Skip to main content

Here is another Microsoft Patch Tuesday Report. Microsoft releases its monthly report to address various vulnerabilities and helps its customers stay aware of all the threats and possible security vulnerabilities. This June 2023 Patch Tuesday report also fixes some vulnerabilities in various Microsoft products. 

This blog gives you an overview of the latest June 2023 Patch Tuesday report and highlights the vulnerabilities found, their categories, and their severity levels. 

Microsoft Patch Tuesday, June 2023 Report Summary

June 2023 Patch Tuesday report is out, and below is a quick overview of the report: 

  • The report presents 94 vulnerabilities in total, out of which 6 are classified as critical, 60 as important, 2 as Low, and 16 as unknown.  
  • There are no zero-day vulnerabilities found in June 2023 Patch Tuesday. 
  • The affected products covered in the June 2023 Patch Tuesday report include .NET and Visual Studio, .NET Core, .NET Framework, ASP .NET, Azure DevOps, Microsoft Dynamics, Microsoft Edge (Chromium-based), Microsoft Exchange Server, Microsoft Office, Microsoft Office Excel, Microsoft Office OneNote, Microsoft Office SharePoint, Microsoft Power Apps, Microsoft Printer Drivers, Microsoft WDAC OLE DB provider for SQL, Microsoft Windows Codecs Library, NuGet Client, Remote Desktop Client, DNS Server, SysInternals, Visual Studio, Visual Studio Code, Windows Authentication Methods, Windows Bus Filter Driver, Windows Cloud Files Mini Filter Driver, Windows Collaborative Translation Framework, Windows Container Manager Service, Windows CryptoAPI, Windows DHCP Server, Windows Filtering, Windows GDI, Windows Geolocation Service, Windows Group Policy, Windows Hello, Windows Hyper-V, Windows Installer, Windows iSCSI, Windows Kernel, Windows NTFS, Windows ODBC Driver, Windows OLE, Windows PGM, Windows Remote Procedure Call Runtime, Windows Resilient File System (ReFS), Windows Server Service, Windows SMB, Windows TPM Device Driver, and Windows Win32K. 

Vulnerabilities by Category

The complete list of 94 vulnerabilities is classified into seven categories. Remote Code Execution Vulnerability has been identified as the most common vulnerability, occurring 32 times, while Edge-Chromium Vulnerability is the least frequent, occurring only 1 time. 16 vulnerabilities are unknown but are also mentioned in the report with the name, title, and product affected. Please refer to the table below for complete details on all categories of vulnerabilities: 

Vulnerability Type Quantity 
Elevation of Privilege Vulnerability17
Security Feature Bypass Vulnerability3
Remote Code Execution Vulnerability32
Information Disclosure Vulnerability5
Denial of Service Vulnerability10
Spoofing Vulnerability10
Edge – Chromium Vulnerability1

Notable Vulnerabilities in June 2023 Patch Tuesday

There are no zero-day vulnerabilities in June 2023 Patch Tuesday, however below are some notable vulnerabilities that are found and have been fixed by Microsoft: 

CVE IDVulnerable Product/ApplicationVulnerability Type
CVE-2023-29357 Microsoft SharePoint Elevation of Privilege
CVE-2023-32031 Microsoft Exchange ServerRemote Code Execution Vulnerability

CVE-2023-29357 Elevation of Privilege Vulnerability 

CVE-2023-29357 is a privilege elevation vulnerability and was first discovered by Jang (Nguyễn Tiến Giang) of StarLabs SG. This flaw could enable attackers to assume the privileges of other users, including administrators. By utilizing spoofed JWT authentication tokens, an attacker can bypass authentication and gain access to the privileges of an authenticated user. 

CVE-2023-32031 Remote Code Execution Vulnerability 

This vulnerability was first discovered by Piotr Bazydlo of Trend Micro Zero Day Initiative. It is a remote code execution vulnerability found in Microsoft Exchange Server. Attackers could target server accounts and attempt to trigger malicious code in the context of the server’s account through a network call. 

