Table of Contents
June 15, 2023
|10m
Breaking Down the Latest June 2023 Patch Tuesday Report
Here is another Microsoft Patch Tuesday Report. Microsoft releases its monthly report to address various vulnerabilities and helps its customers stay aware of all the threats and possible security vulnerabilities. This June 2023 Patch Tuesday report also fixes some vulnerabilities in various Microsoft products.
This blog gives you an overview of the latest June 2023 Patch Tuesday report and highlights the vulnerabilities found, their categories, and their severity levels.
Microsoft Patch Tuesday, June 2023 Report Summary
June 2023 Patch Tuesday report is out, and below is a quick overview of the report:
The report presents 94 vulnerabilities in total, out of which 6 are classified as critical, 60 as important, 2 as Low, and 16 as unknown.
There are no zero-day vulnerabilities found in June 2023 Patch Tuesday.
The affected products covered in the June 2023 Patch Tuesday report include .NET and Visual Studio, .NET Core, .NET Framework, ASP .NET, Azure DevOps, Microsoft Dynamics, Microsoft Edge (Chromium-based), Microsoft Exchange Server, Microsoft Office, Microsoft Office Excel, Microsoft Office OneNote, Microsoft Office SharePoint, Microsoft Power Apps, Microsoft Printer Drivers, Microsoft WDAC OLE DB provider for SQL, Microsoft Windows Codecs Library, NuGet Client, Remote Desktop Client, DNS Server, SysInternals, Visual Studio, Visual Studio Code, Windows Authentication Methods, Windows Bus Filter Driver, Windows Cloud Files Mini Filter Driver, Windows Collaborative Translation Framework, Windows Container Manager Service, Windows CryptoAPI, Windows DHCP Server, Windows Filtering, Windows GDI, Windows Geolocation Service, Windows Group Policy, Windows Hello, Windows Hyper-V, Windows Installer, Windows iSCSI, Windows Kernel, Windows NTFS, Windows ODBC Driver, Windows OLE, Windows PGM, Windows Remote Procedure Call Runtime, Windows Resilient File System (ReFS), Windows Server Service, Windows SMB, Windows TPM Device Driver, and Windows Win32K.
Vulnerabilities by Category
The complete list of 94 vulnerabilities is classified into seven categories. Remote Code Execution Vulnerability has been identified as the most common vulnerability, occurring 32 times, while Edge-Chromium Vulnerability is the least frequent, occurring only 1 time. 16 vulnerabilities are unknown but are also mentioned in the report with the name, title, and product affected. Please refer to the table below for complete details on all categories of vulnerabilities:
| Vulnerability Type | Quantity |
| Elevation of Privilege Vulnerability | 17 |
| Security Feature Bypass Vulnerability | 3 |
| Remote Code Execution Vulnerability | 32 |
| Information Disclosure Vulnerability | 5 |
| Denial of Service Vulnerability | 10 |
| Spoofing Vulnerability | 10 |
| Edge – Chromium Vulnerability | 1 |
Notable Vulnerabilities in June 2023 Patch Tuesday
There are no zero-day vulnerabilities in June 2023 Patch Tuesday, however below are some notable vulnerabilities that are found and have been fixed by Microsoft:
| CVE ID | Vulnerable Product/Application | Vulnerability Type |
| CVE-2023-29357 | Microsoft SharePoint | Elevation of Privilege |
| CVE-2023-32031 | Microsoft Exchange Server | Remote Code Execution Vulnerability |
CVE-2023-29357 Elevation of Privilege Vulnerability
CVE-2023-29357 is a privilege elevation vulnerability and was first discovered by Jang (Nguyễn Tiến Giang) of StarLabs SG. This flaw could enable attackers to assume the privileges of other users, including administrators. By utilizing spoofed JWT authentication tokens, an attacker can bypass authentication and gain access to the privileges of an authenticated user.
CVE-2023-32031 Remote Code Execution Vulnerability
This vulnerability was first discovered by Piotr Bazydlo of Trend Micro Zero Day Initiative. It is a remote code execution vulnerability found in Microsoft Exchange Server. Attackers could target server accounts and attempt to trigger malicious code in the context of the server’s account through a network call.
