CVE-2023-36874
published 2023-07-11CVE-2023-36874: Windows Error Reporting Service Elevation of Privilege Vulnerability
PriorityP183high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2023-08-01
Exploited in the wild
EPSS
32.31%
98.1th percentile
Windows Error Reporting Service Elevation of Privilege Vulnerability
Affected
41 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10_1507 | < 10.0.10240.20048 | 10.0.10240.20048 |
| microsoft | windows_10_1607 | < 10.0.14393.6085 | 10.0.14393.6085 |
| microsoft | windows_10_1809 | < 10.0.17763.4645 | 10.0.17763.4645 |
| microsoft | windows_10_21h2 | < 10.0.19041.3208 | 10.0.19041.3208 |
| microsoft | windows_10_22h2 | < 10.0.19045.3208 | 10.0.19045.3208 |
| microsoft | windows_10_version_1507 | >= 10.0.10240.0 < 10.0.10240.20048 | 10.0.10240.20048 |
| microsoft | windows_10_version_1607 | >= 10.0.14393.0 < 10.0.14393.6085 | 10.0.14393.6085 |
| microsoft | windows_10_version_1809 | >= 10.0.0 < 10.0.17763.4645 | 10.0.17763.4645 |
| microsoft | windows_10_version_1809 | >= 10.0.17763.0 < 10.0.17763.4645 | 10.0.17763.4645 |
| microsoft | windows_10_version_21h2 | >= 10.0.19043.0 < 10.0.19044.3208 | 10.0.19044.3208 |
| microsoft | windows_10_version_22h2 | >= 10.0.19045.0 < 10.0.19045.3208 | 10.0.19045.3208 |
| microsoft | windows_11_21h2 | < 10.0.22000.2176 | 10.0.22000.2176 |
| microsoft | windows_11_22h2 | < 10.0.22621.1992 | 10.0.22621.1992 |
| microsoft | windows_11_version_21h2 | >= 10.0.0 < 10.0.22000.2176 | 10.0.22000.2176 |
| microsoft | windows_11_version_22h2 | >= 10.0.22621.0 < 10.0.22621.1992 | 10.0.22621.1992 |
| microsoft | windows_server_2008 | — | — |
| microsoft | windows_server_2008_r2_service_pack_1 | >= 6.1.7601.0 < 6.1.7601.26623 | 6.1.7601.26623 |
| microsoft | windows_server_2008_service_pack_2 | >= 6.0.6003.0 < 6.0.6003.22175 | 6.0.6003.22175 |
| microsoft | windows_server_2012 | — | — |
| microsoft | windows_server_2012 | >= 6.2.9200.0 < 6.2.9200.24374 | 6.2.9200.24374 |
| microsoft | windows_server_2012_r2 | >= 6.3.9600.0 < 6.3.9600.21063 | 6.3.9600.21063 |
| microsoft | windows_server_2016 | < 10.0.14393.6085 | 10.0.14393.6085 |
| microsoft | windows_server_2016 | >= 10.0.14393.0 < 10.0.14393.6085 | 10.0.14393.6085 |
| microsoft | windows_server_2019 | < 10.0.17763.4645 | 10.0.17763.4645 |
| microsoft | windows_server_2019 | >= 10.0.17763.0 < 10.0.17763.4645 | 10.0.17763.4645 |
Detection & IOCsextracted from sources · hover to see the quote
- →Hunt for child processes spawned by Microsoft Office applications on Windows — a key behavioral indicator of exploitation chaining CVE-2023-36884 with related zero-days. ↗
- →Detect exploit activity by looking for a fake/attacker-controlled wermgr.exe placed under C:\Users\public\test\Windows\System32\ — a non-standard path used by the exploit kit to achieve privilege escalation via WER symbolic link abuse. ↗
- →Monitor for NtCreateSymbolicLink calls that remap \??\C: to a user-controlled path such as \GLOBAL??\C:\Users\Public\Test — this is the core privilege escalation primitive used in the CVE-2023-36874 exploit. ↗
- →Alert on WER report submission (IWerReport->SubmitReport) that references report archives located under user-writable paths (e.g., C:\Users\Public\) rather than the canonical C:\ProgramData\Microsoft\Windows\WER\ReportArchive\. ↗
- →Exploit kit binaries were delivered via RDP from an unmanaged host; monitor for unusual binary drops followed by WER-related process activity originating from RDP sessions. ↗
- →The exploit kit spawns cmd.exe and powershell_ise.exe as part of its execution chain; alert on these processes when parented by WER-related processes. ↗
- ·The exploit fails if the current user is a local administrator, because Windows will attempt impersonation and the privilege escalation path breaks. This exploit specifically targets non-admin users. ↗
- ·Some exploit kit binaries are packed; static hash-based detection alone may miss packed variants. Behavioral detection of the WER symbolic link abuse is more reliable. ↗
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vulncheck7.8HIGH
cisa7.8HIGH
vendor_msrc7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Windows Error Reporting Service Elevation of Privilege Vulnerability
vendor_msrc·2023-07-11·CVSS 7.8
CVE-2023-36874 [HIGH] CWE-59 Windows Error Reporting Service Elevation of Privilege Vulnerability
Windows Error Reporting Service Elevation of Privilege Vulnerability
FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability?
