Company

ABOUT ESENTIRE

eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.

About Us →

Leadership →

Careers →

Event Calendar →

Newsroom →

EVENT CALENDAR

Dec

TechTalk Soho House Dinner, Chicago

Dec

December TRU Intelligence Briefing

Jan

Security Leaders Dinner, Denver

Jan

FutureCon Los Angeles

Apr

RSA Conference 2025

View Calendar →

LATEST PRESS RELEASE

Aug 09, 2024

eSentire Expands Partnership with TD SYNNEX to Bring eSentire’s Award-Winning, 24/7 MDR and SOC Services to Organizations Across North America

Waterloo, Ontario, August 12, 2024 — eSentire, a leading global Managed Detection and Response (MDR) provider, today announced it has expanded its partnership with TD SYNNEX, a leading global distributor and solutions aggregator for the IT ecosystem. eSentire’s all-in-one, 24/7…

View Newsroom →

Speak With A Security Expert Now

TALK TO AN EXPERT

THE THREAT

Microsoft has disclosed five actively exploited zero-day vulnerabilities in the July Patch Tuesday release. It is critical that organizations prioritize the patching of these vulnerabilities as exploitation is ongoing. The zero-day vulnerabilities from this release are classified as Remote Code Execution (RCE), Privilege Escalation, and Security Feature Bypass. One vulnerability from this release (CVE-2023-36884) is confirmed to be exploited by the Russian-based threat actor group Storm-0978. Real-world attacks were identified impacting military and government bodies primarily in Europe.

It should be noted that all of the exploited vulnerabilities from this release require either user interaction or previous access to the vulnerable system; this reduces the likelihood of rapid adoption and widespread exploitation. All five vulnerabilities are reported to be exploited in targeted attacks at this time.

What we're doing about it

The eSentire Intelligence team tracks Storm-0978 activity, and eSentire products have a variety of detections for known Storm-0978 Tactics, Techniques, and Procedures (TTPs)
eSentire Managed Vulnerability Service detects CVE-2023-35311, CVE-2023-32049, CVE-2023-32046, and CVE-2023-36874
- Plugins for CVE-2023-36884 will be added as they become available
The eSentire Threat Intelligence Team is actively tracking vulnerabilities from the Microsoft July Patch Tuesday release for additional details and detection opportunities

What you should do about it

After performing a business impact review apply the relevant security patches
- Actively exploited vulnerabilities should be prioritized
Alternative mitigations are available to address CVE-2023-36884 and should be applied until security patches are released
Ensure that end-users are trained to identify and report suspicious emails

Additional information

This month Microsoft addressed a total of 130 separate vulnerabilities. This is by far the largest number of vulnerabilities included in a Microsoft Patch Tuesday release this year. Additionally, this is the last Patch Tuesday before BlackHat, which may explain the above-average zero-day count. While the zero-day vulnerabilities are most concerning, there are five additional vulnerabilities that Microsoft tracks as “exploitation more likely.”

The zero-day vulnerabilities from this release are as follows:

CVE-2023-36884 (CVSS: 8.3) - Office and Windows HTML Remote Code Execution Vulnerability

Security patches are not currently available to address this vulnerability
Exploitation of this vulnerability would require that an adversary tricks the end-user into opening a specially crafted malicious file
Microsoft has confirmed targeted exploitation by the Russian based threat actor group Storm-0978

CVE-2023-35311 (CVSS: 8.8) - Microsoft Outlook Security Feature Bypass Vulnerability

A threat actor may exploit this vulnerability to bypass the Microsoft Outlook Security Notice prompt
This would decrease the likelihood of end-users identifying malicious content delivered via email
In an attack scenario, the vulnerability may be exploited by tricking a user into interacting with a maliciously crafted link

CVE-2023-32049 (CVSS: 8.8) - Windows SmartScreen Security Feature Bypass Vulnerability

Exploitation of this vulnerability prevents the Open File - Security Warning prompt
This would decrease the likelihood of end-users identifying malicious documents prior to opening
To exploit the vulnerability, threat actors would need to convince an end-user to interact with a specially crafted URL

CVE-2023-32046 (CVSS: 7.8) - Windows MSHTML Platform Elevation of Privilege Vulnerability

An attacker, with local access to a system, may exploit this vulnerability to gain the privileges of a targeted user
Exploitation requires the end-user to open a specially crafted file

CVE-2023-36874 (CVSS: 7.8) - Windows Error Reporting Service Elevation of Privilege Vulnerability

An adversary that exploits this vulnerability may gain administrator privileges on the impacted device
Exploitation requires local access to the vulnerable system

References:

[1] https://msrc.microsoft.com/update-guide/vulnerability
[2] https://www.microsoft.com/en-us/security/blog/2023/07/11/storm-0978-attacks-reveal-financial-and-espionage-motives/
[3] https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884
[4] https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35311
[5] https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32049
[6] https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32046
[7] https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36874

ESENTIRE SERVICES

Managed Detection and Response

All-In-One MDR Solution →

MDR for Microsoft →

MDR for GenAI →

Digital Forensics and Incident Response

Exposure Management Services

PLATFORM, PEOPLE AND RESPONSE

Security Operations Center (SOC)

Extended Detection and Response (XDR)

Technology Integrations

Threat Response Unit (TRU)

Cyber Resilience Team

Response and Remediation

24/7 MDR SIGNALS

Endpoint

Network

Log

Cloud

Identity

INDUSTRIES

Insurance

Construction

Finance

Legal

Manufacturing

Private Equity

Healthcare

Retail

Food Supply

Government and Education

Automotive Dealerships

USE CASES

Ransomware

Cybersecurity Compliance

Zero Day Attacks

Cloud Misconfiguration

Third-Party Risk

Do More With Less

Cyber Risk

Cyber Insurance

Sensitive Data Security

Security Leadership

Cyber Threat Intelligence

MDR Pricing

From The Blog

Bored BeaverTail & InvisibleFerret Yacht Club – A Lazarus Lure Pt.2

Bored BeaverTail Yacht Club – A Lazarus Lure

Cybersecurity Spending: Where to Allocate Your Budget in 2025

Resources

Case Studies

TRU Intelligence Center

Cybersecurity Tools

Videos

Reports

Webinars

Data Sheets

Real vs. Fake MDR

Compare MDR Vendors

Blogs

Security Advisories

SECURITY ADVISORIES

Palo Alto Zero-Day Vulnerability (CVE-2024-0012)

PoC Released for Citrix Vulnerabilities

ABOUT ESENTIRE

About Us →

Leadership →

Careers →

Event Calendar →

Newsroom →

EVENT CALENDAR

TechTalk Soho House Dinner, Chicago

December TRU Intelligence Briefing

Security Leaders Dinner, Denver

FutureCon Los&nbsp;Angeles

RSA Conference 2025

LATEST PRESS RELEASE

eSentire Expands Partnership with TD SYNNEX to Bring eSentire’s Award-Winning, 24/7 MDR and SOC Services to Organizations Across North America

PARTNER PROGRAM

Search our site

Extended Detection and
Response (XDR)

FutureCon Los Angeles

The Proven Choice for
Managed Detection and Response

Sales and
Customer Support