Microsoft June 2023 Patch Tuesday
On Tuesday, June 13, Microsoft released updates to address nearly 80 security issues in various products. Six of the flaws are rated critical: three in Windows Pragmatic General Multicast (PGM) service; and one each in .NET/Visual Studio, SharePoint Server, and Hyper-V. None of the vulnerabilities appear to be actively exploited.
This patch Tuesday turned out to be "average" in that it provided no patches for already disclosed or exploited vulnerabilities. Among the critical vulnerabilities, the SharePoint server issue deserves some attention. There is also yet another Exchange vulnerability, while only rated important, should not be overlooked.
As often happens, vulnerability hunters seem to have focused on PGM recently - this is the 3rd month in a row that critical PGM vulnerabilities need to be patched in Microsoft software. PGM is not a default on service, but it is commonly used – patching needs to be prioritized.
Of the nearly 80 vulnerabilities patched by Microsoft, four have a CVSS score of 9.8 [critical] and can allow for remote code execution. Organizations should place those four at the top of their prioritized patch list.
By now one hopes you're merely pushing these updates to commodity (Desktops, low impact servers), this bundle includes three RCE fixes for flaws in the Windows Pragmatic General Multicast (PGM) services, (CVE-2023-29363, CVE-2023-32014 and CVE-2023-32015) each with a CVSS score of 9.8, for good measure there are also critical fixes for Hyper-V and .NET. If you're still running SharePoint on-prem, you want to apply the privilege escalation flaw (CVE-2023-29357), then review why you're still running this locally.
Read more in
SC Magazine: Microsoft fixes six critical bugs on Patch Tuesday
Krebs on Security: Microsoft Patch Tuesday, June 2023 Edition