Microsoft patches four zero-days, finally takes action against crimeware kernel drivers – Naked Security

Microsoft’s Patch Tuesday for July 2023 has addressed over 100 vulnerabilities, including four zero-day security holes. It is crucial to patch early and often to avoid being at risk longer than necessary. Cybercriminals will likely focus on exploiting the remaining vulnerabilities to extract the last value from their former zero-day holes. Sophos News provides official details on the patches, including a comprehensive list of CVE numbers and bug explanations. Additionally, an in-depth article discusses the ongoing security issue of malicious kernel drivers that have been blocked by Windows. Two significant takeaways from this month’s patch set are the security bypass exploits and elevation of privilege exploits. The former allows criminals to sidestep security protections, while the latter enables them to gain sysadmin-level access within a network. Microsoft’s advisory, ADV230001, addresses the misuse of signed drivers by providing guidance on the matter. Rogue Windows kernel drivers pose a significant threat as they grant malware creators and cybercriminals low-level access to the operating system. Microsoft has implemented measures to clamp down on kernel drivers, including digital signatures and official review processes. However, last year, SophosLabs discovered a list of kernel-level malware, including 100 drivers personally signed by Microsoft. These drivers aimed to disable security software and spy on and manipulate data within the operating system. To ensure optimal security, it is essential to promptly update and reboot your computer.