This week marked the arrival of monthly scheduled Microsoft Patch Tuesday updates for June 2023. The update bundle addresses some critical, and a large number of important severity vulnerabilities. Thus, users must ensure updating their systems at the earliest (if not updated automatically) to receive all bug fixes in time.
Microsoft June 2023 Patch Tuesday Overview
The June Patch Tuesday update bundle addressed six different critical severity vulnerabilities across different Microsoft components.
The most severe (CVE-2023-29363, CVE-2023-32014, and CVE-2023-32015) affected the Windows Pragmatic General Multicast (PGM). Each of these vulnerabilities received a CVSS score of 9.8.
Exploiting these flaws could allow a remote adversary to execute malicious codes by sending specially crafted files over the network. However, the exploitability required the Windows message queuing service to be enabled and running on the PGM server environment.
Another severe vulnerability, CVE-2023-29357 (CVSS 9.8), affected the Microsoft SharePoint Server. Exploiting the flaw could allow an attacker to gain admin privileges without prior authentication.
Besides, the other two critical-severity vulnerabilities patched with this update bundle include CVE-2023-24897 (CVSS 9.8) – a remote code execution flaw affecting the .NET, .NET Framework, and Visual Studio, and CVE-2023-32013 (CVSS 6.5) – a DoS vulnerability in the Windows Hyper-V.
Alongside these six critical vulnerabilities, Microsoft patched 68 other vulnerabilities with June Patch Tuesday. These include 9 denial of service vulnerabilities, 16 privilege escalation flaws, 5 information disclosure issues, 9 vulnerabilities leading to spoofing, 4 security feature bypass, and 22 remote code execution vulnerabilities across different components.
One noteworthy important severity vulnerability includes CVE-2023-24896 affecting Microsoft Dynamics 365 (on-premises). Microsoft reported it as a cross-site scripting flaw that allowed an authenticated attacker to steal login credentials and other sensitive information via maliciously crafted popups linked to web pages or emails.
Alongside these issues, this update bundle includes a low-severity bug fix for CVE-2023-29345 – a security feature bypass in Microsoft Edge.
While these vulnerabilities would automatically reach the eligible devices, users should still check for any updates manually for timely bug fixes. Also, it’s wise to enable automatic updates on all systems.
Let us know your thoughts in the comments.