Security News > 2023 > June > June Patch Tuesday: VMware vuln under attack by Chinese spies, Microsoft kinda meh
Microsoft has released security updates for 78 flaws for June's Patch Tuesday, and luckily for admins, none of these are under exploit.
CVE-2023-29357, a Microsoft SharePoint Server Elevation of Privilege Vulnerability, is one that Redmond lists as "Exploitation more likely." This may be because it, when chained with other bugs, was used to bypass authentication during March's Pwn2Own contest.
An attacker can use this vulnerability to gain admin privileges without any user interaction, according to Microsoft.
In other news we shine a light on VMware, which admits one of the bugs disclosed today is already being exploited by alleged Chinese spies, namely, a security update to fix an authentication bypass VMware Tools vulnerability that affects ESXi hypervisors, tracked as CVE-2023-20867.
According to Mandiant, a Chinese cyber espionage group that it tracks as UNC3886 found and exploited the flaw before VMware issued a patch.
Closing out the June patch party, Google released its Android security update earlier this month with fixes for 56 bugs.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/06/13/june_patch_tuesday_vmware_vuln/
Related news
- Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws (source)
- February's Patch Tuesday sees Microsoft offer just 63 fixes (source)
- Microsoft’s Patch Tuesday Fixes 63 Flaws, Including Two Under Active Exploitation (source)
- Patch Tuesday: Microsoft Patches Two Actively Exploited Zero-Day Flaws (source)
- Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws (source)
- Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days (source)
- April 2025 Patch Tuesday forecast: More AI security introduced by Microsoft (source)
- February 2025 Patch Tuesday forecast: New directions for AI development (source)
- Microsoft Uncovers Sandworm Subgroup's Global Cyber Attacks Spanning 15+ Countries (source)
- RA World Ransomware Attack in South Asia Links to Chinese Espionage Toolset (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-14 | CVE-2023-29357 | Unspecified vulnerability in Microsoft Sharepoint Server 2019 Microsoft SharePoint Server Elevation of Privilege Vulnerability | 9.8 |
| 2023-06-13 | CVE-2023-20867 | A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine. | 3.9 |