010-68421378
sales@cogitosoft.com
Your location:Home>News Center >New release

Microsoft Patch Tuesday – June 2023

latest update:2023/06/14 Views:467
Patch Tuesday is once again upon us. As always, our team has put together the monthly Patch Tuesday Report to help you manage your update progress.

 

Patch Tuesday is once again upon us. As always, our team has put together the monthly Patch Tuesday Report to help you manage your update progress. The audit report gives you a quick and clear overview of your Windows machines and their patching status. The June 2023 edition of Patch Tuesday brings us 78 new fixes, with 6 rated as critical. We've listed the most important changes below.

TL;DR | Go Straight to the June 2023 Patch Tuesday Audit Report

Microsoft SharePoint Server Elevation of Privilege Vulnerability

Just like last month, the most noteworthy fixes are for SharePoint. Sharepoint got a total of 5 vulnerabilities fixed, one of which is critical.

CVE-2023-29357 is the most critical of the five with a CVSS base score of 9.8 and exploitation being listed as "More Likely". However, this does come with a sidenote. If you have the AMSI integration feature enabled and use Microsoft Defender across your SharePoint Server farm(s) you are protected.

For the ones that do not, attackers who successfully exploited this vulnerability could gain administrator privileges. An attacker who has gained access to spoofed JWT authentication tokens can use them to execute a network attack which bypasses authentication and allows them to gain access to the privileges of an authenticated user without requiring privileges or user interaction.

The other vulnerabilities, CVE-2023-33129, CVE-2023-33130, CVE-2023-33132, and CVE-2023-33142 range from having a CVSS base score of 7.3 to 6.3 and are less likely to be exploited. They contain one denial of service, two spoofing, and one elevation of privilege vulnerability.

Microsoft Exchange Server Remote Code Execution Vulnerability

CVE-2023-28310 and CVE-2023-32031 are two RCE vulnerabilities that were fixed for Exchange. With a CVSS base score of 8 and 8.8, and not getting the critical tag from Microsoft, they are not the most severe vulnerabilities this month however, they shouldn't be overlooked as they are the more likely targets of attackers.

For both vulnerabilities, the attacker does require authentication which is likely why they did not receive the critical tag. If authenticated, an attacker exploiting CVE-2023-28310 can achieve remote code execution via a PowerShell remoting session. If CVE-2023-32031 is exploited, the attacker would attempt to trigger malicious code in the context of the server's account through a network call.

Run the Patch Tuesday June 2023 Audit

To help manage your update progress, we've created the Patch Tuesday Audit that checks if the assets in your network are on the latest patch updates. The report has been color-coded to see which machines are up-to-date and which ones still need to be updated. As always, system administrators are urged to update their environment as soon as possible to ensure all endpoints are secured.

The Lansweeper Patch Tuesday report is automatically added to Lansweeper Site. Lansweeper Sites is included in all our licenses without any additional cost and allows you to federate all your installations into one single view so all you need to do is look at one report, automatically added every patch Tuesday!