An attacker who successfully exploited this vulnerability could gain administrator privileges.
FAQ: According to the CVSS metrics, the attack vector is local (AV:L) and privilege required is low (PR:L). What does that mean for this vulnerability?
An attacker must have local access to the targeted machine and must be able to create folders and performance traces on the machine, with restricted privileges that normal users have by default.
Windows Error Reporting: Windows Error Reporting
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Elevation of Privilege
Exploit Status: Publicly Disclosed:No;Exploited:Yes;L
CISA
Microsoft Windows Error Reporting Service Privilege Escalation Vulnerability
cisa·2023-07-11·CVSS 7.8
CVE-2023-36874 [HIGH] CWE-59 Microsoft Windows Error Reporting Service Privilege Escalation Vulnerability
Vulnerability: Microsoft Windows Error Reporting Service Privilege Escalation Vulnerability
Affected: Microsoft Windows
Microsoft Windows Error Reporting Service contains an unspecified vulnerability that allows for privilege escalation.
Required Action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.
Notes: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-36874; https://nvd.nist.gov/vuln/detail/CVE-2023-36874
Remediation Due Date: 2023-08-01
GHSA
GHSA-j95h-qvx8-jp23: Windows Error Reporting Service Elevation of Privilege Vulnerability
ghsa_unreviewed·2023-07-11
CVE-2023-36874 [HIGH] CWE-59 GHSA-j95h-qvx8-jp23: Windows Error Reporting Service Elevation of Privilege Vulnerability
Windows Error Reporting Service Elevation of Privilege Vulnerability
VulnCheck
Microsoft Windows Error Reporting Service Privilege Escalation Vulnerability
vulncheck·2023·CVSS 7.8
CVE-2023-36874 [HIGH] CWE-59 Microsoft Windows Error Reporting Service Privilege Escalation Vulnerability
Microsoft Windows Error Reporting Service Privilege Escalation Vulnerability
Microsoft Windows Error Reporting Service contains an unspecified vulnerability that allows for privilege escalation.
Affected: Microsoft Windows
Required Action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.
Exploitation References: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://api.msrc.microsoft.com/cvrf/v3.0/cvrf/2023-Jul; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://www.crowdstrike.com/blog/falcon-complete-zero-day-exploit-cve-2023-36874/; https://ti.qianxin.com/uploads/2024/02/02/dcc93e586f9028c68e7ab34c3326ff31.pdf; https://bi.zone/upload/for_download/T
No detection rules found.
Tenable
Inside the customer environment: Where threat actors, vulnerabilities, and exposed assets intersect
blogs_tenable·2026-05-27
CVE-2023-4966 Inside the customer environment: Where threat actors, vulnerabilities, and exposed assets intersect
