Security News > 2023 > June > June 2023 Patch Tuesday: Critical patches for Microsoft Windows, SharePoint, Exchange
For June 2023 Patch Tuesday, Microsoft has delivered 70 new patches but, for once, none of the fixed vulnerabilities are currently exploited by attackers nor were publicly known before today!
Microsoft has previously fixed CVE-2023-3079, a type confusion vulnerability in Chromium's V8 JavaScript engine, which was spotted being exploited by attackers to target Chrome users.
Since Microsoft's Edge browser is based on Chromium' open-source codebase, Microsoft pushed out a patch on June 6, and the accompanying advisory is out today.
Dustin Childs, head of threat awareness at Trend Micro Inc.'s Zero Day Initiative, has singled out CVE-2023-29357, a critical elevation of privilege vulnerability in Microsoft SharePoint Server 2019, as deserving express patching.
Three distinct vulnerabilities affecting the Windows Pragmatic General Multicast protocol installed with the message queuing service could allow a remote, unauthenticated attacker to execute code on an affected system and should be also patched quickly.
"Unlike past Microsoft Exchange Server flaws that were rated higher and did not require authentication, these vulnerabilities require an attacker to be authenticated. That said, attackers can still potentially exploit these flaws if they're able to obtain valid credentials, which is not as difficult as you'd expect."
News URL
https://www.helpnetsecurity.com/2023/06/13/june-2023-patch-tuesday/
Related news
- Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955) (source)
- April 2024 Patch Tuesday forecast: New and old from Microsoft (source)
- Microsoft April 2024 Patch Tuesday fixes 150 security flaws, 67 RCEs (source)
- Microsoft again bothers Chrome users with Bing popup ads in Windows (source)
- Microsoft announces deprecation of 1024-bit RSA keys in Windows (source)
- Microsoft confirms Windows Server issue behind domain controller crashes (source)
- Microsoft releases emergency fix for Windows Server crashes (source)
- Microsoft confirms memory leak in March Windows Server security update (source)
- 17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns (source)
- Germany warns of 17K vulnerable Microsoft Exchange servers exposed online (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-06-14 | CVE-2023-29357 | Unspecified vulnerability in Microsoft Sharepoint Server 2019 Microsoft SharePoint Server Elevation of Privilege Vulnerability | 9.8 |
2023-06-05 | CVE-2023-3079 | Type Confusion vulnerability in multiple products Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |