Description:
Microsoft has released security updates addressing multiple vulnerabilities which affect several Microsoft products or components. The list of security updates can be found at:
https://msrc.microsoft.com/update-guide/releaseNote/2023-Jun
Reports indicated that the vulnerabilities (CVE-2023-29357, CVE-2023-29363, CVE-2023-32014, CVE-2023-32015 and CVE-2023-32031) are at a high risk of exploitation. System administrators and users are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.
Affected Systems:
- Microsoft Windows 10, 11
- Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016, 2019, 2022
- Microsoft Office 2019, 2019 for Mac, LTSC 2021, LTSC for Mac 2021
- Microsoft Office Online Server
- Microsoft Edge (Chromium-based)
- Microsoft Excel 2013, 2013 RT, 2016
- Microsoft Exchange Server 2016, 2019
- Microsoft Outlook 2013, 2013 RT, 2016
- Microsoft SharePoint Enterprise Server 2016
- Microsoft SharePoint Server 2019, Subscription Edition
- Microsoft 365 Apps for Enterprise
- Microsoft Visual Studio 2013, 2015, 2017, 2019, 2022
- Visual Studio Code
- Microsoft .NET Framework 2.0, 3.0, 3.5, 3.5.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8, 4.8.1
- .NET 6.0, 7.0
- NuGet 6.0.4, 6.2.3, 6.3.2, 6.4.1, 6.5.0, 6.6.0
- Remote Desktop client for Windows Desktop
- Azure DevOps Server 2020, 2022
- Dynamics 365 for Finance and Operations
- Microsoft OneNote for Universal
- Microsoft Power Apps
- Windows Sysinternals Process Monitor, Sysinternals Suite
- YARP 2.0
Impact:
Depending on the vulnerability exploited, a successful attack could lead to remote code execution, denial of service, elevation of privilege, information disclosure, security feature bypass and spoofing.
Recommendation:
Patches for affected products are available from the Windows Update / Microsoft Update Catalog. System administrators and users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
More Information:
- https://msrc.microsoft.com/update-guide/releaseNote/2023-Jun
- https://www.hkcert.org/security-bulletin/microsoft-monthly-security-update-june-2023
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21565
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21569
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24895 (to CVE-2023-24897)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24936 (to CVE-2023-24938)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25652
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25815
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27909 (to CVE-2023-27911)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28310
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29007
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29011 (to CVE-2023-29012)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29326
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29331
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29337
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29346
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29351 (to CVE-2023-29353)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29355
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29357 (to CVE-2023-29373)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32008 (to CVE-2023-32022)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32024
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32029 (to CVE-2023-32032)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33126
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33128 (to CVE-2023-33133)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33135
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33137
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33139 (to CVE-2023-33142)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33144 (to CVE-2023-33146)