- 135/2023
- Critical
Microsoft has released its monthly patch of security updates, known as Patch Tuesday.
Microsoft has fixed (78) vulnerabilities, with (6) classified as critical as they could allow the attacker to perform denial of service attacks, remote code execution, and privilege elevation on the affected products.
June’s Patch Tuesday was released to fix security flaws in some products such as Microsoft .NET Framework, Microsoft Edge (Chromium-based), Visual Studio Code, Microsoft Office Online Server, Windows 10 Version 1809 for ARM64-based Systems, Windows Server 2019, Microsoft SharePoint Server 2019, Microsoft Office 2019 and Microsoft Power Apps.
Sample of the addressed vulnerabilities:
1. Microsoft SharePoint Server Elevation of Privilege Vulnerability (CVE-2023-29357):
- CVSS: 9.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Privileges
2. Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2023- 32031):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Access
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.