Run the June Patch Tuesday Audit

Patch Tuesday June 2023 CVE Codes & Titles

CVE Number

CVE Title

CVE-2023-33146

Microsoft Office Remote Code Execution Vulnerability

CVE-2023-33145

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

CVE-2023-33144

Visual Studio Code Spoofing Vulnerability

CVE-2023-33142

Microsoft SharePoint Server Elevation of Privilege Vulnerability

CVE-2023-33141

Yet Another Reverse Proxy (YARP) Denial of Service Vulnerability

CVE-2023-33140

Microsoft OneNote Spoofing Vulnerability

CVE-2023-33139

Visual Studio Information Disclosure Vulnerability

CVE-2023-33137

Microsoft Excel Remote Code Execution Vulnerability

CVE-2023-33135

.NET and Visual Studio Elevation of Privilege Vulnerability

CVE-2023-33133

Microsoft Excel Remote Code Execution Vulnerability

CVE-2023-33132

Microsoft SharePoint Server Spoofing Vulnerability

CVE-2023-33131

Microsoft Outlook Remote Code Execution Vulnerability

CVE-2023-33130

Microsoft SharePoint Server Spoofing Vulnerability

CVE-2023-33129

Microsoft SharePoint Denial of Service Vulnerability

CVE-2023-33128

.NET and Visual Studio Remote Code Execution Vulnerability

CVE-2023-33126

.NET and Visual Studio Remote Code Execution Vulnerability

CVE-2023-32032

.NET and Visual Studio Elevation of Privilege Vulnerability

CVE-2023-32031

Microsoft Exchange Server Remote Code Execution Vulnerability

CVE-2023-32030

.NET and Visual Studio Denial of Service Vulnerability

CVE-2023-32029

Microsoft Excel Remote Code Execution Vulnerability

CVE-2023-32024

Microsoft Power Apps Spoofing Vulnerability

CVE-2023-32022

Windows Server Service Security Feature Bypass Vulnerability

CVE-2023-32021

Windows SMB Witness Service Security Feature Bypass Vulnerability

CVE-2023-32020

Windows DNS Spoofing Vulnerability

CVE-2023-32019

Windows Kernel Information Disclosure Vulnerability

CVE-2023-32018

Windows Hello Remote Code Execution Vulnerability

CVE-2023-32017

Microsoft PostScript Printer Driver Remote Code Execution Vulnerability

CVE-2023-32016

Windows Installer Information Disclosure Vulnerability

CVE-2023-32015

Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability

CVE-2023-32014

Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability

CVE-2023-32013

Windows Hyper-V Denial of Service Vulnerability

CVE-2023-32012

Windows Container Manager Service Elevation of Privilege Vulnerability

CVE-2023-32011

Windows iSCSI Discovery Service Denial of Service Vulnerability

CVE-2023-32010

Windows Bus Filter Driver Elevation of Privilege Vulnerability

CVE-2023-32009

Windows Collaborative Translation Framework Elevation of Privilege Vulnerability

CVE-2023-32008

Windows Resilient File System (ReFS) Remote Code Execution Vulnerability

CVE-2023-29373

Microsoft ODBC Driver Remote Code Execution Vulnerability

CVE-2023-29372

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVE-2023-29371

Windows GDI Elevation of Privilege Vulnerability

CVE-2023-29370

Windows Media Remote Code Execution Vulnerability

CVE-2023-29369

Remote Procedure Call Runtime Denial of Service Vulnerability

CVE-2023-29368

Windows Filtering Platform Elevation of Privilege Vulnerability

CVE-2023-29367

iSCSI Target WMI Provider Remote Code Execution Vulnerability

CVE-2023-29366

Windows Geolocation Service Remote Code Execution Vulnerability

CVE-2023-29365

Windows Media Remote Code Execution Vulnerability

CVE-2023-29364

Windows Authentication Elevation of Privilege Vulnerability

CVE-2023-29363

Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability

CVE-2023-29362

Remote Desktop Client Remote Code Execution Vulnerability

CVE-2023-29361

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

CVE-2023-29360

Windows TPM Device Driver Elevation of Privilege Vulnerability

CVE-2023-29359

GDI Elevation of Privilege Vulnerability

CVE-2023-29358

Windows GDI Elevation of Privilege Vulnerability

CVE-2023-29357

Microsoft SharePoint Server Elevation of Privilege Vulnerability

CVE-2023-29355

DHCP Server Service Information Disclosure Vulnerability

CVE-2023-29353

Sysinternals Process Monitor for Windows Denial of Service Vulnerability

CVE-2023-29352

Windows Remote Desktop Security Feature Bypass Vulnerability

CVE-2023-29351

Windows Group Policy Elevation of Privilege Vulnerability

CVE-2023-29346

NTFS Elevation of Privilege Vulnerability

CVE-2023-29337

NuGet Client Remote Code Execution Vulnerability

CVE-2023-29331

.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability

CVE-2023-29326

.NET Framework Remote Code Execution Vulnerability

CVE-2023-29012

GitHub: CVE-2023-29012 Git CMD erroneously executes `doskey.exe` in current directory, if it exists

CVE-2023-29011

GitHub: CVE-2023-29011 The config file of `connect.exe` is susceptible to malicious placing

CVE-2023-29007

GitHub: CVE-2023-29007 Arbitrary configuration injection via `git submodule deinit`

CVE-2023-28310

Microsoft Exchange Server Remote Code Execution Vulnerability

CVE-2023-27911

AutoDesk: CVE-2023-27911 Heap buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior

CVE-2023-27910

AutoDesk: CVE-2023-27910 stack buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior

CVE-2023-27909

AutoDesk: CVE-2023-27909 Out-Of-Bounds Write Vulnerability in Autodesk® FBX® SDK 2020 or prior

CVE-2023-25815

GitHub: CVE-2023-25815 Git looks for localized messages in an unprivileged place

CVE-2023-25652

GitHub: CVE-2023-25652 "git apply --reject" partially-controlled arbitrary file write

CVE-2023-24938

Windows CryptoAPI Denial of Service Vulnerability

CVE-2023-24937

Windows CryptoAPI Denial of Service Vulnerability

CVE-2023-24936

.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability

CVE-2023-24897

.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability

CVE-2023-24896

Dynamics 365 Finance Spoofing Vulnerability

CVE-2023-24895

.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability

CVE-2023-24880

Windows SmartScreen Security Feature Bypass Vulnerability

CVE-2023-23398

Microsoft Excel Spoofing Vulnerability

CVE-2023-23396

Microsoft Excel Denial of Service Vulnerability

CVE-2023-23383

Service Fabric Explorer Spoofing Vulnerability

CVE-2023-21569

Azure DevOps Server Spoofing Vulnerability

CVE-2023-21565

Azure DevOps Server Spoofing Vulnerability

CVE-2022-38023

Netlogon RPC Elevation of Privilege Vulnerability

CVE-2022-37967

Windows Kerberos Elevation of Privilege Vulnerability

CVE-2021-34527

Windows Print Spooler Remote Code Execution Vulnerability

 

Next:ownCloud presents Infinite Scale 3.0: The new and most secure version of its real-time content collaboration platform
Prev:Katalon vs Selenium vs UFT

© Copyright 2000-2023  COGITO SOFTWARE CO.,LTD. All rights reserved