Patch Tuesday June 2023 – 78 Flaws and 38 RCE Bugs Fixed – Source: heimdalsecurity.com

As per usual, Microsoft rolled out its monthly updates on the second Tuesday of the month. 78 flaws, including 38 remote code execution vulnerabilities were fixed as part of this edition of Patch Tuesday.

Microsoft only rated six problems as “Critical,” including denial of service attacks, remote code execution, and privilege elevation, even though 38 RCE bugs were addressed.

Patch Tuesday June 2023 – Highlights

While there are no zero-day vulnerabilities being fixed as part of this month’s Patch Tuesday, there are some highlights worth mentioning:

The first one is CVE-2023-29357, which is an Elevation of Privilege vulnerability that affects Microsoft SharePoint Server. If successfully exploited, the attacker could gain administrator privileges.

An attacker who has gained access to spoofed JWT authentication tokens can use them to execute a network attack which bypasses authentication and allows them to gain access to the privileges of an authenticated user.

Microsoft Release Notes for Patch Tuesday June 2023 (Source)

Microsoft claims that the flaw is being actively used, although they provide no information on how.

Another notable vulnerability fixed by Microsoft is CVE-2023-32031, which is a Microsoft Exchange vulnerability that allows authenticated, remote code execution.

The attacker for this vulnerability could target the server accounts in an arbitrary or remote code execution. As an authenticated user, the attacker could attempt to trigger malicious code in the context of the server’s account through a network call,

Microsoft Release Notes for Patch Tuesday June 2023 (Source)

Microsoft has also made a number of modifications to Microsoft Office, allowing threat actors to execute remote code using Excel and OneNote documents that have been intentionally created. These vulnerabilities are tracked as:

• CVE-2023-33133 (Excel)
• CVE-2023-33137 (Excel)
• CVE-2023-33140 (OneNote)
• CVE-2023-33131 (Outlook)

Cybersecurity Advice to Keep You Safe

To view the extended list of vulnerabilities fixed this month, you can check out the table. If you want to reinforce your threat defenses and take your vulnerability and patch management game to the next level, you can take into consideration the following advice:

• Continuous Vulnerability Scanning: Make sure to create a schedule for effective vulnerability scanning. The ideal procedure requires that scanning be done at least once a month. Do not neglect to record your results.
• Revert to Previous Builds/Versions: Patching is a trial-and-error process, meaning that if something is going to happen, you should always have on hand viable backups to revert the apps to a previous version or build.
• Automate Your Patch Management Practices: In today’s ever-evolving threat landscape, manual patching does not cut it anymore, especially for companies with a larger number of endpoints that need to be constantly updated. An automatic patching solution can save your company not only a lot of time but also resources and money. No matter if your patches are OS-specific, third-party, proprietary, or UX/UI-focused, Heimdal®’s Patch & Asset Management can help you distribute them rapidly.

Conclusion

This wraps up the June edition of Heimdal®’s Patch Tuesday series. Be sure to check out other articles available on our blog and resources available on our website to elevate your cybersecurity game!

If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.