List of Critical Vulnerabilities Patched in June 2023 Patch Tuesday
The list of all 6 critical vulnerabilities patched in June 2023 Patch Tuesday is as follows:
| CVE ID | Vulnerable Product/Application | Vulnerability Type |
| CVE-2023-24897 | .NET and Visual Studio | Remote Code Execution Vulnerability |
| CVE-2023-29357 | Microsoft SharePoint | Remote Code Execution Vulnerability |
| CVE-2023-32013 | Windows Hyper-V | Denial of Service |
| CVE-2023-29363 | Windows PGM | Remote Code Execution Vulnerability |
| CVE-2023-32014 | Windows PGM | Remote Code Execution Vulnerability |
| CVE-2023-32015 | Windows PGM | Remote Code Execution Vulnerability |
Complete List of Vulnerabilities Patched in June 2023 Patch Tuesday Are:
If you wish to download the complete list of vulnerabilities patched in June 2023 Patch Tuesday, you can do it from here.
| CVE ID | Severity | CVE Title | Tag |
| CVE-2023-24895 | Important | .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability | .NET and Visual Studio |
| CVE-2023-33126 | Important | .NET and Visual Studio Remote Code Execution Vulnerability | .NET and Visual Studio |
| CVE-2023-24936 | Moderate | .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability | .NET and Visual Studio |
| CVE-2023-33135 | Important | .NET and Visual Studio Elevation of Privilege Vulnerability | .NET and Visual Studio |
| CVE-2023-32032 | Important | .NET and Visual Studio Elevation of Privilege Vulnerability | .NET and Visual Studio |
| CVE-2023-32030 | Important | .NET and Visual Studio Denial of Service Vulnerability | .NET and Visual Studio |
| CVE-2023-33128 | Important | .NET and Visual Studio Remote Code Execution Vulnerability | .NET and Visual Studio |
| CVE-2023-24897 | Critical | .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability | .NET and Visual Studio |
| CVE-2023-29331 | Important | .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability | .NET Core |
| CVE-2023-29326 | Important | .NET Framework Remote Code Execution Vulnerability | .NET Framework |
| CVE-2023-33141 | Important | Yet Another Reverse Proxy (YARP) Denial of Service Vulnerability | ASP .NET |
| CVE-2023-21569 | Important | Azure DevOps Server Spoofing Vulnerability | Azure DevOps |
| CVE-2023-21565 | Important | Azure DevOps Server Spoofing Vulnerability | Azure DevOps |
| CVE-2023-24896 | Important | Dynamics 365 Finance Spoofing Vulnerability | Microsoft Dynamics |
| CVE-2023-2941 | Unknown | Chromium: CVE-2023-2941 Inappropriate implementation in Extensions API | Microsoft Edge (Chromium-based) |
| CVE-2023-33145 | Important | Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | Microsoft Edge (Chromium-based) |
| CVE-2023-2937 | Unknown | Chromium: CVE-2023-2937 Inappropriate implementation in Picture In Picture | Microsoft Edge (Chromium-based) |
| CVE-2023-2936 | Unknown | Chromium: CVE-2023-2936 Type Confusion in V8 | Microsoft Edge (Chromium-based) |
| CVE-2023-2935 | Unknown | Chromium: CVE-2023-2935 Type Confusion in V8 | Microsoft Edge (Chromium-based) |
| CVE-2023-2940 | Unknown | Chromium: CVE-2023-2940 Inappropriate implementation in Downloads | Microsoft Edge (Chromium-based) |
| CVE-2023-2939 | Unknown | Chromium: CVE-2023-2939 Insufficient data validation in Installer | Microsoft Edge (Chromium-based) |
| CVE-2023-2938 | Unknown | Chromium: CVE-2023-2938 Inappropriate implementation in Picture In Picture | Microsoft Edge (Chromium-based) |
| CVE-2023-2931 | Unknown | Chromium: CVE-2023-2931 Use after free in PDF | Microsoft Edge (Chromium-based) |
| CVE-2023-2930 | Unknown | Chromium: CVE-2023-2930 Use after free in Extensions | Microsoft Edge (Chromium-based) |
| CVE-2023-2929 | Unknown | Chromium: CVE-2023-2929 Out of bounds write in Swiftshader | Microsoft Edge (Chromium-based) |
| CVE-2023-2934 | Unknown | Chromium: CVE-2023-2934 Out of bounds memory access in Mojo | Microsoft Edge (Chromium-based) |
| CVE-2023-2933 | Unknown | Chromium: CVE-2023-2933 Use after free in PDF | Microsoft Edge (Chromium-based) |
| CVE-2023-2932 | Unknown | Chromium: CVE-2023-2932 Use after free in PDF | Microsoft Edge (Chromium-based) |
| CVE-2023-3079 | Unknown | Chromium: CVE-2023-3079 Type Confusion in V8 | Microsoft Edge (Chromium-based) |
