Home / Threat Intelligence bulletins / Patch Tuesday - June 2023

Target Industry

Indiscriminate, opportunistic targeting.


Microsoft Patch Tuesday for June 2023: Five critical-level flaws, including 38 remote code execution (RCE) vulnerabilities, were part of a total of 78 security flaws addressed by Microsoft.

Of note, the three critical flaws of:




pertain to the Windows Pragmatic General Multicast (PGM) server and have received a CVSSv3 score of 9.8.

Another critical-level vulnerability tracked as CVE-2023-29357 (CVSSv3 Score – 9.9) was disclosed relating to an elevation of privilege in the Microsoft SharePoint Server.


Noteworthy in terms of the high-level severity vulnerabilities are:

CVE-2023-28310(CVSSv3 Score – 8.0): Microsoft Exchange Server remote code execution vulnerability

CVE-2023-29358 (CVSSv3 Score – 7.8): Windows GDI elevation of privilege vulnerability

CVE-2023-29361 (CVSSv3 Score – 7.0): Windows cloud files mini filter driver elevation of privilege vulnerability

CVE-2023-32031 (CVSSv3 Score – 8.8): Microsoft Exchange Server remote code execution vulnerability

CVE-2023-29371 (CVSSv3 Score – 7.8): Windows GDI elevation of privilege vulnerability.

A medium-level severity vulnerability of note is that of CVE-2023-29352: Windows remote desktop security feature bypass vulnerability.

A complete list of the disclosed security vulnerabilities can be found in the Microsoft Security Update Guide.


Successful exploitation of CVE-2023-29363, CVE-2023-32014 or CVE-2023-32015 could allow a threat actor to send a specially crafted file over the network to achieve RCE capabilities

Successful exploitation of CVE-2023-29357 could allow threat actors to spoof the JSON Web Token [JWT] authentication tokens and use them to execute a network attack that bypasses the authentication and allows for the access to the privileges of an authenticated user

Successful exploitation of CVE-2023-28310 could allow an unauthenticated threat actor on the same intranet as the Exchange Server to achieve RCE capabilities via a PowerShell remote session

Successful exploitation of CVE-2023-29358 could allow a threat actor to gain SYSTEM privileges

Successful exploitation of CVE-2023-29361 could allow a threat actor to gain SYSTEM privileges if a use-after-free issue is abused in the Windows Cloud Files Mini Filter Driver

Successful exploitation of CVE-2023-32031 could allow a threat actor to target the server accounts in an arbitrary or RCE

Successful exploitation of CVE-2023-29371 could allow a threat actor to modify a curve without updating the cCurves values, which leads to an out-of-bounds write ability, ultimately providing system privileges

Successful exploitation of CVE-2023-29352 could allow a threat actor to bypass certificate validation during a remote desktop connection by creating a validly signed “.RDP” file to bypass warning prompts when executed

Vulnerability Detection

Security patches for these vulnerabilities have been released by Microsoft. Previous product versions therefore remain vulnerable to potential exploitation.

Affected Products

A full list of the affected products pertaining to the June 2023 Patch Tuesday can be found in the Microsoft Patch Tuesday June 2023 Security Updates.

Containment, Mitigations & Remediations

It is strongly recommended that the relevant security patches are applied to the respective Microsoft products as soon as possible. The patches can be found directly in the Microsoft Patch Tuesday June 2023 Security Updates.

Threat Landscape

Last month, Microsoft published remediations for 38 security flaws in the May 2023 Patch Tuesday release, including three zero-day vulnerabilities. Moving into the June disclosure, leading attack vectors continue to be those of RCE and privilege escalation (accounting for a combined 62.8% of patched vulnerabilities). Further, information disclosure, denial of service and spoofing vulnerabilities cases continue to account for a similar proportion of reported security flaws, compared to May 2023.

For the first time in four months, none of the vulnerabilities Microsoft disclosed in the June 2023 Patch Tuesday have been exploited in the wild.

Threat Group

No attribution to specific threat actors or groups has been identified at the time of writing.

Mitre Methodologies


TA0002– Execution

TA0004 – Privilege Escalation

Further Information

Microsoft Security Update Guide


Intelligence Terminology Yardstick