Microsoft June “Patch Tuesday” Addresses 73 Vulnerabilities
On June 13th, Microsoft released their June. 2023 Patch Tuesday Security Updates and revealed 73 CVEs and 22 other non-Microsoft CVEs, one of which is known to be exploited in the wild.
The vulnerabilities affect popular platforms such as .Net and Visual Studio, Office SharePoint, Office Excel, Windows GPM, Microsoft Edge, Office Outlook, and more.
According to the National Vulnerability Database (NVD), four are CRITICAL severity vulnerabilities, 45 are HIGH severity vulnerabilities, 21 have a MEDIUM severity CVSS score and two are ranked as LOW severity; at the time of this post’s publish, one still did not receive a CVSS score.
CVE Details for Microsoft Patch Tuesday, June, 2023
The following table shows information about the Microsoft vulnerabilities found:
The following table shows information about the non-Microsoft vulnerabilities found:
Affected Software Details
The following video diagram shows a breakdown of the affected software components according to the type of vulnerability patched:
As you can see, the following products have the highest number of vulnerabilities:
- .NET and Visual Studio – .NET is a software framework developed by Microsoft that provides a runtime environment for building and running applications. Visual Studio is an integrated development environment (IDE) developed by Microsoft for creating software applications across various platforms and languages.
- Office SharePoint – a collaboration and document management platform that enables teams to share, organize, and manage information within an organization.
- Microsoft Edge – a web browser developed by Microsoft.
- Office Excel – a spreadsheet program in the Microsoft Office suite for data analysis and calculations.
- Windows GPM (Pragmatic General Multicast) – a network protocol for reliable and efficient multicast communication in Windows operating systems.
The following chart shows the total number of vulnerabilities by type, as found in Microsoft Patch Tuesday, June 2023:
The following vulnerability requires extra attention:
CVE-2023-3079 – Google Chrome
If you have any of the affected products listed above in your environment, make sure to patch your system immediately. Additionally, prioritize patching of the known exploited vulnerability and Critical Vulnerabilities which now pose the highest risk among the “June, 2023 Patch Tuesday” vulnerabilities.