, it is essential to highlight the four zero-day exploits addressed this month. Two of these exploits, namely CVE-2023-32049 and CVE-2023-35311, are security bypass vulnerabilities. Exploiting these bugs allows cybercriminals to evade security protections, presenting you with malicious web URLs or email content without triggering the usual warning prompts.
Although these exploits are not as severe as remote code execution (RCE) vulnerabilities, they remain highly valuable to attackers. By bypassing established security warnings, criminals can manipulate even well-informed users into making costly mistakes.
Addressing Elevation of Privilege Exploits
In addition to the security bypass exploits, Microsoft’s patches also include fixes for two elevation of privilege (EoP) vulnerabilities. EoP exploits enable intruders already present in your network to elevate their privileges, granting them access to sensitive areas and potentially causing significant damage.
Microsoft Advisory: Malicious Use of Signed Drivers
One significant aspect addressed in ADV230001, Microsoft’s advisory, is the issue of malicious use of signed drivers. Sophos researchers discovered a concerning trend involving rogue Windows kernel drivers. While kernel drivers provide essential functionality, they can also empower malware creators and cybercriminals to carry out subversive activities, such as bypassing security measures and remaining undetected.
Rootkits and Kernel-Level Malware: A Persistent Threat
The misuse of kernel drivers, often referred to as rootkits, has been an ongoing security concern. These malicious tools operate at the deepest levels of the operating system, enabling unauthorized access, subversion of security measures, and data manipulation. Despite Microsoft’s efforts to mitigate this threat, last year’s discoveries uncovered a notable number of kernel-level malware, including drivers signed by Microsoft itself.
Microsoft’s Clampdown on Rogue Drivers: Past and Present
In response to the proliferation of rootkits, Microsoft began imposing stricter controls on kernel drivers, starting with Windows Vista. The current system requires all kernel drivers to undergo a thorough review and digital signing by Microsoft. However, SophosLabs’ findings last year revealed a disconcerting number of rogue drivers, including 100 signed by Microsoft. These drivers aimed to undermine security software and intrude on the operating system, compromising data integrity.
Take Action: Ensuring Your System’s Security
Considering the criticality of these patches, it is vital to prioritize their installation without delay. If you manage your computer, navigate to Settings > Windows Update > Check for updates to verify if you are up-to-date. Remember that the updates will only take effect after rebooting your system, so it is advisable to do so promptly.
Dimitris is an Information Technology and Cybersecurity professional with more than 20 years of experience in designing, building and maintaining efficient and secure IT infrastructures.
Among others, he is a certified: CISSP, CISA, CISM, ITIL, COBIT and PRINCE2, but his wide set of knowledge and technical management capabilities go beyond these certifications. He likes acquiring new skills on penetration testing, cloud technologies, virtualization, network security, IoT and many more.