List of Critical Vulnerabilities Patched in June 2023 Patch Tuesday

The list of all 6 critical vulnerabilities patched in June 2023 Patch Tuesday is as follows: 

CVE ID Vulnerable Product/ApplicationVulnerability Type
CVE-2023-24897.NET and Visual StudioRemote Code Execution Vulnerability 
CVE-2023-29357Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2023-32013Windows Hyper-VDenial of Service
CVE-2023-29363Windows PGMRemote Code Execution Vulnerability
CVE-2023-32014Windows PGMRemote Code Execution Vulnerability
CVE-2023-32015Windows PGMRemote Code Execution Vulnerability

Complete List of Vulnerabilities Patched in June 2023 Patch Tuesday Are:

If you wish to download the complete list of vulnerabilities patched in June 2023 Patch Tuesday, you can do it from here. 

CVE ID SeverityCVE Title Tag
CVE-2023-24895Important.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability.NET and Visual Studio
CVE-2023-33126Important.NET and Visual Studio Remote Code Execution Vulnerability.NET and Visual Studio
CVE-2023-24936Moderate.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability.NET and Visual Studio
CVE-2023-33135Important.NET and Visual Studio Elevation of Privilege Vulnerability.NET and Visual Studio
CVE-2023-32032Important.NET and Visual Studio Elevation of Privilege Vulnerability.NET and Visual Studio
CVE-2023-32030Important.NET and Visual Studio Denial of Service Vulnerability.NET and Visual Studio
CVE-2023-33128Important.NET and Visual Studio Remote Code Execution Vulnerability.NET and Visual Studio
CVE-2023-24897Critical.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability.NET and Visual Studio
CVE-2023-29331Important.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability.NET Core
CVE-2023-29326Important.NET Framework Remote Code Execution Vulnerability.NET Framework
CVE-2023-33141ImportantYet Another Reverse Proxy (YARP) Denial of Service VulnerabilityASP .NET
CVE-2023-21569ImportantAzure DevOps Server Spoofing VulnerabilityAzure DevOps
CVE-2023-21565ImportantAzure DevOps Server Spoofing VulnerabilityAzure DevOps
CVE-2023-24896ImportantDynamics 365 Finance Spoofing VulnerabilityMicrosoft Dynamics
CVE-2023-2941UnknownChromium: CVE-2023-2941 Inappropriate implementation in Extensions APIMicrosoft Edge (Chromium-based)
CVE-2023-33145ImportantMicrosoft Edge (Chromium-based) Information Disclosure VulnerabilityMicrosoft Edge (Chromium-based)
CVE-2023-2937UnknownChromium: CVE-2023-2937 Inappropriate implementation in Picture In PictureMicrosoft Edge (Chromium-based)
CVE-2023-2936UnknownChromium: CVE-2023-2936 Type Confusion in V8Microsoft Edge (Chromium-based)
CVE-2023-2935UnknownChromium: CVE-2023-2935 Type Confusion in V8Microsoft Edge (Chromium-based)
CVE-2023-2940UnknownChromium: CVE-2023-2940 Inappropriate implementation in DownloadsMicrosoft Edge (Chromium-based)
CVE-2023-2939UnknownChromium: CVE-2023-2939 Insufficient data validation in InstallerMicrosoft Edge (Chromium-based)
CVE-2023-2938UnknownChromium: CVE-2023-2938 Inappropriate implementation in Picture In PictureMicrosoft Edge (Chromium-based)
CVE-2023-2931UnknownChromium: CVE-2023-2931 Use after free in PDFMicrosoft Edge (Chromium-based)
CVE-2023-2930UnknownChromium: CVE-2023-2930 Use after free in ExtensionsMicrosoft Edge (Chromium-based)
CVE-2023-2929UnknownChromium: CVE-2023-2929 Out of bounds write in SwiftshaderMicrosoft Edge (Chromium-based)
CVE-2023-2934UnknownChromium: CVE-2023-2934 Out of bounds memory access in MojoMicrosoft Edge (Chromium-based)
CVE-2023-2933UnknownChromium: CVE-2023-2933 Use after free in PDFMicrosoft Edge (Chromium-based)
CVE-2023-2932UnknownChromium: CVE-2023-2932 Use after free in PDFMicrosoft Edge (Chromium-based)
CVE-2023-3079Unkn ownChromium: CVE-2023-3079 Type Confusion in V8Microsoft Edge (Chromium-based)
