Patch Tuesday July 2023

Jordan Hammond fun headshot
Jordan Hammond|July 11, 2023
Illustration of broken computer with bandaid
Illustration of broken computer with bandaid

We’re at the peak of summer, so I’m sure nobody wants to look into patching their systems when they could be spending this time patching Slip ’N Slides. However, it’s time for the latest month of security patches, so let’s get past this Patch Tuesday so we can get back to what’s really important. This is one of the worst months I have seen in a few years.

  • Total exploits patched: 132

  • Critical patches: 9

  • Already known or exploited: 6

Of the 6 known or exploited, none are rated as critical — but this is not a reasonable number to have. Let’s dive into the swimming pool of lowlights and see if some are deserving of their own writeup.

Some highlights (or lowlights)

  • CVE-2023-32057: This is the first of two 9.8 rated exploits. It’s a remote code execution for Message Queuing. It requires no privileges, no user interaction, and has a remote attack vector. Message Queue has been hit a lot lately. It’s currently considered less likely to have exploits because the Service isn’t running by default. To know if your machines are at risk, see if there’s a service running named “Message Queuing” or if the machine is listening on TCP port 1801.

  • CVE-2023-35365: This is the second and final 9.8. It has all the same threat markers from the previous exploit, right down to requiring a role that is not on by default. This time it’s Routing and Remote Access Service. If you have any RRAS servers set up, this exploit should be patched immediately.

  • CVE-2023-24932: This exploit is the only one that’s publicly known AND already exploited. It looks like the first attempt to patch this was last month, which would explain how people know of it. It’s rated as a 6.2 CVSS and requires a local attack vector, as well as admin privileges. It bypasses Secure Boot. Unfortunately, patching doesn’t do a full mitigation at this time. The complete fix requires patching, updating your bootable media, and applying certain revocations. Luckily Microsoft has a guide on managing the Windows Boot Manager revocations for this exploit.

Wrapping up

Turns out that the hacking community doesn’t care that it’s a beautiful day out. They’ve taken it upon themselves to ruin your summer vibes with outright hostility. Luckily for you, there is a solution for silencing these monsters: automation. With the proper setup, you could skim my hilarious Patch Tuesday notes and then get back to sipping frozen adult beverages without needing to even look at patching. With PDQ Deploy and PDQ Inventory, patching is already done (at least if you set up your schedules right).


Jordan Hammond fun headshot
Jordan Hammond

Jordan had spent his life wondering why tasks he didn’t like to do had no options to complete themselves. Eventually he had to make that happen on his own. It turned out that he enjoyed making tasks complete themselves, and PDQ thought that is something he should talk about on the internet.

Related articles