Patch Tuesday Update - June 2023

By Vulnerability Research Team

Today’s Microsoft Security Update addressed 78 vulnerabilities, including 6 that are rated as Critical. None of the vulnerabilities included in the Patch Tuesday release appear to be currently exploited in the wild.

Of note, Microsoft SharePoint Server Elevation of Privilege Vulnerability (CVE-2023-29357) appears to allow an attacker to bypass authentication using a spoofed JWT authentication token and assume the privileges of an authenticated user, such as an Administrator. "An attacker who has gained access to spoofed JWT authentication tokens can use them to execute a network attack which bypasses authentication and allows them to gain access to the privileges of an authenticated user.  The attacker needs no privileges nor does the user need to perform any action." - Microsoft CVE-2023-29357

Fortra VM will include the Microsoft Patch Tuesday checks in the NIRV 4.22.0 and Agent 1.60.0 releases.

CVE Title Tag Microsoft Severity Rating Base Score Microsoft Impact Exploited Publicly Disclosed
CVE-2023-28310 Microsoft Exchange Server Remote Code Execution Vulnerability Microsoft Exchange Server Important 8 Remote Code Execution No No
CVE-2023-24896 Dynamics 365 Finance Spoofing Vulnerability Microsoft Dynamics Important 5.4 Spoofing No No
CVE-2023-24897 .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability .NET and Visual Studio Critical 7.8 Remote Code Execution No No
CVE-2023-24937 Windows CryptoAPI Denial of Service Vulnerability Windows CryptoAPI Important 6.5 Denial of Service No No
CVE-2023-24938 Windows CryptoAPI Denial of Service Vulnerability Windows CryptoAPI Important 6.5 Denial of Service No No
CVE-2023-29326 .NET Framework Remote Code Execution Vulnerability .NET Framework Important 7.8 Remote Code Execution No No
CVE-2023-29353 Sysinternals Process Monitor for Windows Denial of Service Vulnerability SysInternals Low 5.5 Denial of Service No No
CVE-2023-32024 Microsoft Power Apps Spoofing Vulnerability Microsoft Power Apps Important 3 Spoofing No No
CVE-2023-32029 Microsoft Excel Remote Code Execution Vulnerability Microsoft Office Excel Important 7.8 Remote Code Execution No No
CVE-2023-32031 Microsoft Exchange Server Remote Code Execution Vulnerability Microsoft Exchange Server Important 8.8 Remote Code Execution No No
CVE-2023-33137 Microsoft Excel Remote Code Execution Vulnerability Microsoft Office Excel Important 7.8 Remote Code Execution No No
CVE-2023-33139 Visual Studio Information Disclosure Vulnerability Visual Studio Important 5.5 Information Disclosure No No
CVE-2023-33146 Microsoft Office Remote Code Execution Vulnerability Microsoft Office Important 7.8 Remote Code Execution No No
CVE-2023-21565 Azure DevOps Server Spoofing Vulnerability Azure DevOps Important 7.1 Spoofing No No
CVE-2023-21569 Azure DevOps Server Spoofing Vulnerability Azure DevOps

