AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Microsoft addresses 73 software vulnerabilities on June 2023 Patch Tuesday

Tech giant fixes a number of critical security flaws, including a Chromium zero-day bug, in its latest update

This pill is also available in Italian language

Microsoft released updates to fix important security holes in its Windows operating system and other software components during the June 2023 Patch Tuesday updates. Of 73 identified vulnerabilities, six are rated Critical, 63 Important, two Moderated, and one Low as for gravity. This also includes three issues that the tech giant has fixed in its Chromium-based Edge browser.

Edge security and the zero-day bug

It should be noted that Microsoft has also fixed 26 other flaws in Edge, all related to Chromium, since it released the Patch Tuesday updates in May. This includes zero-day bug CVE-2023-3079, which Google revealed was being actively exploited last week. The June 2023 updates also mark the first time in several months that we don't see any zero-day defects in Microsoft products that are known to the public or under active attack at the time of release.

Major fixes: SharePoint and Windows PGM

At the top of the list of fixes is CVE-2023-29357 (CVSS score: 9.8), a privilege escalation flaw in SharePoint Server that could be exploited by an attacker to gain administrator privileges. "An attacker who has gained access to forged JWT authentication tokens can use them to perform a network attack that bypasses authentication and allows him to gain access to the privileges of an authenticated user," Microsoft said. Additionally, three serious remote code execution flaws (CVE-2023-29363, CVE-2023-32014, and CVE-2023-32015, CVSS score: 9.8) in Windows Pragmatic General Multicast (PGM) were addressed by Redmond which could be exploited to "obtain remote code execution and attempt to activate malicious code."

Software patches from other vendors

In addition to Microsoft, other vendors have also released security updates in recent months to address various vulnerabilities. Among them are Adobe, Android, Arm, Cisco, Citrix, Dell, Drupal, F5, Fortinet, GitLab, Google Chrome, Hitachi Energy, HP, IBM, Lenovo, various Linux distributions including Debian, Oracle Linux, Red Hat, SUSE and Ubuntu, MediaTek, Mitsubishi Electric, MOVEit Transfer, Mozilla Firefox, Firefox ESR and Thunderbird, NETGEAR, Qualcomm, Samsung, SAP, Schneider Electric, Siemens, Splunk, Synology, Trend Micro, Veritas, VMware, WordPress, Zoom and Zyxel.

Follow us on Telegram for more pills like this

06/14/2023 08:42

Editorial AI

Complementary pills

Patched critical security vulnerability in Windows: details emergeThe exploit, now fixed, gave attackers potential access to system privileges. Cybersecurity firm Numen Cyber reveals how the important loophole could have been exploited

Last pills

Serious vulnerability discovered in Rabbit R1: all user data at riskVulnerability in Rabbit R1 exposes sensitive API keys. What are the privacy risks?

Cyber attack in Indonesia: the new Brain Cipher ransomware brings services to their kneesNew ransomware hits Indonesia: learn how Brain Cipher crippled essential services and the techniques used by hackers

Patelco Credit Union: security incident halts customer services in CaliforniaService disruption and customer frustration: Patelco Credit Union works to resolve security incident

Cyber attack on TeamViewer: immediate response and investigations underwayStrengthened security measures and international collaborations to counter the cyber threat