Microsoft June “Patch Tuesday” Addresses 73 Vulnerabilities
On June 13th, Microsoft released their June. 2023 Patch Tuesday Security Updates and revealed 73 CVEs and 22 other non-Microsoft CVEs, one of which is known to be exploited in the wild.
The vulnerabilities affect popular platforms such as .Net and Visual Studio, Office SharePoint, Office Excel, Windows GPM, Microsoft Edge, Office Outlook, and more.
According to the National Vulnerability Database (NVD), four are CRITICAL severity vulnerabilities, 45 are HIGH severity vulnerabilities, 21 have a MEDIUM severity CVSS score and two are ranked as LOW severity; at the time of this post’s publish, one still did not receive a CVSS score.
CVE Details for Microsoft Patch Tuesday, June, 2023
The following table shows information about the Microsoft vulnerabilities found:
A summary of the Microsoft software vulnerabilities found in Microsoft Patch Tuesday, June, 2023, according to their type and severity
Non-Microsoft CVEs
The following table shows information about the non-Microsoft vulnerabilities found:
A summary of the non-Microsoft software vulnerabilities found in Microsoft Patch Tuesday, June, 2023, according to their type and severity
Affected Software Details
The following video diagram shows a breakdown of the affected software components according to the type of vulnerability patched:
As you can see, the following products have the highest number of vulnerabilities:
- .NET and Visual Studio – .NET is a software framework developed by Microsoft that provides a runtime environment for building and running applications. Visual Studio is an integrated development environment (IDE) developed by Microsoft for creating software applications across various platforms and languages.
- Office SharePoint – a collaboration and document management platform that enables teams to share, organize, and manage information within an organization.
- Microsoft Edge – a web browser developed by Microsoft.
- Office Excel – a spreadsheet program in the Microsoft Office suite for data analysis and calculations.
- Windows GPM (Pragmatic General Multicast) – a network protocol for reliable and efficient multicast communication in Windows operating systems.
Vulnerability Types
The following chart shows the total number of vulnerabilities by type, as found in Microsoft Patch Tuesday, June 2023:
The following vulnerability requires extra attention:
CVE-2023-3079 – Google Chrome
CVE-2023-3079 is an 8.8 High vulnerability in Google Chrome which is known to be exploited in the wild. The vulnerability was announced on June 5th and is included in the non-Microsoft CVEs list of Microsoft Patch Tuesday for June, 2023. The vulnerability is caused by a type confusion in the V8 JavaScript engine. A remote attacker can successfully exploit the vulnerability by creating a crafted HTML page to achieve heap corruption. The vulnerability affects all Google Chrome application versions prior to 114.0.5735.110 in Windows, Linux, and MacOS.
Recommendations
If you have any of the affected products listed above in your environment, make sure to patch your system immediately. Additionally, prioritize patching of the known exploited vulnerability and Critical Vulnerabilities which now pose the highest risk among the “June, 2023 Patch Tuesday” vulnerabilities.
