TechSpot is celebrating its 25th anniversary. TechSpot means technical analysis and advice you can trust.
What just happened? Microsoft has released its June 2023 Patch Tuesday update that fixes 78 security vulnerabilities, including Windows and Windows components, Office and Office components, Exchange Server, Edge browser, SharePoint Server, .NET and 38 remote code execution (RCE) vulnerabilities in Visual Studio, Teams, Azure DevOps, Microsoft Dynamics and Remote Desktop client.
Six of the 38 RCE errors were classified as “critical”, some of which could lead to denial of service (DoS) attacks and elevation of privilege. As Bleeping Computer points out, Patch Tuesday doesn’t fix any zero-day vulnerabilities, but it’s still an important update because of the sheer number of bugs it fixes, including many classified as “critical.” The list of fixed bugs includes 17 privilege escalation bugs, 2 security feature bypass bugs, 32 RCE bugs, 5 information disclosure bugs, 10 DoS bugs, 10 spoofing bugs and 1 from Chromium code Edge Vulnerability for Library Flaws. However, it does not include the 16 Edge vulnerabilities fixed through a security bulletin published earlier this month.
One of the more notable flaws addressed by the latest Patch Tuesday is permissions in Microsoft SharePoint Elevate the vulnerability, tracked as CVE-2023-29357. According to Microsoft, the flaw could allow an attacker to gain the privileges of other users, including administrators. The vulnerability has been reported to be actively exploited in the wild, but there are no details about it yet. Another notable bug eliminated by the incoming update is the Microsoft Exchange Remote Code Execution Vulnerability, tracked as CVE-2023-32031. The bug reportedly allows authenticated remote code execution and, according to Microsoft’s advice, allows attackers to “trigger malicious code in the context of a server account via a network call.” However, unlike the SharePoint bug, there have been no reports of it being widely exploited. In addition to the aforementioned vulnerabilities, Microsoft has also patched multiple vulnerabilities in Office components such as Excel, Outlook, and OneNote. According to the company, some of these allow attackers to use maliciously crafted Excel and OneNote documents to perform remote code execution. Overall, the June 2023 Patch Tuesday Update brings several critical patches to Microsoft products, so download and install them on your devices as soon as possible to maintain your online security. Also, in related news, Windows 10 version 21H2 is ending service (EoS) this week, which means Microsoft will no longer release Windows 10 Home, Pro, Pro Education, and Workstation Pro editions of that version. renew. Users running outdated versions should update their systems to Windows 10 version 22H2, which will be supported until October 2025.
