News

Microsoft fixed 78 vulnerabilities, including 38 RCE bugs

Security Parrot Editorial Team

Microsoft Fixes 78 Vulnerabilities in June Service Pack

Microsoft released the June service pack this week, fixing 78 vulnerabilities in total, including 38 remote code execution (RCE) vulnerabilities. Of the 38 RCE vulnerabilities, six were rated “critical” and related to denial of service, remote code execution, and privilege escalation. In addition, 16 vulnerabilities in the Microsoft Edge browser were fixed separately this month.
Interestingly, this time the company’s developers did not report any zero-day vulnerabilities or bugs that are actively exploited by hackers.

Most Serious Bugs Fixed

The most serious of the bugs fixed in June were:
CVE-2023-29357 (CVSS score 9.8) – A vulnerability in Microsoft SharePoint Server is a privilege escalation issue in Microsoft SharePoint that could allow attackers to gain privileges from other users, including administrators.
“An attacker with access to fake JWT authentication tokens could use them to perform a network attack that would bypass authentication and gain access to the privileges of the authenticated user,” Microsoft said.
CVE-2023-32031 (CVSS score 7.7) is a remote and authenticated code execution vulnerability in Microsoft Exchange Server.
“An attacker exploiting this vulnerability could attack server accounts through arbitrary and remote code execution. Once an authenticated user, an attacker could attempt to run malicious code in the context of a server account,” according to a Microsoft bulletin.
Three other CVSS-rated 9.8 vulnerabilities allow remote code execution (RCE): CVE-2023-29363, CVE-2023-32014, and CVE-2023-32015. All of them allow a remote, unauthenticated attacker to execute malicious Windows code where the Message Queuing service runs in a Pragmatic General Multicast (PGM) server environment.

Microsoft Updates

Microsoft has also released many updates for Microsoft Office and fixed issues that could allow malicious Excel and OneNote documents to be used for remote code execution. These vulnerabilities have received identifiers: CVE-2023-32029 (Excel), CVE-2023-33133 (Excel), CVE-2023-33137 (Excel), CVE-2023-33140 (OneNote) and CVE-2023-33131 (Outlook). It is noted that in order to exploit bugs in OneNote and Outlook, the user needs to click on a link in a malicious file or email.
In addition to Microsoft, other companies have traditionally released updates for their products.

Share this Article
Exit mobile version
Lost your password?