Headline
Microsoft fixes six critical vulnerabilities in June Patch Tuesday
Categories: Exploits and vulnerabilities Categories: News Tags: Microsoft
Tags: patch Tuesday
Tags: CVE-2023-29357
Tags: CVE-2023-29363
Tags: CVE-2023-32014
Tags: CVE-2023-32015
Tags: CVE-2023-32013
Tags: CVE-2023-24897
Tags: CVE-2023-32031
Tags: SharePoint
Tags: PGM
Tags: Exchange
Tags: Hyper-V
Patch Tuesday of June 2023 is relatively relaxed. No actively exploited zero-days and only six critical vulnerabilities.
(Read more…)
The post Microsoft fixes six critical vulnerabilities in June Patch Tuesday appeared first on Malwarebytes Labs.
It’s that time of the month again: We’re looking at June’s Patch Tuesday roundup. Microsoft has released its monthly update, and compared to previous months, it’s actually not so bad. No actively exploited zero-days and only six critical vulnerabilities.
So, we’ll have the luxury of going over those in some more detail.
The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. The critical CVEs patched in these updates are:
CVE-2023-29357 (CVSS score: 9.8 out of 10): a Microsoft SharePoint Server Elevation of Privilege (EoP) vulnerability. Successful exploitation could provide an attacker with administrator privileges. For the exploitation, the attacker needs no privileges nor do they require user interaction.
The Microsoft advisory states:
“An attacker who has gained access to spoofed JWT authentication tokens can use them to execute a network attack which bypasses authentication and allows them to gain access to the privileges of an authenticated user.”
JWT is a token based stateless authentication mechanism. Basically, the identity provider generates a JWT that certifies the user identity and the resource server decodes and verifies the authenticity of the token by using secret salt or public key.
CVE-2023-29363 (CVSS score: 9.8 out of 10): a Windows Pragmatic General Multicast (PGM) Remote Code Execution (RCE) vulnerability.
PGM is a reliable and scalable multicast protocol that enables receivers to detect loss, request retransmission of lost data, or notify an application of unrecoverable loss. PGM is a receiver-reliable protocol, which means the receiver is responsible for ensuring all data is received, absolving the sender of reception responsibility. It is mainly used for delivering multicast data such as video streaming or online gaming.
CVE-2023-32014 (CVSS score: 9.8 out of 10): another PGM RCE vulnerability.
CVE-2023-32015 (CVSS score: 9.8 out of 10): another PGM RCE vulnerability.
For all the PGM vulnerabilities, Microsoft points out that: when Windows message queuing service is running in a PGM Server environment, an attacker could send a specially crafted file over the network to achieve remote code execution and attempt to trigger malicious code.
The Windows message queuing service, which is a Windows component, needs to be enabled for a system to be exploitable by this vulnerability. This feature can be added via the Control Panel. You can check to see if there is a service running named Message Queuing and TCP port 1801 is listening on the machine.
CVE-2023-32013 (CVSS score: 6.5 out of 10): a Windows Hyper-V Denial of Service (DoS) vulnerability. Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.
Hyper-V is Microsoft’s hardware virtualization product. It lets you create and run virtual machines, which are software emulations of a computer system.
CVE-2023-24897 (CVSS score: 7.8 out of 10): a .NET, .NET Framework, and Visual Studio Remote Code Execution (RCE) vulnerability. The word “Remote” refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE) because the attack itself is carried out locally.
I’d like to throw one important vulnerability in the mix because we expect to hear more about it, because it is, well, you know, Exchange.
CVE-2023-32031 (CVSS score: 8.8 out of 10): a Microsoft Exchange Server Remote Code Execution (RCE) vulnerability. An attacker could target the server accounts in an arbitrary or remote code execution. As an authenticated user, the attacker could attempt to trigger malicious code in the context of the server’s account through a network call.
This is typically a vulnerability that is used in a chained attack, because the attacker will need access to a vulnerable host in the network to gain the necessary authentication they need to successfully exploit this vulnerability.
