Microsoft June 2023 Patch Tuesday fixes 78 flaws, 38 RCE bugs

Gandalf_The_Grey

Gandalf_The_Grey

Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,278
Content source
https://www.bleepingcomputer.com/news/microsoft/microsoft-june-2023-patch-tuesday-fixes-78-flaws-38-rce-bugs/
Today is Microsoft's June 2023 Patch Tuesday, with security updates for 78 flaws, including 38 remote code execution vulnerabilities.

While thirty-eight RCE bugs were fixed, Microsoft only listed six flaws as 'Critical,' including denial of service attacks, remote code execution, and privilege elevation.

The number of bugs in each vulnerability category is listed below:
  • 17 Elevation of Privilege Vulnerabilities
  • 3 Security Feature Bypass Vulnerabilities
  • 32 Remote Code Execution Vulnerabilities
  • 5 Information Disclosure Vulnerabilities
  • 10 Denial of Service Vulnerabilities
  • 10 Spoofing Vulnerabilities
  • 1 Edge - Chromium Vulnerabilities
This list does not include sixteen Microsoft Edge vulnerabilities previously fixed on June 2nd, 2023.

This Patch Tuesday does not fix any zero-day vulnerabilities or actively exploited bugs, relieving some of the pressure usually felt by Windows admins during this day.
Click to expand...
www.bleepingcomputer.com

Microsoft June 2023 Patch Tuesday fixes 78 flaws, 38 RCE bugs

Today is Microsoft's June 2023 Patch Tuesday, with security updates for 78 flaws, including 38 remote code execution vulnerabilities.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
  • +Reputation
  • Thanks
Reactions: Berny, Nevi, Zero Knowledge and 9 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,278
ZDI: The June 2023 Security Update Review
It’s the second Tuesday of the month, which means Adobe and Microsoft have released their latest security patches. Take a break from your regularly scheduled activities and join us as we review the details of their latest advisories. If you’d rather watch the video recap, check out the Patch Report webcast on our YouTube channel. It should be posted within a couple of hours after the release.

Adobe Patches for June 2023

For June, Adobe released four patches addressing 18 CVEs in Adobe Commerce, Substance 3D Designer, Adobe Animate, and Experience Manager. The bug in Substance 3D Designer was found by ZDI researcher Mat Powell and could lead to arbitrary code execution when opening a specially crafted file. The patch for Commerce is the largest this month with a dozen total fixes. Most of these are Important or Moderate rated Security Feature Bypasses (SFB), but there is a lone Critical-rate code execution bug in there as well. The fix for Adobe Animate also addresses a lone code execution bug. The patch for Experience Manager fixes four bugs, but none are Critical. There are three Important-rated cross-site scripting (XSS) bugs getting fixes plus one more SFB.

None of the bugs fixed by Adobe this month are listed as publicly known or under active attack at the time of release. Adobe categorizes these updates as a deployment priority rating of 3.

Microsoft Patches for June 2023

This month, Microsoft released 69 new patches addressing CVES in Microsoft Windows and Windows Components; Office and Office Components; Exchange Server; Microsoft Edge (Chromium-based); SharePoint Server; .NET and Visual Studio; Microsoft Teams; Azure DevOps; Microsoft Dynamics; and the Remote Desktop Client. This is in addition to 25 CVEs that were previously released by third parties and are now being documented in the Security Updates Guide.

A total of five of these bugs were submitted through the ZDI program. This includes fixes for some of the bugs submitted at the Pwn2Own Vancouver contest. The SharePoint and local privilege escalations should be addressed with these fixes. However, we’re still awaiting the fixes for the Teams bugs demonstrated during the competition.

Of the new patches released today, six are rated Critical, 62 are rated Important, and one is rated Moderate in severity. This volume of fixes is slighter larger than the typical number of fixes for June, but not extraordinarily so. July tends to be a larger month as it is the last patch Tuesday before the Black Hat USA conference. It will be interesting to see if this trend continues.

None of the CVEs released today are listed as being publicly known or under active attack at the time of release.
Click to expand...
The next Patch Tuesday will be on July 11, and we’ll return with details and patch analysis then. Be sure to catch the Patch Report webcast on our YouTube channel. It should be posted in just a few hours. Until then, stay safe, happy patching, and may all your reboots be smooth and clean!
Click to expand...
www.zerodayinitiative.com

Zero Day Initiative — The June 2023 Security Update Review

It’s the second Tuesday of the month, which means Adobe and Microsoft have released their latest security patches. Take a break from your regularly scheduled activities and join us as we review the details of their latest advisories. If you’d rather watch the video recap, check out the Patch Report
www.zerodayinitiative.com www.zerodayinitiative.com
 
  • Like
Reactions: Berny, Nevi, Zero Knowledge and 8 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,278
Ghacks: The Windows June 2023 security patches are here and address these issues
It is the second Tuesday of the month, and that means that Microsoft has released security updates for the Windows operating system, Microsoft Office and other company products.

The Windows updates are available already and will be distributed on most Home systems via Windows Updates. System administrators may expedite the installation of the security updates.

The monthly overview offers information about the released updates. System administrators and home users alike may use the resource as an overview of the Patch Day. It lists all major update releases for Windows, links to support pages and direct downloads, lists all known issues confirmed by Microsoft, and more.

Microsoft released a fix for a Kernel vulnerability, but the mitigation is not enabled. It affects Windows 10 versions 1607, 1809, 20H2, 21H2 and 22H2, Windows 11 version 21H2 and 22H2, and Windows Server 2022. Instructions on enabling the fix are available here. Administrators need to set a Registry key to enable it. Microsoft has not provided a reason yet that explains why the fix is not enabled by default.
Click to expand...
You can download the following Excel spreadsheet. It lists the released security updates of the May 2023 Microsoft Patch Day. Click on the following link to download it: microsoft windows security updates june 2023

Executive Summary​

  • Microsoft released security updates for all supported client and server versions of Windows. The company has released patches for a total of 73 CVEs for Microsoft products and 22 CVEs for non-Microsoft products.
  • Windows 10 version 21H2 has reached end of servicing today. No future updates will be released for the Home, Pro, Pro Education and Pro for Workstations editions of that version of Windows 10. Devices should be updated to Windows 10 version 22H2, which continues to be supported.
  • The following Windows client version have known issues: Windows 10 version 21H2 and 22H2, Windows 11 version 21H2 and 22H2
  • The following Windows server versions have known issues: Windows Server 2008, Windows Server 2008 R2, Windows Server 2019 and 2022.
Click to expand...
www.ghacks.net

The Windows June 2023 security patches are here and address these issues - gHacks Tech News

It is the second Tuesday of the month, and that means that Microsoft has released security updates for the Windows operating system, Microsoft Office and other company products.
www.ghacks.net
 
  • Like
Reactions: Berny, Sorrento, Nevi and 9 others
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • +Reputation
    • Hundred Points
Security News Microsoft June 2024 Patch Tuesday fixes 51 flaws, 18 RCEs
Replies
6
Views
2,209
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Like
    • +Reputation
Security News Microsoft September 2024 Patch Tuesday fixes 4 zero-days, 79 flaws
Replies
2
Views
1,404
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Like
    • +Reputation
Security News Microsoft August 2024 Patch Tuesday fixes 9 zero-days, 6 exploited
Replies
3
Views
2,188
Security News
Brahman
Brahman

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top