## Exposure Management
## Explore By Use Case
## Explore By Industry
## Tenable is the one clear leader in Exposure Management
## Exposure management
resource center
## Accelerate your exposure management strategy with practical resources and tools.
## Explore By Use Case
## Explore By Industry
## Tenable is the one clear leader in Exposure Management
## Exposure management
resource center
## Accelerate your exposure management strategy with practical resources and tools.
## Inside the customer environment: Where threat actors, vulnerabilities, and exposed assets intersect
Tenable Research has developed a graph-based model linking 600+ threat groups to real-world customer exposures. It reveals which vulnerabilities sit at the intersection of severity, active exploit
Greynoiseio
GreyNoise Detects Active Exploitation of CVEs Mentioned in Black Basta’s Leaked Chat Logs
blogs_greynoiseio·2025-02-26·CVSS 9.8
[CRITICAL] GreyNoise Detects Active Exploitation of CVEs Mentioned in Black Basta’s Leaked Chat Logs
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
Qualys
Defense Lessons From the Black Basta Ransomware Playbook
blogs_qualys·2025-02-25
Defense Lessons From the Black Basta Ransomware Playbook
## Table of Contents
Know Your Enemys Playbook
Attackers Move Fast
How Qualys Can Help
The cybersecurity world was rocked last week by a massive leak of Black Basta’s internal communications that emerged from the group’s chat logs. Triggered by internal conflicts and a retaliatory data dump following attacks on Russian banks, the exposed records offer a rare glimpse into Black Basta’s tactics, operations, and leadership.
We’ve analyzed these newly unveiled tactics, and in this blog, we equip security teams with clear, actionable insights. We aim to highlight the key lessons learned—like immediate patching, tighter access controls, and rapid incident response—and provide an urgent call to action. This practical guide aims to help organizations strengthen their defenses against evolving
Qualys
Defense Lessons From the Black Basta Ransomware Playbook | Qualys
blogs_qualys·2025-02-25
Defense Lessons From the Black Basta Ransomware Playbook | Qualys
#### Table of Contents
- Know Your Enemys Playbook
- Attackers Move Fast
- How Qualys Can Help
The cybersecurity world was rocked last week by a massive leak of Black Basta’s internal communications that emerged from the group’s chat logs. Triggered by internal conflicts and a retaliatory data dump following attacks on Russian banks, the exposed records offer a rare glimpse into Black Basta’s tactics, operations, and leadership.
We’ve analyzed these newly unveiled tactics, and in this blog, we equip security teams with clear, actionable insights. We aim to highlight the key lessons learned—like immediate patching, tighter access controls, and rapid incident response—and provide an urgent call to action. This practical guide aims to help organizations strengthen their defenses against ev
Securelist
Exploits and vulnerabilities in Q3 2024
blogs_securelist·2024-12-06·CVSS 8.1
CVE-2024-47177 [HIGH] Exploits and vulnerabilities in Q3 2024
Table of Contents
Statistics on registered vulnerabilities
Exploitation statistics
Windows and Linux vulnerability exploitation
Most prevalent exploits
Vulnerability exploitation in APT attacks
Interesting vulnerabilities
CVE-2024-47177 (CUPS filters)
CVE-2024-38112 (MSHTML Spoofing)
CVE-2024-6387 (regreSSHion)
CVE-2024-3183 (Free IPA)
CVE-2024-45519 (Zimbra)
CVE-2024-5290 (Ubuntu wpa_supplicant)
Conclusion and advice
Authors
Alexander Kolesnikov
Q3 2024 saw multiple vulnerabilities discovered in Windows and Linux subsystems that are not standard for cyberattacks. This is because operating system developers have been releasing new security mitigations for whole sets of vulnerabilities in commonly used subsystems. For example, a log integrity check is set to appear in the Co
Securelist
Analyzing the vulnerability landscape in Q3 2024
blogs_securelist·2024-12-06·CVSS 8.1
CVE-2024-47177 [HIGH] Analyzing the vulnerability landscape in Q3 2024
Table of Contents
- Statistics on registered vulnerabilities
- Exploitation statistics