CVE-2023-29345LowMicrosoft Edge (Chromium-based) Security Feature Bypass VulnerabilityMicrosoft Edge (Chromium-based)
CVE-2023-33143ModerateMicrosoft Edge (Chromium-based) Elevation of Privilege VulnerabilityMicrosoft Edge (Chromium-based)
CVE-2023-32031ImportantMicrosoft Exchange Server Remote Code Execution VulnerabilityMicrosoft Exchange Server
CVE-2023-28310ImportantMicrosoft Exchange Server Remote Code Execution VulnerabilityMicrosoft Exchange Server
CVE-2023-33146ImportantMicrosoft Office Remote Code Execution VulnerabilityMicrosoft Office
CVE-2023-33133ImportantMicrosoft Excel Remote Code Execution VulnerabilityMicrosoft Office Excel
CVE-2023-32029ImportantMicrosoft Excel Remote Code Execution VulnerabilityMicrosoft Office Excel
CVE-2023-33137ImportantMicrosoft Excel Remote Code Execution VulnerabilityMicrosoft Office Excel
CVE-2023-33140ImportantMicrosoft OneNote Spoofing VulnerabilityMicrosoft Office OneNote
CVE-2023-33131ImportantMicrosoft Outlook Remote Code Execution VulnerabilityMicrosoft Office Outlook
CVE-2023-33142ImportantMicrosoft SharePoint Server Elevation of Privilege VulnerabilityMicrosoft Office SharePoint
CVE-2023-33129ImportantMicrosoft SharePoint Denial of Service VulnerabilityMicrosoft Office SharePoint
CVE-2023-33130ImportantMicrosoft SharePoint Server Spoofing VulnerabilityMicrosoft Office SharePoint
CVE-2023-33132ImportantMicrosoft SharePoint Server Spoofing VulnerabilityMicrosoft Office SharePoint
CVE-2023-29357CriticalMicrosoft SharePoint Server Elevation of Privilege VulnerabilityMicrosoft Office SharePoint
CVE-2023-32024ImportantMicrosoft Power Apps Spoofing VulnerabilityMicrosoft Power Apps
CVE-2023-32017ImportantMicrosoft PostScript Printer Driver Remote Code Execution VulnerabilityMicrosoft Printer Drivers
CVE-2023-29372ImportantMicrosoft WDAC OLE DB provider for SQL Server Remote Code Execution VulnerabilityMicrosoft WDAC OLE DB provider for SQL
CVE-2023-29370ImportantWindows Media Remote Code Execution VulnerabilityMicrosoft Windows Codecs Library
CVE-2023-29365ImportantWindows Media Remote Code Execution VulnerabilityMicrosoft Windows Codecs Library
CVE-2023-29337ImportantNuGet Client Remote Code Execution VulnerabilityNuGet Client
CVE-2023-29362ImportantRemote Desktop Client Remote Code Execution VulnerabilityRemote Desktop Client
CVE-2023-29352ImportantWindows Remote Desktop Security Feature Bypass VulnerabilityRemote Desktop Client
CVE-2023-32020ImportantWindows DNS Spoofing VulnerabilityRole: DNS Server
CVE-2023-29353LowSysinternals Process Monitor for Windows Denial of Service VulnerabilitySysInternals
CVE-2023-29007ImportantGitHub: CVE-2023-29007 Arbitrary configuration injection via `git submodule deinit`Visual Studio
CVE-2023-33139ImportantVisual Studio Information Disclosure VulnerabilityVisual Studio
CVE-2023-25652ImportantGitHub: CVE-2023-25652 “git apply –reject” partially-controlled arbitrary file writeVisual Studio
CVE-2023-25815ImportantGitHub: CVE-2023-25815 Git looks for localized messages in an unprivileged placeVisual Studio
CVE-2023-27 911ImportantAutoDesk: CVE-2023-27911 Heap buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or priorVisual Studio
CVE-2023-27910ImportantAutoDesk: CVE-2023-27910 stack buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or priorVisual Studio
CVE-2023-29011ImportantGitHub: CVE-2023-29011 The config file of `connect.exe` is susceptible to malicious placingVisual Studio
CVE-2023-29012ImportantGitHub: CVE-2023-29012 Git CMD erroneously executes `doskey.exe` in current directory, if it existsVisual Studio
CVE-2023-27909ImportantAutoDesk: CVE-2023-27909 Out-Of-Bounds Write Vulnerability in Autodesk® FBX® SDK 2020 or priorVisual Studio
CVE-2023-33144ImportantVisual Studio Code Spoofing VulnerabilityVisual Studio Code
CVE-2023-29364ImportantWindows Authentication Elevation of Privilege VulnerabilityWindows Authentication Methods
