Microsoft June 2023 Patch Tuesday fixes 78 flaws, 38 RCE bugs

Cyber Security Threat Summary:
As part of the June Patch Tuesday, Microsoft addressed 78 flaws which include 17 Elevation of Privilege Vulnerabilities, 3 Security Feature Bypass Vulnerabilities, 32 Remote Code Execution Vulnerabilities, 5 Information Disclosure Vulnerabilities, 10 Denial of Service Vulnerabilities, 10 Spoofing Vulnerabilities, and 1 Edge - Chromium Vulnerability. Out of the 78 flaws fixed, 6 have been rated critical in severity, 63 rated Important, 2 rated moderate, and 1 rated low in severity.

In addition to Microsoft, several other vendors have released updates in June 2023:

  • Cisco released security updates for Cisco AnyConnect and other products.
  • Fortinet released new FortiOS firmware to fix an actively exploited Fortigate RCE zero-day.
  • Google released security updates for Google Chrome to fix an actively exploited zero-day and the Android June 2023 updates.
  • MOVEit released security updates for a zero-day actively exploited by the Clop ransomware gang in data theft attacks. A week later, they released another update for an RCE flaw found by Huntress Labs.
  • SAP has released its June 2023 Patch Day updates.
  • VMware released VMware ESXi updates to fix an actively exploited zero-day tracked as CVE-2023-20867.


    Security Officer Comments:
    Luckily, the latest Microsoft patch Tuesday does not address any zero-days or actively exploited flaws. There were however six critical bugs for this month's patch which relate to a case of denial of service, remote code execution, and privilege escalation. Below is a list of the CVEs:
  • CVE-2023-24897: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
  • CVE-2023-29357: Microsoft SharePoint Server Elevation of Privilege Vulnerability
  • CVE-2023-32013: Windows Hyper-V Denial of Service Vulnerability
  • CVE-2023-29363: Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
  • CVE-2023-32014: Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
  • CVE-2023-32015: Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability


    Suggested Correction(s):
    Organizations should review the list of vulnerabilities resolved and apply the relevant patches as needed. To access the full list of vulnerabilities addressed, please use the link down below:

    https://www.bleepingcomputer.com/microsoft-patch-tuesday-reports/June-2023.html

    Link(s):
    https://www.bleepingcomputer.com/

    Contact Us for Threat Assistance Back to Current Threats

    • Just Starting?



    Contact LACyber for More Info



    Current Active Cyber Threats