- Vulnerability exploitation in APT attacks
- Interesting vulnerabilities
- CVE-2024-47177 (CUPS filters)
- CVE-2024-38112 (MSHTML Spoofing)
- CVE-2024-6387 (regreSSHion)
- CVE-2024-3183 (Free IPA)
- CVE-2024-45519 (Zimbra)
- CVE-2024-5290 (Ubuntu wpa_supplicant)
- Conclusion and advice
Authors
- Alexander Kolesnikov
Q3 2024 saw multiple vulnerabilities discovered in Windows and Linux subsystems that are not standard for cyberattacks. This is because operating system developers have been releasing new security mitigations for whole sets of vulnerabilities in commonly used subsystems. For example, a log integrity check is set to appear in the Common Log Filing System (CLFS) in Windows, so the number
Securelist
Exploits and vulnerabilities in Q1 2024
blogs_securelist·2024-05-07·CVSS 7.8
CVE-2024-3094 [HIGH] Exploits and vulnerabilities in Q1 2024
Table of Contents
Statistics on registered vulnerabilities
Exploitation statistics
Windows and Linux vulnerability exploitation
Public exploit statistics
Most prevalent exploits
Vulnerability exploitation in APT attacks
Notable Q1 2024 vulnerabilities
CVE-2024-3094 (XZ)
CVE-2024-20656 (Visual Studio)
CVE-2024-21626 (runc)
CVE-2024-1708 (ScreenConnect)
CVE-2024-21412 (Windows Defender)
CVE-2024-27198 (TeamCity)
CVE-2023-38831 (WinRAR)
Conclusions and advice
Authors
Alexander Kolesnikov
Vitaly Morgunov
We at Kaspersky continuously monitor the evolving cyberthreat landscape to ensure we respond promptly to emerging threats, equipping our products with detection logic and technology. Software vulnerabilities that threat actors can exploit or are already actively exploiting a
Securelist
Analyzing the vulnerability landscape in Q1 2024
blogs_securelist·2024-05-07
Analyzing the vulnerability landscape in Q1 2024
Table of Contents
- Statistics on registered vulnerabilities
- Exploitation statistics
- Vulnerability exploitation in APT attacks
- Notable Q1 2024 vulnerabilities
- Conclusions and advice
Authors
- Alexander Kolesnikov
- Vitaly Morgunov
We at Kaspersky continuously monitor the evolving cyberthreat landscape to ensure we respond promptly to emerging threats, equipping our products with detection logic and technology. Software vulnerabilities that threat actors can exploit or are already actively exploiting are a critical component of that landscape. In this report, we present a series of insightful statistical and analytical snapshots relating to the trends in the emergence of new vulnerabilities and exploits, as well as the most prevalent vulnerabilities being used by attackers. Add
Securelist
A patched Windows attack surface is still exploitable
blogs_securelist·2024-03-14·CVSS 7.8
CVE-2022-22047 [HIGH] A patched Windows attack surface is still exploitable
Table of Contents
CSRSS | CVE-2022-22047
CSRSS | CVE-2022-37989
Print Spooler | CVE-2022-29104
Print Spooler | CVE-2022-41073
Windows Error Reporting | CVE-2023-36874
File History Service | CVE-2023-35359
Windows Error Reporting – 2nd exploit | CVE-2023-35359
BITS | CVE-2023-35359
How was the patch for this attack surface applied?
How to check if a vulnerability was exploited or any attempts were made to exploit it?
Authors
Elsayed Elrefaei
Ashraf Refaat
Kaspersky GERT
On August 8, 2023, Microsoft finally released a kernel patch for a class of vulnerabilities affecting Microsoft Windows since 2015 . The vulnerabilities lead to elevation of privilege (EoP), which allows an account with user rights to gain SYSTEM privileges on a vulnerable host. The root cause of this attack s
Securelist
A patched Windows attack surface is still exploitable
blogs_securelist·2024-03-14·CVSS 7.8
CVE-2022-22047 [HIGH] A patched Windows attack surface is still exploitable
Table of Contents
- CSRSS | CVE-2022-22047
- CSRSS | CVE-2022-37989
- Print Spooler | CVE-2022-29104
- Print Spooler | CVE-2022-41073
- Windows Error Reporting | CVE-2023-36874
- File History Service | CVE-2023-35359
- Windows Error Reporting – 2nd exploit | CVE-2023-35359
- BITS | CVE-2023-35359
- How was the patch for this attack surface applied?
- How to check if a vulnerability was exploited or any attempts were made to exploit it?
