Security News > 2023 > June > June Patch Tuesday: VMware vuln under attack by Chinese spies, Microsoft kinda meh
Microsoft has released security updates for 78 flaws for June's Patch Tuesday, and luckily for admins, none of these are under exploit.
CVE-2023-29357, a Microsoft SharePoint Server Elevation of Privilege Vulnerability, is one that Redmond lists as "Exploitation more likely." This may be because it, when chained with other bugs, was used to bypass authentication during March's Pwn2Own contest.
An attacker can use this vulnerability to gain admin privileges without any user interaction, according to Microsoft.
In other news we shine a light on VMware, which admits one of the bugs disclosed today is already being exploited by alleged Chinese spies, namely, a security update to fix an authentication bypass VMware Tools vulnerability that affects ESXi hypervisors, tracked as CVE-2023-20867.
According to Mandiant, a Chinese cyber espionage group that it tracks as UNC3886 found and exploited the flaw before VMware issued a patch.
Closing out the June patch party, Google released its Android security update earlier this month with fixes for 56 bugs.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/06/13/june_patch_tuesday_vmware_vuln/
Related news
- Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws (source)
- Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days (source)
- April 2025 Patch Tuesday forecast: More AI security introduced by Microsoft (source)
- Microsoft April 2025 Patch Tuesday fixes exploited zero-day, 134 flaws (source)
- Patch Tuesday: Microsoft Fixes 134 Vulnerabilities, Including 1 Zero-Day (source)
- New ClickFix attack deploys Havoc C2 via Microsoft Sharepoint (source)
- Broadcom fixes three VMware zero-days exploited in attacks (source)
- Feds name and charge alleged Silk Typhoon spies behind years of China-on-US attacks (source)
- Over 37,000 VMware ESXi servers vulnerable to ongoing attacks (source)
- March 2025 Patch Tuesday forecast: A return to normalcy (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-14 | CVE-2023-29357 | Unspecified vulnerability in Microsoft Sharepoint Server 2019 Microsoft SharePoint Server Elevation of Privilege Vulnerability | 9.8 |
| 2023-06-13 | CVE-2023-20867 | A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine. | 3.9 |