Microsoft Corp. has released software updates to address security vulnerabilities in its Windows operating systems and other software. In June 2023’s Patch Tuesday, Microsoft addressed at least 70 security issues, with none of them reported by the company as exploited in the wild. Even better for system administrators, this patch load doesn’t appear to be marred by the active exploitation of a zero-day vulnerability in Microsoft’s products.
Although none of the vulnerabilities have been exploited in the wild yet, Microsoft has flagged several attacks. One of them, CVE-2023-29357, is a “critical” flaw in Microsoft SharePoint Server that can be exploited by an unauthenticated attacker on the same network. This security flaw has earned a “10” rating in the Common Vulnerability Scoring System (CVSS), scoring a 9.8, which is almost as risky as it can get. An attacker who can gain admin access to an internal SharePoint server can potentially cause significant damage to an organization.
Kevin Breen, the director of cyber threat research at Immersive labs stated: “Gaining access to sensitive and privileged documents, stealing and deleting documents as part of a ransomware attack or replacing real documents with malicious copies to further infect users in the organization.”
Meanwhile, there are at least three other vulnerabilities that received a collective 9.8 CVSS score, and they all relate to the Windows Pragmatic General Multicast (PGM). PGM is used for delivering multicast data such as video streaming or online gaming. Security firm Action1 says all three bugs (CVE-2023-32015, CVE-2023-32014, and CVE-2023-29363) can be exploited over the network, without requiring any privileges or user interaction. These flaws affect all versions of Windows Server 2008 and later, as well as Windows 10 and later.
As is typical on Patch Tuesdays, there were also security updates for organizations using Microsoft Exchange for email. Breen noted that this month’s exchange vulnerabilities (CVE-2023-32031 and CVE-2023-28310) bore a strong resemblance to those identified during the ProxyNotShell exploits. An authenticated user on the network could leverage an Exchange vulnerability to execute code on the server. Breen said that while Microsoft’s patch notes indicate that an attacker must have already gained access to a vulnerable host inside the network, this is typically achieved through spear phishing.
Breen also noted that the Exchange vulnerabilities are not very difficult for attackers to leverage. He said: “Just because your Exchange server doesn’t have internet-facing authentication doesn’t mean it’s protected.”
The always-useful Patch Tuesday roundup from the SANS Internet Storm Center provides a closer look at the patches released by Microsoft today, indexed by severity and other metrics. It is advisable to wait for a few days before updating your system, until Microsoft irons out any kinks in the updates as per AskWoody.com., which usually has the lowdown on any problems faced by Windows users after applying patches.
As always, it is advisable to back up your data and documents before applying system updates. If you face any issues with the updates, please leave a note about it in the comments section.