Authors
- Elsayed Elrefaei
- Ashraf Refaat
- Kaspersky GERT
On August 8, 2023, Microsoft finally released a kernel patch for a class of vulnerabilities affecting Microsoft Windows since 2015. The vulnerabilities lead to elevation of privilege (EoP), which allows an account with user rights to gain SYSTEM privileges on a vulnerable host. The root cause o
Wiz
Crying Out Cloud - July Newsletter | Wiz
blogs_wiz·2023-08-01·CVSS 4.3
CVE-2023-2640 [MEDIUM] Crying Out Cloud - July Newsletter | Wiz
Welcome back! In this edition, we bring you the latest in cloud security – crucial vulnerabilities, exclusive data, and noteworthy incidents. Stay informed and stay secure. Let's delve in.
Here are our cloud security highlights for July!
## ✨ Highlights
## GameOver (lay): local privilege escalation vulnerabilities in Ubuntu Linux
Wiz Research discovered CVE-2023-2640 and CVE-2023-32629, two easy-to-exploit privilege escalation vulnerabilities in the OverlayFS module in Ubuntu affecting 40% of Ubuntu cloud workloads.
CVE-2023-2640 and CVE-2023-32629 were found in the OverlayFS module in Ubuntu, which is a widely used Linux filesystem that became highly popular with the rise of containers as its features enable the deployment of dynamic filesystems based on pre-built images. Successful
Qualys
Evaluate Your Windows Endpoints for Storm-0978 Activity With Qualys Endpoint Security
blogs_qualys·2023-07-14·CVSS 7.8
CVE-2023-32046 [HIGH] Evaluate Your Windows Endpoints for Storm-0978 Activity With Qualys Endpoint Security
## Table of Contents
Summary:
Remediation:
Vulnerability Analysis:
Exploit Detection using Qualys EDR:
VMDR:
Related IOCs:
## Summary:
On July 11, Microsoft released security bulletins to fix 132 vulnerabilities. With the July Patch Tuesday, Microsoft also remediated six zero-day vulnerabilities . For your quick reference, the following are the zero-day vulnerabilities:
CVE-2023-32046 – Windows MSHTML Platform Elevation of Privilege Vulnerability
CVE-2023-32049 – Windows SmartScreen Security Feature Bypass Vulnerability
CVE-2023-36874 – Windows Error Reporting Service Elevation of Privilege Vulnerability
CVE-2023-36884 – Office and Windows HTML Remote Code Execution Vulnerability
CVE-2023-35311 – Microsoft Outlook Security Feature Bypass Vulnerability
ADV230001 – Guidance on
Qualys
Evaluate Your Windows Endpoints for Storm-0978 Activity With Qualys Endpoint Security | Qualys
blogs_qualys·2023-07-14·CVSS 7.8
CVE-2023-32046 [HIGH] Evaluate Your Windows Endpoints for Storm-0978 Activity With Qualys Endpoint Security | Qualys
#### Table of Contents
- Summary:
- Remediation:
- Vulnerability Analysis:
- Exploit Detection using Qualys EDR:
- VMDR:
- Related IOCs:
## Summary:
On July 11, Microsoft released security bulletins to fix 132 vulnerabilities. With the July Patch Tuesday, Microsoft also remediated six zero-day vulnerabilities. For your quick reference, the following are the zero-day vulnerabilities:
1. CVE-2023-32046 – Windows MSHTML Platform Elevation of Privilege Vulnerability
2. CVE-2023-32049 – Windows SmartScreen Security Feature Bypass Vulnerability
3. CVE-2023-36874 – Windows Error Reporting Service Elevation of Privilege Vulnerability
4. CVE-2023-36884 – Office and Windows HTML Remote Code Execution Vulnerability
5. CVE-2023-35311 – Microsoft Outlook Security Feature Bypass Vulnerability
6. ADV
Krebs
Apple & Microsoft Patch Tuesday, July 2023 Edition
blogs_krebs·2023-07-12·CVSS 7.8
[HIGH] Apple & Microsoft Patch Tuesday, July 2023 Edition
Microsoft Corp. today released software updates to quash 130 security bugs in its Windows operating systems and related software, including at least five flaws that are already seeing active exploitation. Meanwhile, Apple customers have their own zero-day woes again this month: On Monday, Apple issued (and then quickly pulled) an emergency update to fix a zero-day vulnerability that is being exploited on MacOS and iOS devices.
