2023-07-12
Microsoft’s Patch Tuesday for July
On Tuesday, July 11, Microsoft released updates to address more than 130 security issues for its products including Windows, Office, .NET and Visual Studio, Azure Active Directory and DevOps, Dynamics, printer drivers, Microsoft DNS Server, and Remote Desktop. Of those vulnerabilities, nine are rated critical, and several are being actively exploited.
Editor's Note
Nine of the updates are rated as critical, six of which are being actively exploited in the wild. Realistically, it's long past cherry-picking which updates to apply. Focus instead on rapid deployment to commodity systems and regression testing for mission impact systems, reserving a small interval for patches which are pulled back or updated.
Lee Neely
I am somewhat alarmed by the number of patches this month and the breadth of how many products. There are a lot of RCEs in this one, and one is related to Azure AD, which is interesting. How much testing is this going to require? I’ll leave it at that; we are not writing less code. More code, more likelihood of bugs.
Moses Frost
Back in 2021, there were several months where Microsoft had to release patches for over 100 security issues. While it would be great to see a long-term trend of fewer flaws in production software, we really are not yet near hitting the knee in that curve – as evidenced by the number of times browsers update themselves, how frequently cloud services are updated, and all the vulnerabilities being found now in security products. Just like fleet owners have to forever budget and plan for maintenance, repair and down time, the same is going to be true for software for a long time to come.
John Pescatore
An above average patch Tuesday for Microsoft. If you haven’t done so already, prioritize patching of the actively exploited vulnerabilities first, followed by the remainder of the critical vulnerabilities. As always, review Microsoft advisories for additional mitigation details.
Curtis Dukes
The number of patches per unit time is a useful measure of software quality. It is also a measure of the developer's ability to find vulnerabilities. One would expect the number to go down over time. It is not. Moreover, patching is a very expensive way to achieve quality. We are doing something wrong.
William Hugh Murray
Read more in
ISC SANS: July 2023 Microsoft Patch Update
The Register: Miscreants exploit five Microsoft bugs as Windows giant addresses 130 flaws
SC Magazine: Microsoft patches 4 actively exploited zero-day bugs, working on a 5th
Ars Technica: Hackers exploit gaping Windows loophole to give their malware kernel access
Krebs on Security: Apple & Microsoft Patch Tuesday, July 2023 Edition
Dark Reading: Microsoft Discloses 5 Zero-Days in Voluminous July Security Update
Microsoft: Updates this Month