Welcome to our summary of the June 2023 Microsoft Patch Tuesday. We have tabulated the vulnerabilities that the latest patches from Microsoft fix, so that you can easily export them for use in your vulnerability management program.

Rootshell users have already benefited from the platform’s Active Exploit Detection, which automatically alerts you to active exploits affecting issues within your estate.

Microsoft’s June 2023 Patch Tuesday announces fixes for 78 issues, 38 of which are Remote Code Execution vulnerabilities.

6 of the 78 vulnerabilities are Critical, as they allow privilege escalation, denial of service attacks, and remote code execution.

This update contains 17 Elevation of Privilege Vulnerabilities, 3 Security Feature Bypass Vulnerabilities, 32 Remote Code Execution Vulnerabilities, 5 Information Disclosure Vulnerabilities, 10 Denial of Service Vulnerabilities, 10 Spoofing Vulnerabilities, and 1 MS Edge Chromium Vulnerability.

Want to be instantly alerted to high risk vulnerabilities in your estate?

• CVE-2023-29357 – Microsoft SharePoint Server Elevation of Privilege Vulnerability

An attacker who has gained access to spoofed JWT authentication tokens can use them to execute a network attack which bypasses authentication and allows them to gain access to the privileges of an authenticated user.

• CVE-2023-32031 – Microsoft Exchange Server Remote Code Execution Vulnerability

The attacker for this vulnerability could target the server accounts in an arbitrary or remote code execution. As an authenticated user, the attacker could attempt to trigger malicious code in the context of the server’s account through a network call.

• CVE-2023-29325 – Windows OLE Remote Code Execution Vulnerability

In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted email to the victim.

[wpdatatable id=”16″ /][wpdatatable id=”0″ /]