On July 10, Apple pushed a “Rapid Security Response” update to fix a code execution flaw in the Webkit browser component built into iOS, iPadOS, and macOS Ventura. Almost as soon as the patch went out, Apple pulled the software because it was reportedly causing problems loading certain websites. MacRumors says Apple will likely re-release the patches when the glitch
Talos
Microsoft discloses more than 130 vulnerabilities as part of July’s Patch Tuesday, four exploited in the wild
blogs_talos·2023-07-11·CVSS 7.8
[HIGH] Microsoft discloses more than 130 vulnerabilities as part of July’s Patch Tuesday, four exploited in the wild
Microsoft released its monthly security update Tuesday, disclosing the most vulnerabilities as part of Patch Tuesday in more than a year.
The company released details of more than 130 vulnerabilities, the most in a month since April 2022, 10 of which are considered to be critical. The remaining vulnerabilities are “important.”
Microsoft also included an advisory in today’s Patch Tuesday that provides guidance to mitigate Microsoft-signed drivers that attackers are using maliciously in the wild. Talos recently discovered an attack that focuses on drivers certified by Microsoft’s Windows Hardware Developer Program (MWHDP) being used maliciously in post-exploitation activity. Microsoft had been previously notified of this type of activity in February 2023, and Talos researchers recently rep
Krebs
Apple & Microsoft Patch Tuesday, July 2023 Edition
blogs_krebs·2023-07-11·CVSS 7.8
[HIGH] Apple & Microsoft Patch Tuesday, July 2023 Edition
Microsoft Corp. today released software updates to quash 130 security bugs in its Windows operating systems and related software, including at least five flaws that are already seeing active exploitation. Meanwhile, Apple customers have their own zero-day woes again this month: On Monday, Apple issued (and then quickly pulled) an emergency update to fix a zero-day vulnerability that is being exploited on MacOS and iOS devices.
On July 10, Apple pushed a “Rapid Security Response” update to fix a code execution flaw in the Webkit browser component built into iOS, iPadOS, and macOS Ventura. Almost as soon as the patch went out, Apple pulled the software because it was reportedly causing problems loading certain websites. MacRumors says Apple will likely re-release the patches when the glitch
Qualys
Microsoft and Adobe Patch Tuesday, July 2023 Security Update Review
blogs_qualys·2023-07-11·CVSS 7.8
[HIGH] Microsoft and Adobe Patch Tuesday, July 2023 Security Update Review
## Table of Contents
Microsoft Patch Tuesday for July 2023
Adobe Patches for July 2023
Zero-day Vulnerabilities Patched in July Patch Tuesday Edition
Other Critical Severity Vulnerabilities Patched in July Patch Tuesday Edition
Other Microsoft Vulnerability Highlights
Microsoft Release Summary
Discover and Prioritize Vulnerabilities in Vulnerability Management, Detection & Response (VMDR)
Rapid Response with Patch Management (PM)
EVALUATE Vendor-Suggested Mitigation with Policy Compliance (PC)
EXECUTE Mitigation Using Qualys Custom Assessment and Remediation (CAR)
Qualys Monthly Webinar Series
Microsoft has released July’s edition of Patch Tuesday! This installment of security updates addressed 132 security vulnerabilities in various products, features, and roles.
## Microsoft
Tenable
Microsoft’s July 2023 Patch Tuesday Addresses 130 CVEs (CVE-2023-36884)
blogs_tenable·2023-07-11·CVSS 7.5
[HIGH] Microsoft’s July 2023 Patch Tuesday Addresses 130 CVEs (CVE-2023-36884)
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Qualys
Microsoft and Adobe Patch Tuesday, July 2023 Security Update Review | Qualys
blogs_qualys·2023-07-11·CVSS 7.8
[HIGH] Microsoft and Adobe Patch Tuesday, July 2023 Security Update Review | Qualys
#### Table of Contents
- Microsoft Patch Tuesday for July 2023
- Adobe Patches for July 2023
- Zero-day Vulnerabilities Patched in July Patch Tuesday Edition
- Other Critical Severity Vulnerabilities Patched in July Patch Tuesday Edition
- Other Microsoft Vulnerability Highlights
- Microsoft Release Summary
- Discover and Prioritize Vulnerabilities in Vulnerability Management, Detection & Response (VMDR)
- Rapid Response with Patch Management (PM)
- EVALUATE Vendor-Suggested Mitigation with Policy Compliance (PC)
- EXECUTE Mitigation Using Qualys Custom Assessment and Remediation (CAR)
- Qualys Monthly Webinar Series
Microsoft has released July’s edition of Patch Tuesday! This installment of security updates addressed 132 security vulnerabilities in various products, features, and roles.
