Microsoft Patch Tuesday, June 2023 Security Update Review

Microsoft has released June’s edition of Patch Tuesday! This installment of security updates addressed 94 security vulnerabilities in various products, features, and roles.

Microsoft Patch Tuesday for June 2023

No zero-day vulnerabilities known to be exploited in the wild have been fixed in this month’s Patch Tuesday edition. Six of these 94 vulnerabilities are rated as critical and 70 as important. This month’s security updates covered 17 Microsoft Edge (Chromium-based) vulnerabilities patched earlier this month.

Microsoft Patch Tuesday, June edition includes updates for vulnerabilities in Microsoft Office and Components, Microsoft Exchange Server, Win32K, Windows TPM Device Driver, Windows Remote Procedure Call Runtime, Windows PGM, Microsoft Printer Drivers, Windows Hello, Windows Kernel, DNS Server, Windows SMB, Windows Server Service, Microsoft Power Apps, and more.

Microsoft has fixed several flaws in multiple software, including Denial of Service (DoS), Elevation of Privilege (EoP), Information Disclosure, Remote Code Execution (RCE), Security Feature Bypass, and Spoofing.

The June 2023 Microsoft vulnerabilities are classified as follows:

Vulnerability Category	Quantity	Severities
Spoofing Vulnerability	10	Important: 9
Denial of Service Vulnerability	10	Critical: 1 Important: 9
Elevation of Privilege Vulnerability	17	Critical: 1 Important: 15
Information Disclosure Vulnerability	5	Important: 5
Remote Code Execution Vulnerability	32	Critical: 4 Important: 24
Security Feature Bypass Vulnerability	3	Important: 4
Microsoft Edge (Chromium-based)	17

Other Critical Severity Vulnerabilities Patched in June Patch Tuesday Edition

CVE-2023-29357: Microsoft SharePoint Server Elevation of Privilege Vulnerability

On January 10, 2024, CISA has added CVE-2023-29357 to its Known Exploited Vulnerabilities Catalog. CISA requested users to patch it before January 31, 2024.

Microsoft SharePoint is a web-based document management and collaboration platform that helps share files, data, news, and resources. The application transforms business processes by providing simple sharing and seamless collaboration.

An attacker with access to spoofed JWT authentication tokens may exploit this vulnerability to execute a network attack. A successful network attack will bypass authentication and allow an attacker to gain access as an authenticated user. On successful exploitation of the vulnerability, an attacker would gain administrator privileges.

CVE-2023-24897: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability

To exploit this vulnerability, an attacker must convince a user to download and open a specially crafted file from a website through social engineering. The malicious link will lead to a local attack on their computer and allow an attacker to perform remote code execution.

CVE-2023-32013: Windows Hyper-V Denial of Service Vulnerability

Windows Hyper-V is a piece of software that allows hardware virtualization. IT professionals and software developers use virtualization to test software on multiple operating systems. Hyper-V enables working professionals to perform these tasks smoothly. With the help of Hyper-V, one can create virtual hard drives, virtual switches, and numerous different virtual devices, all of which can be added to virtual machines.

To exploit this vulnerability, an attacker must prepare the target environment to improve exploit reliability. A network attacker with low privileges may exploit this vulnerability in a low-complexity attack to cause a denial of service (DoS) situation.

CVE-2023-29363, CVE-2023-32014, and CVE-2023-32015: Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability

Pragmatic General Multicast (PGM), a.k.a. ‘reliable multicast,’ is a scalable receiver-reliable protocol. PGM allows receivers to detect loss, request retransmission of lost data, or notify an application of unrecoverable loss. PGM is best suited for applications that require duplicate-free multicast data delivery from multiple sources to multiple receivers.

Windows message queuing service must be running in a PGM Server environment to exploit the vulnerability. When the service is running, an attacker may send a specially crafted file over the network to achieve remote code execution. The Windows message queuing service is a Windows component that needs to be enabled for a system to be exploitable by this vulnerability. This feature can be added with the help of the Control Panel.

Other Microsoft Vulnerability Highlights

CVE-2023-28310 exists in Microsoft Exchange Server that may allow an authenticated attacker to perform remote code execution on the affected system with the help of a PowerShell remoting session. An attacker must be connected to the same internet as the Exchange server to exploit the vulnerability.
CVE-2023-29358 and CVE-2023-29359 affect the Microsoft Windows graphics device interface (GDI) that allows applications to use graphics and formatted texts on video display and printers. An attacker could gain SYSTEM privileges on successful exploitation of the vulnerabilities.
CVE-2023-29360 is an elevation of privilege vulnerability that affects the Windows Trusted Platform Module (TPM) Device Driver. On successful exploitation of the vulnerability, an attacker could gain SYSTEM privileges.
CVE-2023-29361 is an elevation of privilege vulnerability that affects Windows Cloud Files Mini Filter Driver. To exploit this vulnerability, an attacker must win a race condition. An attacker who exploits this vulnerability could gain SYSTEM privileges on the affected system.
CVE-2023-29371 exists in the Microsoft Windows graphics device interface (GDI). The vulnerability may allow an attacker to gain SYSTEM privileges on successful exploitation.
CVE-2023-32031 is a remote code execution vulnerability that affects Microsoft Exchange Server. An authenticated attacker may use the vulnerability to trigger malicious code in the context of the server’s account through a network call.

Microsoft Release Summary

This month’s release notes cover multiple Microsoft product families and products/versions affected, including, but not limited to, Azure DevOps, .NET and Visual Studio, Microsoft Dynamics, Windows CryptoAPI, .NET Framework, .NET Core, NuGet Client, Microsoft Edge (Chromium-based), Windows NTFS, Windows Group Policy, Remote Desktop Client, SysInternals, Windows DHCP Server, Microsoft Office SharePoint, Windows GDI, Windows Cloud Files Mini Filter Driver Windows Authentication Methods, Microsoft Windows Codecs Library, Windows Geolocation Service, Windows OLE, Windows Filtering, Microsoft WDAC OLE DB provider for SQL, Windows ODBC Driver, Windows Resilient File System (ReFS), Windows Collaborative Translation Framework, Windows Bus Filter Driver, Windows iSCSI, Windows Container Manager Service, Windows Hyper-V, and Windows Installer.

EVALUATE Vendor-Suggested Mitigation with Policy Compliance (PC)

Qualys Policy Compliance Control Library makes it easy to evaluate your technology infrastructure when the current situation requires implementation validation of vendor-suggested mitigation or workaround.

Mitigation refers to a setting, standard configuration, or general best practice existing in a default state that could reduce the severity of the exploitation of a vulnerability.

A workaround is sometimes used temporarily for achieving a task or goal when the usual or planned method isn’t working. Information technology often uses a workaround to overcome hardware, programming, or communication problems. Once a problem is fixed, a workaround is usually abandoned. Source

The following Qualys Policy Compliance Control IDs (CIDs), and System Defined Controls (SDC) have been updated to support Microsoft recommended mitigation(s) for this Patch Tuesday: