Harness the Power of Microsoft’s Extensive Security Update

Share This TechTip

Let’s take a moment to discuss the exhilarating (or nerve-wracking, depending on your perspective) event that just shook the cybersecurity world: the latest Microsoft Patch Tuesday. Microsoft recently released an astounding number of 129 patches, all at once. The big question on everyone’s mind, particularly for those in the independent insurance industry, is “Which of these should we prioritize?” The answer, surprisingly, might be less about the patches themselves and more about the process.

A Wake-Up Call for Independent Insurance Agents

This is not just about applying updates. Instead, this event serves as an effective stress test for vulnerability management programs. It is a grand opportunity to gauge the agility of your security teams, and their ability to respond swiftly and decisively. The inherent urgency in addressing this torrent of updates can help uncover any holes or weaknesses in our vulnerability management process.

But why is there such a sense of urgency? These patches are all security related. Unlike some Patch Tuesdays, which deliver fixes for minor bugs or glitches, these updates have been developed specifically to address security vulnerabilities. It is imperative to apply these patches to vulnerable systems without delay.

Navigating these vast and complex waters can be daunting for independent insurance agents, who must balance risk management with operational efficiency. The emphasis here is not only on the sheer number of patches but on the value of prioritizing, strategizing, and managing the implementation process in an efficient and prompt manner.

In conclusion, this month’s Patch Tuesday can be seen as a test of your agency’s cybersecurity resilience and a chance to reinforce operations. Let’s view this as an opportunity, rather than an obstacle. It is a stress test that will not only identify gaps in vulnerability management, but also provide a chance to rectify them, making agencies more secure, resilient, and trustworthy in the long run.

What was Included in Microsoft’s Latest Patch Tuesday?

The July 2023 Microsoft vulnerabilities are classified as follows:

Vulnerability Category Quantity Severities
Spoofing Vulnerability 7 Important: 7
Denial of Service Vulnerability 22 Important: 22
Elevation of Privilege Vulnerability 33 Important: 33
Information Disclosure Vulnerability 19 Important: 19
Remote Code Execution Vulnerability 37 Critical: 8
Important: 29
Security Feature Bypass Vulnerability 13 Critical: 1
Important: 12
Priority Rank CVE ID Description Potential Impact User Interaction Required Current Solution
1 CVE-2023-36884 Office and Windows HTML Remote Code Execution Vulnerability Allows attackers to execute remote code, targeted against defense and government entities Yes Mitigation Available
2 CVE-2023-32046 Windows MSHTML Platform Elevation of Privilege Vulnerability Allows elevation of privilege in email and web-based attack scenarios Yes Patch Available
3 CVE-2023-35311 Microsoft Outlook Security Feature Bypass Vulnerability Allows attackers to bypass security prompts Yes Patch Available
4 CVE-2023-32049 Windows SmartScreen Security Feature Bypass Vulnerability Allows attackers to bypass security warnings Yes Patch Available
5 CVE-2023-36874 Windows Error Reporting Service Elevation of Privilege Vulnerability Allows attackers to gain administrator privileges Yes Patch Available
6 ADV230001 Guidance on Microsoft Signed Drivers Being Used Maliciously Exploited developer program accounts in post-exploitation activity Yes Suspended accounts
7 CVE-2023-35315 Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability Allows remote code execution on the target system Yes Patch Available
8 CVE-2023-35352 Windows Remote Desktop Security Feature Bypass Vulnerability Allows bypassing of certificate or private key authentication Yes Patch Available
9 CVE-2023-35365, CVE-2023-35366, and CVE-2023-35367 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Allows remote code execution on the server side Yes Patch Available
10 CVE-2023-33157 Microsoft SharePoint Remote Code Execution Vulnerability Allows attackers to access and alter data Yes Patch Available
11 CVE-2023-33160 Microsoft SharePoint Server Remote Code Execution Vulnerability Allows attackers to access and alter data Yes Patch Available
12 CVE-2023-32057 Microsoft Message Queuing Remote Code Execution Vulnerability Allows remote code execution on the server side Yes Patch Available
13 CVE-2023-35297 Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability Allows remote code execution on the target system No Patch Available

This table serves as a concise summary of the vulnerabilities described in the July Patch Tuesday Edition, ranking them based on their severity and potential impact. Note that the ranking could vary depending on the environment and usage scenario of different organizations. Always consider your organization’s unique context when prioritizing patching.

More TechTips To Explore

Could one of these be your next BEST tech move?

Check out our Founding, Platinum, & Premium Solution Providers.

Forgot Password?

Forgot Password?

Sorry, you'll need Full Access to see this content!

To view the rest of this guide, upgrade to Full Access starting at $17/mo.

ALERT!

Vault videos are only visible to Full Access subscribers!

Upgrade now to unlock all Catalyit content and watch this webinar on-demand.

Let's do this

 

Let's do this

Fill out the form below to get free Basic Access to Catalyit and activate your Trava account.

 

ALERT!

Solution Provider Profiles are only visible to Full Access subscribers!

Upgrade now to unlock all Catalyit content and learn more about this Solution Provider.