Архив метки: SophosNakedSecurity

Традиционный аудио/видео эпизод по итогам июльского Microsoft Patch Tuesday

Традиционный аудио/видео эпизод по итогам июльского Microsoft Patch Tuesday. В этом месяце получилось и уязвимости разобрать, и доработать Vulristics. 😇 В августе буду в основном всякими образовательными инициативами заниматься. 🤫 Следите за обновлениями. 🙂

------

Hello everyone! This episode will be about Microsoft Patch Tuesday for July 2023, including vulnerabilities that were added between June and July Patch Tuesdays.

Vulristics improvements
00:11 Works faster
01:31 Microsoft ADVs
02:45 Comments Table

TOP
04:09 Remote Code Execution – Microsoft Office (CVE-2023-36884)
05:06 Security Feature Bypass – Windows SmartScreen (CVE-2023-32049)
05:48 Security Feature Bypass – Microsoft Outlook (CVE-2023-35311)
06:37 Elevation of Privilege – Windows Error Reporting Service (CVE-2023-36874)
07:16 Elevation of Privilege – Windows MSHTML Platform (CVE-2023-32046)

Other RCEs
08:10 Remote Code Execution – Windows Active Directory Certificate Services (AD CS) (CVE-2023-35350)
09:01 Remote Code Execution – Microsoft Message Queuing (CVE-2023-32057, CVE-2023-35309)
09:44 Remote Code Execution – Windows Routing and Remote Access Service (RRAS) (CVE-2023-35365, CVE-2023-35366, CVE-2023-35367)
10:24 Remote Code Execution – Windows Layer-2 Bridge Network Driver (CVE-2023-35315)
10:57 Remote Code Execution – Microsoft SharePoint (CVE-2023-33134, CVE-2023-33157, CVE-2023-33159, CVE-2023-33160)
11:42 Remote Code Execution – Windows Pragmatic General Multicast (PGM) (CVE-2023-35297)

🎞 Video
🎞 Video2 (for Russia)
📘 Blogpost
🗒 Vulristics report