Patch Tuesday July 2023 – Microsoft Publishes Bug Fixes for 142 Vulnerabilities – Source: heimdalsecurity.com

The second month of summer comes a-calling with a hefty list of bug fixes; throughout July, Microsoft has released no lesst than 142 patches for various types of vulnerabilities, with scores ranging from Important to Critical. Without further ado, here’s what Patch Tuesday July has in stock for us. Enjoy and don’t forget to subscribe to Heimdal®’s newsletter.

Patch Tuesday July 2023 – Highlights

We’ll kick off July’s fix list with CVE-2023-35373; classified as a Mono Authenticode Validation spoofing vulnerability, this defect can potentially allow a threat actor to execute arbitrary code or perform various actions on the victim’s machine via packet spoofing by leveraging a flawed Mono component. The vulnerability has received an official Microsoft fix.

Next on the list is CVE-2023-35305, a Windows Kernel Elevation of Privilege vulnerability. If abused, this defect could grant the threat actor SYSTEM-level privileges. The vulnerability, which previously received a CVSS 3.1.7.8 score of 6.8 (i.e., computed Max Severity Score = “Important”) was fixed during July’s patching bout.

Up next is CVE-2023-35302, a Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution vulnerability. With a CVSS 3.1.7.8 score of 7.7, this defect allows an attacker to remotely execute arbitrary code on the target machine by abusing some defective components associated with PostScript and the PCL6 Class Printer Driver. An official Microsoft patch was made available, alongside several workaround should the patching process fail. The workarounds can be found below.

Method 1: Terminate the Print Spooler Service.

First, determine if the Print Spooler service is running on the machine. To do that, start a Windows PowerShell session (i.e., with administrator rights) and type in the following command: Get-Service -Name Spooler.

To disable the service, type in Stop-Service -Name Spooler – Force, followed by Set-Service -Name Spooler -StartupType Disabled.

Method 2: Using Group Policy to terminate the inbound remote printing service.

Use the method above to determine if the Print Spooler service is running. Consequently, go to Group Policy and access the “Printers” section. You will find under Administrative Templates in the Computer Configuration menu. Scroll down and disable the option “Allows Print Spooler to access client connections.” Don’t forget to restart the Print Spooler service. Otherwise the changes won’t take effect.

Please note that both workarounds can impact printing operations. For instance, after terminating the Print Spooler Service (i.e., method 1), you will no longer be able to print documents remotely or locally. On the other hand, method 2 (i.e. disabling the inbound remote printing service via Group Policy) will disable the server printer service, but local printing will still be available (i.e., only works for directly attacked devices).

The full list of released patches can be reviewed below.

Additional Patch & Vulnerability Management Tips

This wraps up the July edition Heimdal®’s Patch Tuesday updates. Since no patching article should be without tips, tricks, and everything in between, here are a couple of things you can try out to shore up your defenses and up your vulnerability management game.

Revert to previous builds

Patching is a trial-and-error process, which means something’s bound to happen at any point in time (e.g., unexpected patch failure, connectivity issues, no mobile control, insufficient privileges, failure to meet regulatory compliance standards, etc.). Ensure that your backups are viable in case you to revert the app(s) to a previous version and/or build.

Vulnerability scanning

Don’t forget to work up a functional vulnerability scanning schedule. The best practice dictates that scanning should occur at least once per month. Don’t forget about documenting your findings.

Automatic patching

Smaller organizations tend to rely on manual patching in order to deploy all relevant improvement-carrying packages. However, things tend to change a bit when you’re in the shoes of an IT admin catering to the needs of hundreds of users. The best way around this issue is, of course, automatic patching.

If configured correctly, an automatic patching solution can ensure timely (and correct) deployment and a low risk of incompatibility. Heimdal®’s Patch & Asset Management can aid you in quickly distributing your patches, regardless if they are OS-specific, 3rd party, proprietary, or UX/UI-oriented.

Back to the drawing board

If you’re managing a team, consider drafting up a list of patching protocols. Include dates, times, Operating Systems, tests, and everything you can think of. Don’t forget to scribble down any modifications made to the software.

Conclusion

This concludes the July edition of Heimdal®’s Patch Tuesday series. Hope you’ve enjoyed it. As always, stay safe, patch your heart out, and keep away from suspicious websites.

If you liked this article, follow us on LinkedIn, Twitter, Facebook, and YouTube for more cybersecurity news and topics.