Security News > 2023 > June > June Patch Tuesday: VMware vuln under attack by Chinese spies, Microsoft kinda meh

June Patch Tuesday: VMware vuln under attack by Chinese spies, Microsoft kinda meh
2023-06-13 20:32

Microsoft has released security updates for 78 flaws for June's Patch Tuesday, and luckily for admins, none of these are under exploit.

CVE-2023-29357, a Microsoft SharePoint Server Elevation of Privilege Vulnerability, is one that Redmond lists as "Exploitation more likely." This may be because it, when chained with other bugs, was used to bypass authentication during March's Pwn2Own contest.

An attacker can use this vulnerability to gain admin privileges without any user interaction, according to Microsoft.

In other news we shine a light on VMware, which admits one of the bugs disclosed today is already being exploited by alleged Chinese spies, namely, a security update to fix an authentication bypass VMware Tools vulnerability that affects ESXi hypervisors, tracked as CVE-2023-20867.

According to Mandiant, a Chinese cyber espionage group that it tracks as UNC3886 found and exploited the flaw before VMware issued a patch.

Closing out the June patch party, Google released its Android security update earlier this month with fixes for 56 bugs.


News URL

https://go.theregister.com/feed/www.theregister.com/2023/06/13/june_patch_tuesday_vmware_vuln/

Related Vulnerability

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 382 52 1423 2927 176 4578
Vmware 148 11 224 258 101 594