Security News > 2023 > June > June Patch Tuesday: VMware vuln under attack by Chinese spies, Microsoft kinda meh
Microsoft has released security updates for 78 flaws for June's Patch Tuesday, and luckily for admins, none of these are under exploit.
CVE-2023-29357, a Microsoft SharePoint Server Elevation of Privilege Vulnerability, is one that Redmond lists as "Exploitation more likely." This may be because it, when chained with other bugs, was used to bypass authentication during March's Pwn2Own contest.
An attacker can use this vulnerability to gain admin privileges without any user interaction, according to Microsoft.
In other news we shine a light on VMware, which admits one of the bugs disclosed today is already being exploited by alleged Chinese spies, namely, a security update to fix an authentication bypass VMware Tools vulnerability that affects ESXi hypervisors, tracked as CVE-2023-20867.
According to Mandiant, a Chinese cyber espionage group that it tracks as UNC3886 found and exploited the flaw before VMware issued a patch.
Closing out the June patch party, Google released its Android security update earlier this month with fixes for 56 bugs.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/06/13/june_patch_tuesday_vmware_vuln/
Related news
- Microsoft May 2025 Patch Tuesday fixes 5 exploited zero-days, 72 flaws (source)
- Patch Tuesday: Microsoft fixes 5 actively exploited zero-days (source)
- Microsoft's May Patch Tuesday update fails on some Windows 11 VMs (source)
- Microsoft pitches pay-to-patch reboot reduction subscription for Windows Server 2025 (source)
- Chinese Hackers Abuse IPv6 SLAAC for AitM Attacks via Spellbinder Lateral Movement Tool (source)
- US indicts Black Kingdom ransomware admin for Microsoft Exchange attacks (source)
- SonicWall urges admins to patch VPN flaw exploited in attacks (source)
- May 2025 Patch Tuesday forecast: Panic, change, and hope (source)
- Chinese hackers behind attacks targeting SAP NetWeaver servers (source)
- Week in review: The impact of a CVE-free future on cyber defense, Patch Tuesday forecast (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-14 | CVE-2023-29357 | Unspecified vulnerability in Microsoft Sharepoint Server 2019 Microsoft SharePoint Server Elevation of Privilege Vulnerability | 9.8 |
| 2023-06-13 | CVE-2023-20867 | A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine. | 3.9 |