| CVE-2023-29345 | Low | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | Microsoft Edge (Chromium-based) |
| CVE-2023-33143 | Moderate | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | Microsoft Edge (Chromium-based) |
| CVE-2023-32031 | Important | Microsoft Exchange Server Remote Code Execution Vulnerability | Microsoft Exchange Server |
| CVE-2023-28310 | Important | Microsoft Exchange Server Remote Code Execution Vulnerability | Microsoft Exchange Server |
| CVE-2023-33146 | Important | Microsoft Office Remote Code Execution Vulnerability | Microsoft Office |
| CVE-2023-33133 | Important | Microsoft Excel Remote Code Execution Vulnerability | Microsoft Office Excel |
| CVE-2023-32029 | Important | Microsoft Excel Remote Code Execution Vulnerability | Microsoft Office Excel |
| CVE-2023-33137 | Important | Microsoft Excel Remote Code Execution Vulnerability | Microsoft Office Excel |
| CVE-2023-33140 | Important | Microsoft OneNote Spoofing Vulnerability | Microsoft Office OneNote |
| CVE-2023-33131 | Important | Microsoft Outlook Remote Code Execution Vulnerability | Microsoft Office Outlook |
| CVE-2023-33142 | Important | Microsoft SharePoint Server Elevation of Privilege Vulnerability | Microsoft Office SharePoint |
| CVE-2023-33129 | Important | Microsoft SharePoint Denial of Service Vulnerability | Microsoft Office SharePoint |
| CVE-2023-33130 | Important | Microsoft SharePoint Server Spoofing Vulnerability | Microsoft Office SharePoint |
| CVE-2023-33132 | Important | Microsoft SharePoint Server Spoofing Vulnerability | Microsoft Office SharePoint |
| CVE-2023-29357 | Critical | Microsoft SharePoint Server Elevation of Privilege Vulnerability | Microsoft Office SharePoint |
| CVE-2023-32024 | Important | Microsoft Power Apps Spoofing Vulnerability | Microsoft Power Apps |
| CVE-2023-32017 | Important | Microsoft PostScript Printer Driver Remote Code Execution Vulnerability | Microsoft Printer Drivers |
| CVE-2023-29372 | Important | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | Microsoft WDAC OLE DB provider for SQL |
| CVE-2023-29370 | Important | Windows Media Remote Code Execution Vulnerability | Microsoft Windows Codecs Library |
| CVE-2023-29365 | Important | Windows Media Remote Code Execution Vulnerability | Microsoft Windows Codecs Library |
| CVE-2023-29337 | Important | NuGet Client Remote Code Execution Vulnerability | NuGet Client |
| CVE-2023-29362 | Important | Remote Desktop Client Remote Code Execution Vulnerability | Remote Desktop Client |
| CVE-2023-29352 | Important | Windows Remote Desktop Security Feature Bypass Vulnerability | Remote Desktop Client |
| CVE-2023-32020 | Important | Windows DNS Spoofing Vulnerability | Role: DNS Server |
| CVE-2023-29353 | Low | Sysinternals Process Monitor for Windows Denial of Service Vulnerability | SysInternals |
| CVE-2023-29007 | Important | GitHub: CVE-2023-29007 Arbitrary configuration injection via `git submodule deinit` | Visual Studio |
| CVE-2023-33139 | Important | Visual Studio Information Disclosure Vulnerability | Visual Studio |
| CVE-2023-25652 | Important | GitHub: CVE-2023-25652 “git apply –reject” partially-controlled arbitrary file write | Visual Studio |
| CVE-2023-25815 | Important | GitHub: CVE-2023-25815 Git looks for localized messages in an unprivileged place | Visual Studio |
| CVE-2023-27911 | Important | AutoDesk: CVE-2023-27911 Heap buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior | Visual Studio |
| CVE-2023-27910 | Important | AutoDesk: CVE-2023-27910 stack buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior | Visual Studio |
| CVE-2023-29011 | Important | GitHub: CVE-2023-29011 The config file of `connect.exe` is susceptible to malicious placing | Visual Studio |
| CVE-2023-29012 | Important | GitHub: CVE-2023-29012 Git CMD erroneously executes `doskey.exe` in current directory, if it exists | Visual Studio |
| CVE-2023-27909 | Important | AutoDesk: CVE-2023-27909 Out-Of-Bounds Write Vulnerability in Autodesk® FBX® SDK 2020 or prior | Visual Studio |
| CVE-2023-33144 | Important | Visual Studio Code Spoofing Vulnerability | Visual Studio Code |
| CVE-2023-29364 | Important | Windows Authentication Elevation of Privilege Vulnerability | Windows Authentication Methods |
| CVE-2023-32010 | Important | Windows Bus Filter Driver Elevation of Privilege Vulnerability | Windows Bus Filter Driver |