CVE-2023-32010ImportantWindows Bus Filter Driver Elevation of Privilege VulnerabilityWindows Bus Filter Driver
CVE-2023-29361ImportantWindows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityWindows Cloud Files Mini Filter Driver
CVE-2023-32009ImportantWindows Collaborative Translation Framework Elevation of Privilege VulnerabilityWindows Collaborative Translation Framework
CVE-2023-32012ImportantWindows Container Manager Service Elevation of Privilege VulnerabilityWindows Container Manager Service
CVE-2023-24937ImportantWindows CryptoAPI Denial of Service VulnerabilityWindows CryptoAPI
CVE-2023-24938ImportantWindows CryptoAPI Denial of Service VulnerabilityWindows CryptoAPI
CVE-2023-29355ImportantDHCP Server Service Information Disclosure VulnerabilityWindows DHCP Server
CVE-2023-29368ImportantWindows Filtering Platform Elevation of Privilege VulnerabilityWindows Filtering
CVE-2023-29358ImportantWindows GDI Elevation of Privilege VulnerabilityWindows GDI
CVE-2023-29366ImportantWindows Geolocation Service Remote Code Execution VulnerabilityWindows Geolocation Service
CVE-2023-29351ImportantWindows Group Policy Elevation of Privilege VulnerabilityWindows Group Policy
CVE-2023-32018ImportantWindows Hello Remote Code Execution VulnerabilityWindows Hello
CVE-2023-32013CriticalWindows Hyper-V Denial of Service VulnerabilityWindows Hyper-V
CVE-2023-32016ImportantWindows Installer Information Disclosure VulnerabilityWindows Installer
CVE-2023-32011ImportantWindows iSCSI Discovery Service Denial of Service VulnerabilityWindows iSCSI
CVE-2023-32019ImportantWindows Kernel Information Disclosure VulnerabilityWindows Kernel
CVE-2023-29346ImportantNTFS Elevation of Privilege VulnerabilityWindows NTFS
CVE-2023-29373ImportantMicrosoft ODBC Driver Remote Code Execution VulnerabilityWindows ODBC Driver
CVE-2023-29367ImportantiSCSI Target WMI Provider Remote Code Execution VulnerabilityWindows OLE
CVE-2023-29363CriticalWindows Pragmatic General Multicast (PGM) Remote Code Execution VulnerabilityWindows PGM
CVE-2023-32014CriticalWindows Pragmatic General Multicast (PGM) Remote Code Execution VulnerabilityWindows PGM
CVE-2023-32015CriticalWindows Pragmatic General Multicast (PGM) Remote Code Execution VulnerabilityWindows PGM
CVE-2023-29369ImportantRemote Procedure Call Runtime Denial of Service VulnerabilityWindows Remote Procedure Call Runtime
CVE-2023-32008ImportantWindows Resilient File System (ReFS) Remote Code Execution VulnerabilityWindows Resilient File System (ReFS)
CVE-2023-32022ImportantWindows Server Service Security Feature Bypass VulnerabilityWindows Server Service
CVE-2023-32021ImportantWindows SMB Witness Service Security Feature Bypass VulnerabilityWindows SMB
CVE-2023-29360ImportantWindows TPM Device Driver Elevation of Privilege VulnerabilityWindows TPM Device Driver
CVE-2023-29371ImportantWindows GDI Elevation of Privilege VulnerabilityWindows Win32K
CVE-2023-29359ImportantGDI Elevation of Privilege VulnerabilityWindows Win32K

Thank you for reading this blog post that highlights the significant updates released by Microsoft in the June 2023 Patch Tuesday. These updates are crucial for addressing security vulnerabilities and improving the overall security of Microsoft products like Windows, Office, and Exchange Server.

See Also How To Mitigate The New Remote Code Execution Vulnerability In Dompdf

It is highly recommended to prioritize the installation of these patches promptly to minimize the potential risks associated with these vulnerabilities. By keeping your systems up-to-date with the latest security patches and adopting proactive security practices, you can effectively safeguard your systems against potential cyber threats. This will help ensure the integrity and safety of your systems and data.

Leave a Reply