Skip to main content

Microsoft Releases June 2023 Security Updates

Scheduled updates for Microsoft products, including security updates for 6 critical vulnerabilities

Threat ID:
CC-4338
Threat Severity:
Information only
Published:
14 June 2023 4:30 PM
Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Scheduled updates for Microsoft products, including security updates for 6 critical vulnerabilities

Affected platforms

The following platforms are known to be affected:

Microsoft Office

 

.NET Core

Microsoft Edge

Microsoft Outlook

The following platforms are also known to be affected:

  • Microsoft Office SharePoint
  • Microsoft Office Excel
  • Microsoft Office OneNote
  • NET and Visual Studio
  • .NET Framework
  • ASP .NET
  • Azure DevOps
  • Microsoft Dynamics
  • Microsoft Exchange Server
  • Microsoft Power Apps
  • Microsoft Printer Drivers
  • Microsoft WDAC OLE DB provider for SQL
  • Microsoft Windows Codecs Library
  • NuGet Client
  • Remote Desktop Client
  • Role: DNS Server
  • SysInternals
  • Visual Studio
  • Visual Studio Code
  • Windows Authentication Methods
  • Windows Bus Filter Driver
  • Windows Cloud Files Mini Filter Driver
  • Windows Collaborative Translation Framework
  • Windows Container Manager Service
  • Windows CryptoAPI
  • Windows NTFS
  • Windows Group Policy
  • Windows DHCP Server
  • Windows GDI
  • Windows Geolocation Service
  • Windows Filtering
  • Windows iSCSI
  • Windows Hyper-V
  • Windows Installer
  • Windows Hello
  • Windows Kernel
  • Windows Win32K
  • Windows TPM Device Driver
  • Windows OLE
  • Windows Remote Procedure Call Runtime
  • Windows ODBC Driver
  • Windows Resilient File System (ReFS)
  • Windows PGM
  • Windows SMB
  • Windows Server Service

Threat details

Introduction

Microsoft has released security updates to address 73 vulnerabilities across their products, with 6 rated as critical. An unauthenticated, remote attacker could exploit some of these vulnerabilities to take control of an affected system.

Proof-of-concept code has been publicly disclosed

Proof-of-concept (PoC) code has been publicly disclosed for CVE-2023-33137, which is a Microsoft Excel remote code execution (RCE) vulnerability. Exploitation is considered more likely.

A PoC has been published for the privilege escalation vulnerability CVE-2023-29357 in SharePoint. If it was chained together with RCE vulnerability CVE-2023-24955, an attacker could combine the vulnerabilities to achieve unauthenticated remote code execution in SharePoint.

Threat updates

Date Update
3 Oct 2023 CVE-2023-24955 could be used in exploit chain with CVE-2023-29357 to achieve RCE

This cyber alert has been updated to reflect the possibility of CVE-2023-24955 being used in an exploit chain with CVE-2023-29357 to achieve unauthenticated RCE.
4 Jul 2023 PoC exploit code has been publicly disclosed for CVE-2023-33137

A public PoC has been released. This cyber alert has been updated to reflect this change.

Remediation advice

Affected organisations are encouraged to review Microsoft’s June 2023 Security Update Summary and Deployment Information and apply the relevant updates.

Last edited: 3 October 2023 2:43 pm