Moderate/Important

5.5 Spoofing No No
CVE-2023-24895 .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability .NET and Visual Studio Important 7.8 Remote Code Execution No No
CVE-2023-24936 .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability .NET and Visual Studio Moderate 8.1 Elevation of Privilege No No
CVE-2023-29331 .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability .NET Core Important 7.5 Denial of Service No No
CVE-2023-29337 NuGet Client Remote Code Execution Vulnerability NuGet Client Important 7.1 Remote Code Execution No No
CVE-2023-29012 GitHub: CVE-2023-29012 Git CMD erroneously executes `doskey.exe` in current directory, if it exists Visual Studio Important N/A Remote Code Execution No No
CVE-2023-29011 GitHub: CVE-2023-29011 The config file of `connect.exe` is susceptible to malicious placing Visual Studio Important N/A Remote Code Execution No No
CVE-2023-25815 GitHub: CVE-2023-25815 Git looks for localized messages in an unprivileged place Visual Studio Important N/A Spoofing No No
CVE-2023-29007 GitHub: CVE-2023-29007 Arbitrary configuration injection via `git submodule deinit` Visual Studio Important N/A Remote Code Execution No No
CVE-2023-25652 GitHub: CVE-2023-25652 "git apply --reject" partially-controlled arbitrary file write Visual Studio Important N/A Remote Code Execution No No
CVE-2023-29346 NTFS Elevation of Privilege Vulnerability Windows NTFS Important 7.8 Elevation of Privilege No No
CVE-2023-29351 Windows Group Policy Elevation of Privilege Vulnerability Windows Group Policy Important 8.1 Elevation of Privilege No No
CVE-2023-29352 Windows Remote Desktop Security Feature Bypass Vulnerability Remote Desktop Client Important 6.5 Security Feature Bypass No No
CVE-2023-29355 DHCP Server Service Information Disclosure Vulnerability Windows DHCP Server Important 5.3 Information Disclosure No No
CVE-2023-29357 Microsoft SharePoint Server Elevation of Privilege Vulnerability Microsoft Office SharePoint Critical 9.8 Elevation of Privilege No No
CVE-2023-29358 Windows GDI Elevation of Privilege Vulnerability Windows GDI Important 7.8 Elevation of Privilege No No
CVE-2023-29359 GDI Elevation of Privilege Vulnerability Windows Win32K Important 7.8 Elevation of Privilege No No
CVE-2023-29360 Windows TPM Device Driver Elevation of Privilege Vulnerability Windows TPM Device Driver Important 7.8 Elevation of Privilege No No
CVE-2023-29361 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Windows Cloud Files Mini Filter Driver Important 7 Elevation of Privilege No No
CVE-2023-29362 Remote Desktop Client Remote Code Execution Vulnerability Remote Desktop Client Important 8.8 Remote Code Execution No No
CVE-2023-29363 Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability Windows PGM Critical 9.8 Remote Code Execution No No
CVE-2023-29364 Windows Authentication Elevation of Privilege Vulnerability Windows Authentication Methods Important 7 Elevation of Privilege No No
CVE-2023-29365 Windows Media Remote Code Execution Vulnerability Microsoft Windows Codecs Library Important 7.8 Remote Code Execution No No
CVE-2023-29366 Windows Geolocation Service Remote Code Execution Vulnerability Windows Geolocation Service Important 7.8 Remote Code Execution No No
CVE-2023-29367 iSCSI Target WMI Provider Remote Code Execution Vulnerability Windows OLE Important 7.8 Remote Code Execution No No
CVE-2023-29368 Windows Filtering Platform Elevation of Privilege Vulnerability Windows Filtering Important 7 Elevation of Privilege No No
CVE-2023-29369 Remote Procedure Call Runtime Denial of Service Vulnerability Windows Remote Procedure Call Runtime Important 6.5 Denial of Service No No
CVE-2023-29370 Windows Media Remote Code Execution Vulnerability Microsoft Windows Codecs Library Important 7.8 Remote Code Execution No No
CVE-2023-29371 Windows GDI Elevation of Privilege Vulnerability Windows Win32K Important 7.8 Elevation of Privilege No No
CVE-2023-29372 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Important 8.8 Remote Code Execution No No
CVE-2023-29373 Microsoft ODBC Driver Remote Code Execution Vulnerability Windows ODBC Driver Important 8.8 Remote Code Execution No No
CVE-2023-32008 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Windows Resilient File System (ReFS) Important 7.8 Remote Code Execution No No
CVE-2023-32009 Windows Collaborative Translation Framework Elevation of Privilege Vulnerability Windows Collaborative Translation Framework Important 8.8 Elevation of Privilege No No