| CVE-2023-29361 | Important | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | Windows Cloud Files Mini Filter Driver |
| CVE-2023-32009 | Important | Windows Collaborative Translation Framework Elevation of Privilege Vulnerability | Windows Collaborative Translation Framework |
| CVE-2023-32012 | Important | Windows Container Manager Service Elevation of Privilege Vulnerability | Windows Container Manager Service |
| CVE-2023-24937 | Important | Windows CryptoAPI Denial of Service Vulnerability | Windows CryptoAPI |
| CVE-2023-24938 | Important | Windows CryptoAPI Denial of Service Vulnerability | Windows CryptoAPI |
| CVE-2023-29355 | Important | DHCP Server Service Information Disclosure Vulnerability | Windows DHCP Server |
| CVE-2023-29368 | Important | Windows Filtering Platform Elevation of Privilege Vulnerability | Windows Filtering |
| CVE-2023-29358 | Important | Windows GDI Elevation of Privilege Vulnerability | Windows GDI |
| CVE-2023-29366 | Important | Windows Geolocation Service Remote Code Execution Vulnerability | Windows Geolocation Service |
| CVE-2023-29351 | Important | Windows Group Policy Elevation of Privilege Vulnerability | Windows Group Policy |
| CVE-2023-32018 | Important | Windows Hello Remote Code Execution Vulnerability | Windows Hello |
| CVE-2023-32013 | Critical | Windows Hyper-V Denial of Service Vulnerability | Windows Hyper-V |
| CVE-2023-32016 | Important | Windows Installer Information Disclosure Vulnerability | Windows Installer |
| CVE-2023-32011 | Important | Windows iSCSI Discovery Service Denial of Service Vulnerability | Windows iSCSI |
| CVE-2023-32019 | Important | Windows Kernel Information Disclosure Vulnerability | Windows Kernel |
| CVE-2023-29346 | Important | NTFS Elevation of Privilege Vulnerability | Windows NTFS |
| CVE-2023-29373 | Important | Microsoft ODBC Driver Remote Code Execution Vulnerability | Windows ODBC Driver |
| CVE-2023-29367 | Important | iSCSI Target WMI Provider Remote Code Execution Vulnerability | Windows OLE |
| CVE-2023-29363 | Critical | Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | Windows PGM |
| CVE-2023-32014 | Critical | Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | Windows PGM |
| CVE-2023-32015 | Critical | Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | Windows PGM |
| CVE-2023-29369 | Important | Remote Procedure Call Runtime Denial of Service Vulnerability | Windows Remote Procedure Call Runtime |
| CVE-2023-32008 | Important | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | Windows Resilient File System (ReFS) |
| CVE-2023-32022 | Important | Windows Server Service Security Feature Bypass Vulnerability | Windows Server Service |
| CVE-2023-32021 | Important | Windows SMB Witness Service Security Feature Bypass Vulnerability | Windows SMB |
| CVE-2023-29360 | Important | Windows TPM Device Driver Elevation of Privilege Vulnerability | Windows TPM Device Driver |
| CVE-2023-29371 | Important | Windows GDI Elevation of Privilege Vulnerability | Windows Win32K |
| CVE-2023-29359 | Important | GDI Elevation of Privilege Vulnerability | Windows Win32K |
Thank you for reading this blog post that highlights the significant updates released by Microsoft in the June 2023 Patch Tuesday. These updates are crucial for addressing security vulnerabilities and improving the overall security of Microsoft products like Windows, Office, and Exchange Server.
It is highly recommended to prioritize the installation of these patches promptly to minimize the potential risks associated with these vulnerabilities. By keeping your systems up-to-date with the latest security patches and adopting proactive security practices, you can effectively safeguard your systems against potential cyber threats. This will help ensure the integrity and safety of your systems and data.
We hope this post lets you understand which vulnerabilities Microsoft released patches in June 2023 Patch Tuesday Report. Please share this post if you find this interested. Visit our website thesecmaster.com, and our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium, and Instagram and subscribe to receive updates like this.
Arun KL
Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.
