Clement Brako Akomea Table of Contents
June 2023 Patch Tuesday: In its latest Patch Tuesday security update for June 2023, Microsoft has addressed a total of 69 vulnerabilities across its suite of products and software.
Among these fixes, some flaws were initially reported to the Zero Day Institute during the Pwn2Own competition held earlier this year in Vancouver.
Key Takeaways on June 2023 Patch Tuesday
- The update covers critical and important vulnerabilities, with six critical bugs and 62 important ones being addressed this month.
- No zero-day vulnerabilities, which are already under active attack, were disclosed by Microsoft this time.
- The security patches address issues in Microsoft Windows and Windows Components, Office and Office Components, Exchange Server, Microsoft Edge (Chromium), SharePoint Server, .NET, Visual Studio, Microsoft Teams, Azure DevOps, Microsoft Dynamics, and the Remote Desktop Client.
Critical SharePoint Server Vulnerability and Recommended Mitigation
One of the critical vulnerabilities identified is an elevation of privilege flaw in Microsoft SharePoint Server (CVE-2023-29357).
This bug was successfully exploited during the Pwn2Own competition, allowing potential attackers to gain administrator privileges on affected SharePoint Server versions by leveraging spoofed JSON Web Token (JWT) authentication tokens.
To mitigate this vulnerability, Microsoft recommends enabling the AMSI feature and promptly deploying the security update.
Critical Remote Code Execution Vulnerabilities in Windows Pragmatic General Multicast (PGM) Server Environment
Three critical remote code execution vulnerabilities have been addressed in the Windows Pragmatic General Multicast (PGM) server environment.
These vulnerabilities, namely CVE-2023-20363, CVE-2023-32014, and CVE-2023-32015, all carry a base severity score of 9.8. Although PGM is not enabled by default, many organizations have it in their environment for reliable multicast data delivery.
Exploiting these flaws could allow remote, unauthenticated attackers to execute malicious code in Windows PGM server environments running the Windows message queuing service.
Administrators are advised to check if the Message Queuing service is running on TCP port 1801 and disable it if unnecessary while keeping in mind that mitigations are not a substitute for patching.
Other Critical Vulnerabilities Worth Prioritizing
Two other critical vulnerabilities that should be prioritized are a remote code execution flaw affecting .NET, .NET Framework, and Visual Studio (CVE-2023-24897), and a denial-of-service vulnerability in Windows Hyper-V (CVE-2023-32013).
“More Likely” Exploited Vulnerabilities
Several vulnerabilities are considered “more likely” to be exploited, demanding prompt attention.
For instance, a remote code execution vulnerability in Microsoft Exchange Server (CVE-2023-28310) could enable an authenticated attacker on the same intranet as the Exchange Server to execute code through a PowerShell remote session.
Another remote code execution flaw in Exchange (CVE-2023-32031) allows authenticated attackers on the Exchange server to execute malicious code with SYSTEM privileges.
Organizations are advised to address these vulnerabilities swiftly to prevent potential abuse and unauthorized access.
Elevation of Privilege Vulnerabilities
Two elevations of privilege vulnerabilities have been identified—one in the Windows graphics device interface (GDI) and another in the Windows Win32k kernel driver.
Exploiting these vulnerabilities grants attackers SYSTEM privileges, underscoring the importance of timely patching to prevent unauthorized access and potential misuse.
Conclusion
Microsoft’s June 2023 Patch Tuesday emphasizes the remediation of critical vulnerabilities across its product range.
It is crucial for organizations to prioritize the installation of these patches, especially for critical and “more likely” exploited vulnerabilities. By promptly addressing these