CVE-2023-32010 Windows Bus Filter Driver Elevation of Privilege Vulnerability Windows Bus Filter Driver Important 7 Elevation of Privilege No No
CVE-2023-32011 Windows iSCSI Discovery Service Denial of Service Vulnerability Windows iSCSI Important 7.5 Denial of Service No No
CVE-2023-32012 Windows Container Manager Service Elevation of Privilege Vulnerability Windows Container Manager Service Important 6.3 Elevation of Privilege No No
CVE-2023-32013 Windows Hyper-V Denial of Service Vulnerability Windows Hyper-V Critical 6.5 Denial of Service No No
CVE-2023-32014 Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability Windows PGM Critical 9.8 Remote Code Execution No No
CVE-2023-32015 Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability Windows PGM Critical 9.8 Remote Code Execution No No
CVE-2023-32016 Windows Installer Information Disclosure Vulnerability Windows Installer Important 5.5 Information Disclosure No No
CVE-2023-32017 Microsoft PostScript Printer Driver Remote Code Execution Vulnerability Microsoft Printer Drivers Important 7.8 Remote Code Execution No No
CVE-2023-32018 Windows Hello Remote Code Execution Vulnerability Windows Hello Important 7.8 Remote Code Execution No No
CVE-2023-32019 Windows Kernel Information Disclosure Vulnerability Windows Kernel Important 4.7 Information Disclosure No No
CVE-2023-32020 Windows DNS Spoofing Vulnerability Role: DNS Server Important 3.7 Spoofing No No
CVE-2023-32021 Windows SMB Witness Service Security Feature Bypass Vulnerability Windows SMB Important 7.1 Security Feature Bypass No No
CVE-2023-32022 Windows Server Service Security Feature Bypass Vulnerability Windows Server Service Important 7.6 Security Feature Bypass No No
CVE-2023-32030 .NET and Visual Studio Denial of Service Vulnerability .NET and Visual Studio Important 7.5 Denial of Service No No
CVE-2023-32032 .NET and Visual Studio Elevation of Privilege Vulnerability .NET and Visual Studio Important 6.5 Elevation of Privilege No No
CVE-2023-33126 .NET and Visual Studio Remote Code Execution Vulnerability .NET and Visual Studio Important 7.3 Remote Code Execution No No
CVE-2023-33128 .NET and Visual Studio Remote Code Execution Vulnerability .NET and Visual Studio Important 7.3 Remote Code Execution No No
CVE-2023-33129 Microsoft SharePoint Denial of Service Vulnerability Microsoft Office SharePoint Important 6.5 Denial of Service No No
CVE-2023-33130 Microsoft SharePoint Server Spoofing Vulnerability Microsoft Office SharePoint Important 7.3 Spoofing No No
CVE-2023-33131 Microsoft Outlook Remote Code Execution Vulnerability Microsoft Office Outlook Important 8.8 Remote Code Execution No No
CVE-2023-33132 Microsoft SharePoint Server Spoofing Vulnerability Microsoft Office SharePoint Important 6.3 Spoofing No No
CVE-2023-33133 Microsoft Excel Remote Code Execution Vulnerability Microsoft Office Excel Important 7.8 Remote Code Execution No No
CVE-2023-33135 .NET and Visual Studio Elevation of Privilege Vulnerability .NET and Visual Studio Important 7.3 Elevation of Privilege No No
CVE-2023-27909 AutoDesk: CVE-2023-27909 Out-Of-Bounds Write Vulnerability in Autodesk® FBX® SDK 2020 or prior Visual Studio Important N/A Remote Code Execution No No
CVE-2023-27910 AutoDesk: CVE-2023-27910 stack buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior Visual Studio Important N/A Information Disclosure No No
CVE-2023-27911 AutoDesk: CVE-2023-27911 Heap buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior Visual Studio Important N/A Remote Code Execution No No
CVE-2023-33140 Microsoft OneNote Spoofing Vulnerability Microsoft Office OneNote Important 6.5 Spoofing No No
CVE-2023-33141 Yet Another Reverse Proxy (YARP) Denial of Service Vulnerability ASP .NET Important 7.5 Denial of Service No No
CVE-2023-33142 Microsoft SharePoint Server Elevation of Privilege Vulnerability Microsoft Office SharePoint Important 6.5 Elevation of Privilege No No
CVE-2023-33144 Visual Studio Code Spoofing Vulnerability Visual Studio Code Important 5 Spoofing No No
CVE-2023-33145 Microsoft Edge (Chromium-based) Information Disclosure Vulnerability Microsoft Edge (Chromium-based) Important 6.5 Information Disclosure No No

See how Fortra Vulnerability Manager can help your team identify and prioritize vulnerabilities quickly and accelerate your time-to-remediation.

Watch this 3-minute video to learn more.

WATCH THE VIDEO

Share This