Microsoft addresses 73 software vulnerabilities on June 2023 Patch Tuesday

Microsoft released updates to fix important security holes in its Windows operating system and other software components during the June 2023 Patch Tuesday updates. Of 73 identified vulnerabilities, six are rated Critical, 63 Important, two Moderated, and one Low as for gravity. This also includes three issues that the tech giant has fixed in its Chromium-based Edge browser.

Edge security and the zero-day bug

It should be noted that Microsoft has also fixed 26 other flaws in Edge, all related to Chromium, since it released the Patch Tuesday updates in May. This includes zero-day bug CVE-2023-3079, which Google revealed was being actively exploited last week. The June 2023 updates also mark the first time in several months that we don't see any zero-day defects in Microsoft products that are known to the public or under active attack at the time of release.

Major fixes: SharePoint and Windows PGM

At the top of the list of fixes is CVE-2023-29357 (CVSS score: 9.8), a privilege escalation flaw in SharePoint Server that could be exploited by an attacker to gain administrator privileges. "An attacker who has gained access to forged JWT authentication tokens can use them to perform a network attack that bypasses authentication and allows him to gain access to the privileges of an authenticated user," Microsoft said. Additionally, three serious remote code execution flaws (CVE-2023-29363, CVE-2023-32014, and CVE-2023-32015, CVSS score: 9.8) in Windows Pragmatic General Multicast (PGM) were addressed by Redmond which could be exploited to "obtain remote code execution and attempt to activate malicious code."

Software patches from other vendors

In addition to Microsoft, other vendors have also released security updates in recent months to address various vulnerabilities. Among them are Adobe, Android, Arm, Cisco, Citrix, Dell, Drupal, F5, Fortinet, GitLab, Google Chrome, Hitachi Energy, HP, IBM, Lenovo, various Linux distributions including Debian, Oracle Linux, Red Hat, SUSE and Ubuntu, MediaTek, Mitsubishi Electric, MOVEit Transfer, Mozilla Firefox, Firefox ESR and Thunderbird, NETGEAR, Qualcomm, Samsung, SAP, Schneider Electric, Siemens, Splunk, Synology, Trend Micro, Veritas, VMware, WordPress, Zoom and Zyxel.