Microsoft’s June Patch Tuesday Addresses 78 Vulnerabilities Including Critical SharePoint Bug

  • Microsoft’s June 2023 Patch Tuesday addresses a total of 78 security flaws, including a critical SharePoint Server bug (CVE-2023-29357) with a high CVSS rating of 9.8.
  • The patches also include fixes for vulnerabilities in the Windows Pragmatic General Multicast (PGM) component and Microsoft Exchange, highlighting the necessity for immediate updates to safeguard systems and networks.

In its latest Patch Tuesday for June 2023, Microsoft has rolled out fixes for 78 security flaws, which includes an alarming 38 remote code execution vulnerabilities. While Microsoft has not reported any of the vulnerabilities being actively exploited, the tech giant has specifically marked several as “more likely to be exploited”.

One vulnerability that has raised serious concerns is CVE-2023-29357, a “critical” bug in Microsoft SharePoint Server. This flaw could be exploited by an unauthenticated attacker who is on the same network. This particular SharePoint vulnerability has received a CVSS (Common Vulnerability Scoring System) rating of 9.8, nearing the maximum danger level of 10.0.

In addition to the SharePoint vulnerability, three other flaws were patched that also received a collective CVSS score of 9.8. These vulnerabilities are related to a component called Windows Pragmatic General Multicast (PGM), which is integral for delivering multicast data such as video streaming or online gaming. Security firm Action1 has reported that these bugs, designated as CVE-2023-32015, CVE-2023-32014, and CVE-2023-29363, can be exploited over the network without requiring any user interaction or privileges. Systems affected by these vulnerabilities include all versions of Windows Server 2008 and later, as well as Windows 10 and later.

Furthermore, Microsoft Exchange has not been spared in this round of Patch Tuesday. This month’s security updates have addressed vulnerabilities in Exchange that echo the ProxyNotShell exploits. The vulnerabilities, labeled as CVE-2023-32031 and CVE-2023-28310, allow an authenticated user on the network to exploit these flaws in Exchange and execute code on the server.

These fixes are particularly crucial for organizations that are still utilizing Microsoft Exchange for email. The Exchange vulnerabilities underscore the importance of regular patching and vigilant monitoring of organizational networks.

With the scope and scale of these vulnerabilities, especially the critical bug in SharePoint, it is imperative for organizations and individuals to promptly apply these patches to protect their systems and data.

Microsoft’s Patch Tuesday is a regular event, and organizations should be primed to respond swiftly to mitigate risks associated with these vulnerabilities. It is highly advisable for system administrators to review the patches and implement them as needed to ensure the security and integrity of their networks and systems.