Security News > 2023 > June > June 2023 Patch Tuesday: Critical patches for Microsoft Windows, SharePoint, Exchange
For June 2023 Patch Tuesday, Microsoft has delivered 70 new patches but, for once, none of the fixed vulnerabilities are currently exploited by attackers nor were publicly known before today!
Microsoft has previously fixed CVE-2023-3079, a type confusion vulnerability in Chromium's V8 JavaScript engine, which was spotted being exploited by attackers to target Chrome users.
Since Microsoft's Edge browser is based on Chromium' open-source codebase, Microsoft pushed out a patch on June 6, and the accompanying advisory is out today.
Dustin Childs, head of threat awareness at Trend Micro Inc.'s Zero Day Initiative, has singled out CVE-2023-29357, a critical elevation of privilege vulnerability in Microsoft SharePoint Server 2019, as deserving express patching.
Three distinct vulnerabilities affecting the Windows Pragmatic General Multicast protocol installed with the message queuing service could allow a remote, unauthenticated attacker to execute code on an affected system and should be also patched quickly.
"Unlike past Microsoft Exchange Server flaws that were rated higher and did not require authentication, these vulnerabilities require an attacker to be authenticated. That said, attackers can still potentially exploit these flaws if they're able to obtain valid credentials, which is not as difficult as you'd expect."
News URL
https://www.helpnetsecurity.com/2023/06/13/june-2023-patch-tuesday/
Related news
- Microsoft September 2024 Patch Tuesday fixes 4 zero-days, 79 flaws (source)
- Patch Tuesday for September 2024: Microsoft Catches Four Zero-Day Vulnerabilities (source)
- Microsoft confirms IE bug squashed in Patch Tuesday was exploited zero-day (source)
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws (source)
- Microsoft cleans up hot mess of Patch Tuesday preview (source)
- Microsoft SharePoint RCE flaw exploits in the wild – you've had 3 months to patch (source)
- Week in review: Vulnerability allows Yubico security keys cloning, Patch Tuesday forecast (source)
- Microsoft to start force-upgrading Windows 22H2 systems next month (source)
- Microsoft fixes Windows Smart App Control zero-day exploited since 2018 (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-06-14 | CVE-2023-29357 | Unspecified vulnerability in Microsoft Sharepoint Server 2019 Microsoft SharePoint Server Elevation of Privilege Vulnerability | 9.8 |
2023-06-05 | CVE-2023-3079 | Type Confusion vulnerability in multiple products Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |