On 13 June 2023, Microsoft published their June 2023 Security Update which included patches for six vulnerabilities with a max severity of critical. According to Microsoft’s advisories, none of the vulnerabilities have been actively exploited at this time.
Windows
Impacted Products |
Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, Windows Server 2022 |
Windows 10, Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 Version 21H2, Windows 11 Version 22H2 |
CVE-2023-32014, CVE-2023-32015, CVE-2023-29363 (CVSS 9.8 – Critical): Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability- A threat actor could successfully exploit this vulnerability and achieve remote code execution by sending a specially crafted file over the network. The threat actor does not need privileges or user interaction to exploit.
Note: The Message Queuing (MSMQ) service must be enabled for a system to be vulnerable. This can be checked by looking for a service running named “Message Queuing” and TCP port 1801 listening on the host machine.
CVE-2023-32013 (CVSS 6.5 – Medium) Microsoft Max Severity- Critical: Windows Hyper-V Denial of Service Vulnerability- A threat actor needs basic user privileges to successfully exploit the vulnerability. Additional steps are needed to improve the reliability of the denial of service exploit.
Microsoft SharePoint
Impacted Products |
Microsoft SharePoint Server 2019 |
CVE-2023-29357 (CVSS 9.8 – Critical): Microsoft SharePoint Server Elevation of Privilege Vulnerability- A threat actor with access to spoofed JWT authentication tokens could successfully exploit this vulnerability to bypass authentication and obtain privileges of the authenticated user, including administrators. The threat actor does not need privileges or user interaction to exploit.
Microsoft .NET Framework and Microsoft Visual Studio
Impacted Products |
.NET 3.5, .NET 4.6.2, .NET 4.7, .NET 4.7.1, .NET 4.7.2, .NET 4.8, .NET 4.8.1, .NET 6.0, .NET 7.0 |
Microsoft Visual Studio 2013 Update 5, Microsoft Visual Studio 2015 Update 3, Microsoft Visual Studio 2017 Version 15.9, Microsoft Visual Studio 2019 Version 16.11, Microsoft Visual Studio 2022 Version 17.0, Microsoft Visual Studio 2022 Version 17.2, Microsoft Visual Studio 2022 Version 17.4, Microsoft Visual Studio 2022 Version 17.6 |
CVE-2023-24897 (CVSS 7.8 – High) Microsoft Max Severity- Critical: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability- A threat actor could successfully exploit this vulnerability and achieve remote code execution by social engineering the victim into performing downloading or opening a specially crafted file.
Note: User interaction is required to successfully exploit this vulnerability.
Recommendations
Recommendation #1: Apply Security Updates to Impacted Products
Arctic Wolf strongly recommends applying the available security updates to all impacted products to prevent potential exploitation.
Note: Arctic Wolf recommends the following change management best practices for deploying security patches, including testing changes in a dev environment before deploying to production to avoid operational impact.
Product | CVE | Update |
Windows 10 Version 1607 | CVE-2023-24897, CVE-2023-32015, CVE-2023-32014, CVE-2023-29363 | Security Update: 5027123, 5027219 |
Windows 10 Version 1809 | CVE-2023-24897, CVE-2023-32013, CVE-2023-32015, CVE-2023-32014, CVE-2023-29363 | Security Update: 5027536, 5027222 |
Windows 10 Version 21H2 | CVE-2023-24897, CVE-2023-32013, CVE-2023-32015, CVE-2023-32014, CVE-2023-29363 | Security Update: 5027537, 5027215 |
Windows 10 Version 22H2 | CVE-2023-24897, CVE-2023-32013, CVE-2023-32015, CVE-2023-32014, CVE-2023-29363 | Security Update: 5027538, 5027215 |
Windows 10 | CVE-2023-24897, CVE-2023-32015, CVE-2023-32014, CVE-2023-29363 | Security Update: 5027230 |
Windows 11 Version 22H2 | CVE-2023-24897, CVE-2023-32013, CVE-2023-32015, CVE-2023-32014, CVE-2023-29363 | Security Update: 5027119, 5027231 |
Windows 11 Version 21H2 | CVE-2023-24897, CVE-2023-32013, CVE-2023-32015, CVE-2023-32014, CVE-2023-29363 | Security Update: 5027539, 5027223 |
Windows Server 2008 R2 | CVE-2023-24897, CVE-2023-32015, CVE-2023-32014, CVE-2023-29363 | Monthly Rollup: 5027540, 5027275 |
Windows Server 2008 | CVE-2023-24897, CVE-2023-32015, CVE-2023-32014, CVE-2023-29363 | Monthly Rollup: 5027543, 5027279 |
Windows Server 2012 | CVE-2023-24897, CVE-2023-32015, CVE-2023-32014, CVE-2023-29363 | Monthly Rollup: 5027541, 5027283 |
Windows Server 2012 R2 | CVE-2023-24897, CVE-2023-32015, CVE-2023-32014, CVE-2023-29363 | Monthly Rollup: 5027542, 5027271 |
Windows Server 2016 | CVE-2023-24897, CVE-2023-32015, CVE-2023-32014, CVE-2023-29363 | Security Update: 5027219, 5027123 |
Windows Server 2019 | CVE-2023-24897, CVE-2023-32013, CVE-2023-32015, CVE-2023-32014, CVE-2023-29363 | Security Update: 5027536, 5027222 |
Windows Server 2022 | CVE-2023-24897, CVE-2023-32013, CVE-2023-32015, CVE-2023-32014, CVE-2023-29363 | Security Update: 5027544, 5027225 |
Microsoft Visual Studio 2017 Version 15.9 | CVE-2023-24897 | Release Notes |
Microsoft Visual Studio 2022 Version 17.2 | CVE-2023-24897 | Release Notes |
Microsoft Visual Studio 2019 Version 16.11 | CVE-2023-24897 | Release Notes |
Microsoft Visual Studio 2022 Version 17.0 | CVE-2023-24897 | Release Notes |
Microsoft Visual Studio 2022 Version 17.4 | CVE-2023-24897 | Release Notes |
Microsoft Visual Studio 2022 Version 17.6 | CVE-2023-24897 | Release Notes |
Microsoft Visual Studio 2013 Update 5 | CVE-2023-24897 | Security Update: 5026610 |
Microsoft Visual Studio 2015 Update 3 | CVE-2023-24897 | Security Update: 5025792 |
.NET 7.0 | CVE-2023-24897 | Security Update: 5027798 |
.NET 6.0 | CVE-2023-24897 | Security Update: 5027797 |
Microsoft SharePoint Server 2019 | CVE-2023-29357 | Security Update: 5002402, 5002403 |
Recommendation #2: Disable Message Queuing Service if not Required
To be vulnerable, CVE-2023-32014, CVE-2023-32015, CVE-2023-29363 require Message Queuing (MSMQ) service to be enabled. Consider disabling MSMQ if the service is not required in your environment to prevent exploitation.
Note: You can check by looking for a service running named “Message Queuing” and for TCP port 1801 listening on the system.
If disabling MSMQ is not feasible, consider blocking inbound connections to TCP port 1801 from suspicious sources.
Recommendation #3: Enable the AMSI Integration Feature with SharePoint Server
According to Microsoft, enabling the AMSI integration feature and using Microsoft Defender across an organisation’s SharePoint Server farms will mitigate CVE-2023-29357. Regardless of antivirus/antimalware provider, consider enabling the AMSI integration feature to harden your SharePoint Server environment.
References
- Microsoft Vulnerability Advisories: