Microsoft Monthly Security Update (June 2023)

Last Update Date: 1 Mar 2024 Release Date: 14 Jun 2023 10122 Views

RISK: Medium Risk

Medium Risk

TYPE: Operating Systems - Windows OS

TYPE: Windows OS

Microsoft has released monthly security update for their products:

 

[Updated on 2023-06-21]

Installation of the June 2023 Windows update will not enable the resolution of the CVE-2023-32019 vulnerability. To enable the resolution, please refer to the following reference link: https://support.microsoft.com/en-gb/topic/kb5028407-how-to-manage-the-vulnerability-associated-with-cve-2023-32019-bd6ed35f-48b1-41f6-bd19-d2d97270f080

 

[Updated on 2023-08-16]

Microsoft has been released the mitigation of CVE-2023-32019 vulnerability enabled by default. To apply the enabled by default resolution, install the August 2023 Windows update that is dated on or after August 8, 2023. No further user action is required.

 

[Updated on 2024-01-15]

CVE-2023-29357 vulnerability is being actively exploited. An attacker who has gained access to spoofed JWT authentication tokens can use them to execute a network attack which bypasses authentication and allows them to gain access to the privileges of an authenticated user.

 

[Updated on 2024-03-01]

CVE-2023-29360 vulnerability is being actively exploited. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

 

Vulnerable ProductRisk LevelImpactsNotes
BrowserMedium Risk Medium RiskSecurity Restriction Bypass
Elevation of Privilege
Information Disclosure		 
Exchange ServerMedium Risk Medium RiskRemote Code Execution 
Microsoft DynamicsLow Risk Low RiskSpoofing 
Developer ToolsMedium Risk Medium RiskRemote Code Execution
Denial of Service
Information Disclosure
Spoofing
Elevation of Privilege		 
WindowsMedium Risk Medium RiskDenial of Service
Elevation of Privilege
Security Restriction Bypass
Information Disclosure
Remote Code Execution
Spoofing		CVE-2023-29360 is being exploited in the wild. 
Microsoft OfficeMedium Risk Medium RiskRemote Code Execution
Elevation of Privilege
Denial of Service
Spoofing		CVE-2023-29357 is being exploited in the wild. 
AzureLow Risk Low RiskSpoofing 
Extended Security Updates (ESU)Medium Risk Medium RiskElevation of Privilege
Remote Code Execution
Denial of Service
Information Disclosure
Spoofing		 

 

Number of 'Extremely High Risk' product(s): 0

Number of 'High Risk' product(s): 0

Number of 'Medium Risk' product(s): 7

Number of 'Low Risk' product(s): 2

Evaluation of overall 'Risk Level': Medium Risk

 

Impact

  • Denial of Service
  • Elevation of Privilege
  • Information Disclosure
  • Remote Code Execution
  • Spoofing
  • Security Restriction Bypass

System / Technologies affected

  • Browser
  • Exchange Server
  • Microsoft Dynamics
  • Developer Tools
  • Windows
  • Microsoft Office
  • Azure
  • Extended Security Updates (ESU)

Solutions

Before installation of the software, please visit the vendor web-site for more details.

  •  Apply fixes issued by the vendor.

Vulnerability Identifier

Source

Related Link

 

Related Tags

MicrosoftDenial of ServiceElevation of PrivilegeRemote Code ExecutionSecurity Restriction BypassInformation DisclosureSpoofingExploit In The Wild

Share with

Previous

Google Chrome Multiple Vulnerabilities

29 Feb 2024 3495 Views

Next

Microsoft Edge Remote Code Execution vulnerabilities

1 Mar 2024 1765 Views

More Articles

RISK: Extremely High Risk

Extremely High Risk

Microsoft Monthly Security Update (August 2023)

Security Bulletin

MicrosoftDenial of ServiceElevation of PrivilegeRemote Code ExecutionSecurity Restriction BypassInformation DisclosureSpoofingZero-dayExploit In The Wild

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY