Get in Touch
Patch Tuesday – June 2023
Target Industry
Indiscriminate, opportunistic targeting.
Overview
Microsoft Patch Tuesday for June 2023: Five critical-level flaws, including 38 remote code execution (RCE) vulnerabilities, were part of a total of 78 security flaws addressed by Microsoft.
Of note, the three critical flaws of:
pertain to the Windows Pragmatic General Multicast (PGM) server and have received a CVSSv3 score of 9.8.
Another critical-level vulnerability tracked as CVE-2023-29357 (CVSSv3 Score – 9.9) was disclosed relating to an elevation of privilege in the Microsoft SharePoint Server.
Noteworthy in terms of the high-level severity vulnerabilities are:
CVE-2023-28310(CVSSv3 Score – 8.0): Microsoft Exchange Server remote code execution vulnerability
CVE-2023-29358 (CVSSv3 Score – 7.8): Windows GDI elevation of privilege vulnerability
CVE-2023-29361 (CVSSv3 Score – 7.0): Windows cloud files mini filter driver elevation of privilege vulnerability
CVE-2023-32031 (CVSSv3 Score – 8.8): Microsoft Exchange Server remote code execution vulnerability
CVE-2023-29371 (CVSSv3 Score – 7.8): Windows GDI elevation of privilege vulnerability.
A medium-level severity vulnerability of note is that of CVE-2023-29352: Windows remote desktop security feature bypass vulnerability.
A complete list of the disclosed security vulnerabilities can be found in the Microsoft Security Update Guide.
Impact
Successful exploitation of CVE-2023-29363, CVE-2023-32014 or CVE-2023-32015 could allow a threat actor to send a specially crafted file over the network to achieve RCE capabilities
Successful exploitation of CVE-2023-29357 could allow threat actors to spoof the JSON Web Token [JWT] authentication tokens and use them to execute a network attack that bypasses the authentication and allows for the access to the privileges of an authenticated user
Successful exploitation of CVE-2023-28310 could allow an unauthenticated threat actor on the same intranet as the Exchange Server to achieve RCE capabilities via a PowerShell remote session
Successful exploitation of CVE-2023-29358 could allow a threat actor to gain SYSTEM privileges
Successful exploitation of CVE-2023-29361 could allow a threat actor to gain SYSTEM privileges if a use-after-free issue is abused in the Windows Cloud Files Mini Filter Driver
Successful exploitation of CVE-2023-32031 could allow a threat actor to target the server accounts in an arbitrary or RCE
Successful exploitation of CVE-2023-29371 could allow a threat actor to modify a curve without updating the cCurves values, which leads to an out-of-bounds write ability, ultimately providing system privileges
Successful exploitation of CVE-2023-29352 could allow a threat actor to bypass certificate validation during a remote desktop connection by creating a validly signed “.RDP” file to bypass warning prompts when executed
Vulnerability Detection
Security patches for these vulnerabilities have been released by Microsoft. Previous product versions therefore remain vulnerable to potential exploitation.
Affected Products
A full list of the affected products pertaining to the June 2023 Patch Tuesday can be found in the Microsoft Patch Tuesday June 2023 Security Updates.
Containment, Mitigations & Remediations
It is strongly recommended that the relevant security patches are applied to the respective Microsoft products as soon as possible. The patches can be found directly in the Microsoft Patch Tuesday June 2023 Security Updates.
Threat Landscape
Last month, Microsoft published remediations for 38 security flaws in the May 2023 Patch Tuesday release, including three zero-day vulnerabilities. Moving into the June disclosure, leading attack vectors continue to be those of RCE and privilege escalation (accounting for a combined 62.8% of patched vulnerabilities). Further, information disclosure, denial of service and spoofing vulnerabilities cases continue to account for a similar proportion of reported security flaws, compared to May 2023.
For the first time in four months, none of the vulnerabilities Microsoft disclosed in the June 2023 Patch Tuesday have been exploited in the wild.
Threat Group
No attribution to specific threat actors or groups has been identified at the time of writing.
Mitre Methodologies
Tactics:
TA0002– Execution
TA0004 – Privilege Escalation
Further Information
Microsoft Security Update Guide