Other vendors
Other vendors have synchronized their periodic updates with Microsoft. Here are few major ones that you may find in your environment.
- Cisco released security updates for several products
- Google released security updates for Google Chrome
- Google also released its Android June 2023 updates
- SAP has released its June 2023 Patch Day updates
- VMware released VMware ESXi updates
We don’t just report on vulnerabilities—we identify them, and prioritize action.
Cybersecurity risks should never spread beyond a headline. Keep vulnerabilities in tow by using Malwarebytes Vulnerability and Patch Management.
Related news
By Deeba Ahmed Critical Microsoft SharePoint Flaw Exploited: Patch Now, CISA Urges! This is a post from HackRead.com Read the original post: CISA Urges Patching Microsoft SharePoint Vulnerability (CVE-2023-24955)
This Metasploit module exploits two vulnerabilities in Sharepoint 2019 - an authentication bypass as noted in CVE-2023-29357 which was patched in June of 2023 and CVE-2023-24955 which was a remote command execution vulnerability patched in May of 2023. The authentication bypass allows attackers to impersonate the Sharepoint Admin user. This vulnerability stems from the signature validation check used to verify JSON Web Tokens (JWTs) used for OAuth authentication. If the signing algorithm of the user-provided JWT is set to none, SharePoint skips the signature validation step due to a logic flaw in the ReadTokenCore() method. After impersonating the administrator user, the attacker has access to the Sharepoint API and is able to exploit CVE-2023-24955. This authenticated remote command execution vulnerability leverages the impersonated privileged account to replace the /BusinessDataMetadataCatalog/BDCMetadata.bdcm file in the webroot directory with a payload. The payload is then compiled...
Hello everyone! It has been 3 months since the last episode. I spent most of this time improving my Vulristics project. So in this episode, let’s take a look at what’s been done. Alternative video link (for Russia): https://vk.com/video-149273431_456239139 Also, let’s take a look at the Microsoft Patch Tuesdays vulnerabilities, Linux Patch Wednesdays vulnerabilities and […]
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security vulnerability impacting Microsoft SharePoint Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The issue, tracked as CVE-2023-29357 (CVSS score: 9.8), is a privilege escalation flaw that could be exploited by an attacker to gain
A high-severity security flaw has been disclosed in the open-source OpenRefine data cleanup and transformation tool that could result in arbitrary code execution on affected systems. Tracked as CVE-2023-37476 (CVSS score: 7.8), the vulnerability is a Zip Slip vulnerability that could have adverse impacts when importing a specially crafted project in versions 3.7.3 and below. "Although OpenRefine
Plus: Microsoft fixes 78 vulnerabilities, VMWare plugs a flaw already used in attacks, and more critical updates from June.
Hello everyone! This episode will be about Microsoft Patch Tuesday for June 2023, including vulnerabilities that were added between May and June Patch Tuesdays. As usual, I use my open source Vulristics project to analyse and prioritize vulnerabilities. I took the comments about the vulnerabilities from the Qualys, Tenable, Rapid7, ZDI Patch Tuesday reviews. This time there […]
# Microsoft Security Advisory CVE-2023-24897: .NET Remote Code Execution Vulnerability ## <a name="executive-summary"></a>Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. This security update addresses a vulnerability in the MSDIA SDK where corrupted PDBs can cause heap overflow, leading to a crash or remove code execution ## Announcement Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/260 ### <a name="mitigation-factors"></a>Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. ## <a name="affected-software"></a>Affected software * Any .NET 7.0 application running on .NET 7.0.5 or earlier. * Any .NET 6.0 application running on .NET 6.0.16 or earlier. If your application uses the followin...
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
Microsoft Exchange Server Remote Code Execution Vulnerability
The June 2023 Patch Tuesday security update included fixes for a bypass for two previously addressed issues in Microsoft Exchange and a critical elevation of privilege flaw in SharePoint Server.
