June 14, 2023

In the latest round of monthly security rollup updates in June, Microsoft has addressed a total of 78 vulnerabilities, with 38 of them categorized as remote code execution (RCE) vulnerabilities.

Out of the identified vulnerabilities, only 6 are considered critical, encompassing denial of service, remote code execution and privilege escalation.

Overall, Microsoft has patched vulnerabilities across Windows, Windows Server, Office, Visual studio, and other products.

The Notable Critical Vulnerabilities

• CVE-2023-29357, (CVSS 3.1: 9.8, Critical) – Privilege escalation vulnerability in Microsoft SharePoint server, that could potentially allow an unauthenticated attacker to assume the privileges of other users, including administrators.
• CVE-2023-29363, CVE-2023-32014 and CVE-2023-32015
• CVE-2023-32031, (CVSS 3.1:8.8, Critical) – RCE vulnerability in Microsoft Exchange Server, allows a remote, authenticated attacker to target server accounts using network calls to trigger arbitrary code execution.

For the full patched vulnerabilities list, visit Microsoft June 2023 Security Updates.

Affected Systems

The Vulnerabilities affect all Windows versions under support, including the latest client and server releases, Windows 11 and Windows Server 2022.

Mitigation

CYREBRO urges all clients to implement the latest available Microsoft security/monthly rollup updates in all relevant systems as soon as possible.

References: Microsoft June 2023 Security Updates.