June 2023
-
Today marks the release of the June 2023 patch Tuesday. Please feel free to use this thread to highlight any issues with patching or to request assistance with your deployments.
Todays patches includes fixes for the following vulnerabilities:
CVE-2023-29357 CVSS 9.8/8.5 - SharePoint Elevation of Privilege Vulnerability - Attacker with access to a spoofed JWT auth token can use it to execute an attack to bypass authentication and gain access of an authenticated user. This bug has been reported as being actively exploited.CVE-2023-32031 | CVSS 8.8/7.7 - Exchange RCE Vulnerability - This bug allows an authenticated to use attempt triggering malicious code in the context of the server account via network calls.
Additionally Outlook and OneNote both have RCE issues.
CVE-2023-33131 | CVSS 8.8/7.7 - Outlook - An attacker can send a specially crafted file to a user and convince them to click/open the file. This exploit can also be performed using links sent to the user (if they click them)CVE-2023-33140 | CVSS 6.5/5.7 - OneNote - This RCE requires a specially crafted file to be uploaded, and the user to click on a specially crafted URL.
In total there are 78 bugs/vulnerabilities that have been fixed today. They are in the following categories:
- 32 RCE
- 17 Elevation of Privilege
- 10 Spoofing
- 10 DoS
- 5 Information Disclosure
- 3 Security Feature Bypass
- 1 MS Edge Chrome
There are no zero day bugs in this release, and only one that has been noted to be actively exploited, but the details of the exploit have not been revealed.
For the full list and details you can check the Microsoft MSRC release notes
Details added by: tankerkiller125
-
My computer self-updated to the latest patch just now, so far I haven't encountered any issues yet with any of my apps. I know one of the things updated was ODBC and we have several apps that use that and they aren't experiencing any issues either.