Microsoft has rolled out fixes for its Windows operating system and other software components to remediate major security shortcomings as part of Patch Tuesday updates for June 2023. Of the 73 flaws, six are rated Critical, 63 are rated Important, two are rated Moderated, and one is rated Low in severity. This also includes three issues the tech giant addressed in its Chromium-based Edge browser
Microsoft has rolled out fixes for its Windows operating system and other software components to remediate major security shortcomings as part of Patch Tuesday updates for June 2023. Of the 73 flaws, six are rated Critical, 63 are rated Important, two are rated Moderated, and one is rated Low in severity. This also includes three issues the tech giant addressed in its Chromium-based Edge browser
Microsoft has rolled out fixes for its Windows operating system and other software components to remediate major security shortcomings as part of Patch Tuesday updates for June 2023. Of the 73 flaws, six are rated Critical, 63 are rated Important, two are rated Moderated, and one is rated Low in severity. This also includes three issues the tech giant addressed in its Chromium-based Edge browser
Microsoft has rolled out fixes for its Windows operating system and other software components to remediate major security shortcomings as part of Patch Tuesday updates for June 2023. Of the 73 flaws, six are rated Critical, 63 are rated Important, two are rated Moderated, and one is rated Low in severity. This also includes three issues the tech giant addressed in its Chromium-based Edge browser
Microsoft has rolled out fixes for its Windows operating system and other software components to remediate major security shortcomings as part of Patch Tuesday updates for June 2023. Of the 73 flaws, six are rated Critical, 63 are rated Important, two are rated Moderated, and one is rated Low in severity. This also includes three issues the tech giant addressed in its Chromium-based Edge browser
Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
Microsoft SharePoint Server Elevation of Privilege Vulnerability
Windows Hyper-V Denial of Service Vulnerability
Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
Microsoft Corp. today released software updates to fix dozens of security vulnerabilities in its Windows operating systems and other software. This month's relatively light patch load has another added bonus for system administrators everywhere: It appears to be the first Patch Tuesday since March 2022 that isn't marred by the active exploitation of a zero-day vulnerability in Microsoft's products.
Microsoft Corp. today released software updates to fix dozens of security vulnerabilities in its Windows operating systems and other software. This month's relatively light patch load has another added bonus for system administrators everywhere: It appears to be the first Patch Tuesday since March 2022 that isn't marred by the active exploitation of a zero-day vulnerability in Microsoft's products.
Microsoft Corp. today released software updates to fix dozens of security vulnerabilities in its Windows operating systems and other software. This month's relatively light patch load has another added bonus for system administrators everywhere: It appears to be the first Patch Tuesday since March 2022 that isn't marred by the active exploitation of a zero-day vulnerability in Microsoft's products.
Microsoft Corp. today released software updates to fix dozens of security vulnerabilities in its Windows operating systems and other software. This month's relatively light patch load has another added bonus for system administrators everywhere: It appears to be the first Patch Tuesday since March 2022 that isn't marred by the active exploitation of a zero-day vulnerability in Microsoft's products.
Microsoft Corp. today released software updates to fix dozens of security vulnerabilities in its Windows operating systems and other software. This month's relatively light patch load has another added bonus for system administrators everywhere: It appears to be the first Patch Tuesday since March 2022 that isn't marred by the active exploitation of a zero-day vulnerability in Microsoft's products.
For the first time in four months, none of the vulnerabilities Microsoft disclosed this Patch Tuesday have been exploited in the wild.
For the first time in four months, none of the vulnerabilities Microsoft disclosed this Patch Tuesday have been exploited in the wild.
For the first time in four months, none of the vulnerabilities Microsoft disclosed this Patch Tuesday have been exploited in the wild.
For the first time in four months, none of the vulnerabilities Microsoft disclosed this Patch Tuesday have been exploited in the wild.
For the first time in four months, none of the vulnerabilities Microsoft disclosed this Patch Tuesday have been exploited in the wild.