Security News > 2023 > June > June 2023 Patch Tuesday: Critical patches for Microsoft Windows, SharePoint, Exchange
For June 2023 Patch Tuesday, Microsoft has delivered 70 new patches but, for once, none of the fixed vulnerabilities are currently exploited by attackers nor were publicly known before today!
Microsoft has previously fixed CVE-2023-3079, a type confusion vulnerability in Chromium's V8 JavaScript engine, which was spotted being exploited by attackers to target Chrome users.
Since Microsoft's Edge browser is based on Chromium' open-source codebase, Microsoft pushed out a patch on June 6, and the accompanying advisory is out today.
Dustin Childs, head of threat awareness at Trend Micro Inc.'s Zero Day Initiative, has singled out CVE-2023-29357, a critical elevation of privilege vulnerability in Microsoft SharePoint Server 2019, as deserving express patching.
Three distinct vulnerabilities affecting the Windows Pragmatic General Multicast protocol installed with the message queuing service could allow a remote, unauthenticated attacker to execute code on an affected system and should be also patched quickly.
"Unlike past Microsoft Exchange Server flaws that were rated higher and did not require authentication, these vulnerabilities require an attacker to be authenticated. That said, attackers can still potentially exploit these flaws if they're able to obtain valid credentials, which is not as difficult as you'd expect."
News URL
https://www.helpnetsecurity.com/2023/06/13/june-2023-patch-tuesday/
Related news
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws (source)
- Microsoft cleans up hot mess of Patch Tuesday preview (source)
- Microsoft SharePoint RCE flaw exploits in the wild – you've had 3 months to patch (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws (source)
- Microsoft slips Task Manager and processor count fixes into Patch Tuesday (source)
- Patch Tuesday: Four Critical Vulnerabilities Paved Over (source)
- Progress urges admins to patch critical WhatsUp Gold bugs ASAP (source)
- Microsoft: Windows Recall now can be removed, is more secure (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-06-14 | CVE-2023-29357 | Unspecified vulnerability in Microsoft Sharepoint Server 2019 Microsoft SharePoint Server Elevation of Privilege Vulnerability | 9.8 |
2023-06-05 | CVE-2023-3079 | Type Confusion vulnerability in multiple products Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |