Skip to main content

Microsoft Monthly Security Update (June 2023)

Last Update Date: 1 Mar 2024 Release Date: 14 Jun 2023 13724 Views

RISK: Medium Risk

TYPE: Operating Systems - Windows OS

TYPE: Windows OS

Microsoft has released monthly security update for their products:

 

[Updated on 2023-06-21]

Installation of the June 2023 Windows update will not enable the resolution of the CVE-2023-32019 vulnerability. To enable the resolution, please refer to the following reference link: https://support.microsoft.com/en-gb/topic/kb5028407-how-to-manage-the-vulnerability-associated-with-cve-2023-32019-bd6ed35f-48b1-41f6-bd19-d2d97270f080

 

[Updated on 2023-08-16]

Microsoft has been released the mitigation of CVE-2023-32019 vulnerability enabled by default. To apply the enabled by default resolution, install the August 2023 Windows update that is dated on or after August 8, 2023. No further user action is required.

 

[Updated on 2024-01-15]

CVE-2023-29357 vulnerability is being actively exploited. An attacker who has gained access to spoofed JWT authentication tokens can use them to execute a network attack which bypasses authentication and allows them to gain access to the privileges of an authenticated user.

 

[Updated on 2024-03-01]

CVE-2023-29360 vulnerability is being actively exploited. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

 

Vulnerable ProductRisk LevelImpactsNotes
BrowserMedium Risk Medium RiskSecurity Restriction Bypass
Elevation of Privilege
Information Disclosure
 
Exchange ServerMedium Risk Medium RiskRemote Code Execution 
Microsoft DynamicsLow Risk Low RiskSpoofing 
Developer ToolsMedium Risk Medium RiskRemote Code Execution
Denial of Service
Information Disclosure
Spoofing
Elevation of Privilege
 
WindowsMedium Risk Medium RiskDenial of Service
Elevation of Privilege
Security Restriction Bypass
Information Disclosure
Remote Code Execution
Spoofing
CVE-2023-29360 is being exploited in the wild. 
Microsoft OfficeMedium Risk Medium RiskRemote Code Execution
Elevation of Privilege
Denial of Service
Spoofing
CVE-2023-29357 is being exploited in the wild. 
AzureLow Risk Low RiskSpoofing 
Extended Security Updates (ESU)Medium Risk Medium RiskElevation of Privilege
Remote Code Execution
Denial of Service
Information Disclosure
Spoofing
 

 

Number of 'Extremely High Risk' product(s): 0

Number of 'High Risk' product(s): 0

Number of 'Medium Risk' product(s): 7

Number of 'Low Risk' product(s): 2

Evaluation of overall 'Risk Level': Medium Risk

 


Impact

  • Denial of Service
  • Elevation of Privilege
  • Information Disclosure
  • Remote Code Execution
  • Spoofing
  • Security Restriction Bypass

System / Technologies affected

  • Browser
  • Exchange Server
  • Microsoft Dynamics
  • Developer Tools
  • Windows
  • Microsoft Office
  • Azure
  • Extended Security Updates (ESU)

Solutions

Before installation of the software, please visit the vendor web-site for more details.

  •  Apply fixes issued by the vendor.

Vulnerability Identifier


Source


Related Link