Security News > 2023 > June > June 2023 Patch Tuesday: Critical patches for Microsoft Windows, SharePoint, Exchange

June 2023 Patch Tuesday: Critical patches for Microsoft Windows, SharePoint, Exchange
2023-06-13 18:36

For June 2023 Patch Tuesday, Microsoft has delivered 70 new patches but, for once, none of the fixed vulnerabilities are currently exploited by attackers nor were publicly known before today!

Microsoft has previously fixed CVE-2023-3079, a type confusion vulnerability in Chromium's V8 JavaScript engine, which was spotted being exploited by attackers to target Chrome users.

Since Microsoft's Edge browser is based on Chromium' open-source codebase, Microsoft pushed out a patch on June 6, and the accompanying advisory is out today.

Dustin Childs, head of threat awareness at Trend Micro Inc.'s Zero Day Initiative, has singled out CVE-2023-29357, a critical elevation of privilege vulnerability in Microsoft SharePoint Server 2019, as deserving express patching.

Three distinct vulnerabilities affecting the Windows Pragmatic General Multicast protocol installed with the message queuing service could allow a remote, unauthenticated attacker to execute code on an affected system and should be also patched quickly.

"Unlike past Microsoft Exchange Server flaws that were rated higher and did not require authentication, these vulnerabilities require an attacker to be authenticated. That said, attackers can still potentially exploit these flaws if they're able to obtain valid credentials, which is not as difficult as you'd expect."


News URL

https://www.helpnetsecurity.com/2023/06/13/june-2023-patch-tuesday/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-06-14 CVE-2023-29357 Unspecified vulnerability in Microsoft Sharepoint Server 2019
Microsoft SharePoint Server Elevation of Privilege Vulnerability
network
low complexity
microsoft
critical
9.8
2023-06-05 CVE-2023-3079 Type Confusion vulnerability in multiple products
Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google fedoraproject debian couchbase CWE-843
8.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 480 75 2308 5127 264 7774