Talos
Microsoft discloses more than 130 vulnerabilities as part of July’s Patch Tuesday, four exploited in the wild
blogs_talos·2023-07-11·CVSS 7.8
[HIGH] Microsoft discloses more than 130 vulnerabilities as part of July’s Patch Tuesday, four exploited in the wild
## Microsoft discloses more than 130 vulnerabilities as part of July’s Patch Tuesday, four exploited in the wild
Microsoft released its monthly security update Tuesday, disclosing the most vulnerabilities as part of Patch Tuesday in more than a year.
The company released details of more than 130 vulnerabilities, the most in a month since April 2022, 10 of which are considered to be critical. The remaining vulnerabilities are “important.”
Microsoft also included an advisory in today’s Patch Tuesday that provides guidance to mitigate Microsoft-signed drivers that attackers are using maliciously in the wild. Talos recently discovered an attack that focuses on drivers certified by Microsoft’s Windows Hardware Developer Program (MWHDP) being used maliciously in post-exploitation activity. Mi
Sentinelone
Black Basta
blogs_sentinelone·2022-11-30
Black Basta
How It Works The Singularity XDR Difference
Singularity Marketplace One-Click Integrations to Unlock the Power of XDR
Pricing & Packaging Comparisons and Guidance at a Glance
Purple AI Accelerate SecOps with Generative AI
Singularity Hyperautomation Easily Automate Security Processes
AI-SIEM The AI SIEM for the Autonomous SOC
Singularity Data Lake AI-Powered, Unified Data Lake
Singularity Data Lake for Log Analytics Seamlessly Ingest Data from On-Prem, Cloud or Hybrid Environments
Singularity Endpoint Autonomous Prevention, Detection, and Response
Singularity XDR Native & Open Protection, Detection, and Response
Singularity RemoteOps Forensics Orchestrate Forensics at Scale
Singularity
Threat Intelligence Comprehensive Adversary Intelligence
Singularity Vulnerability Management
Crowdstrike
July 2023 Patch Tuesday: Updates and Analysis
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] July 2023 Patch Tuesday: Updates and Analysis
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand ATT&CK in 10 Minutes or Less [VI
Crowdstrike
Discovering and Blocking a Zero-Day Exploit with CrowdStrike Falcon Complete: The Case of CVE-2023-36874
blogs_crowdstrike·CVSS 7.8
CVE-2026-20929 [HIGH] Discovering and Blocking a Zero-Day Exploit with CrowdStrike Falcon Complete: The Case of CVE-2023-36874
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand ATT&CK in 10 Minutes or Less [VI
Sentinelone
Black Basta
blogs_sentinelone
Black Basta
# Black Basta Ransomware: In-Depth Analysis, Detection, and Mitigation
## Summary of Black Basta Ransomware
Black Basta first emerged in early 2022. The ransomware family is an evolution of the Hermes/Ryuk/Conti families. Black Basta was heavily advertised in underground cybercrime markets. Black Basta practices double extortion – demanding payment for a decryptor, as well as for the non-release of stolen data. There are Windows and LInux variants of Black Basta ransomware. The group is responsible for hundreds of attacks against global targets of varying sectors.
February 2025 Update: Nearly a year’s worth of Black Basta chat logs have been released on Telegram, providing detailed insight into the groups operational workflow, reconnaissance activities, and specific userID and details o
Crowdstrike
Discovering and Blocking a Zero-Day Exploit with CrowdStrike Falcon Complete: The Case of CVE-2023-36874
blogs_crowdstrike·CVSS 7.8
CVE-2026-20929 [HIGH] Discovering and Blocking a Zero-Day Exploit with CrowdStrike Falcon Complete: The Case of CVE-2023-36874
How CrowdStrike is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 06, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How CrowdStrike is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 06, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand AT
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36874http://packetstormsecurity.com/files/174843/Microsoft-Error-Reporting-Local-Privilege-Elevation.htmlhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36874https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-36874
2023-07-11
Published
2023-07-11
Added to CISA KEV
Exploited in the wild