Six Critical Vulnerabilities Patched with Microsoft’s June Security Update

Share :

On 13 June 2023, Microsoft published their June 2023 Security Update which included patches for six vulnerabilities with a max severity of critical. According to Microsoft’s advisories, none of the vulnerabilities have been actively exploited at this time.

Windows

Impacted Products
Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, Windows Server 2022
Windows 10, Windows 10 Version 1607, Windows 10 Version 1809, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 11 Version 21H2, Windows 11 Version 22H2

 

CVE-2023-32014, CVE-2023-32015, CVE-2023-29363 (CVSS 9.8 – Critical): Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability- A threat actor could successfully exploit this vulnerability and achieve remote code execution by sending a specially crafted file over the network. The threat actor does not need privileges or user interaction to exploit.

Note: The Message Queuing (MSMQ) service must be enabled for a system to be vulnerable. This can be checked by looking for a service running named “Message Queuing” and TCP port 1801 listening on the host machine.

CVE-2023-32013 (CVSS 6.5 – Medium) Microsoft Max Severity- Critical: Windows Hyper-V Denial of Service Vulnerability- A threat actor needs basic user privileges to successfully exploit the vulnerability. Additional steps are needed to improve the reliability of the denial of service exploit.

Microsoft SharePoint

Impacted Products
Microsoft SharePoint Server 2019

 

CVE-2023-29357 (CVSS 9.8 – Critical): Microsoft SharePoint Server Elevation of Privilege Vulnerability- A threat actor with access to spoofed JWT authentication tokens could successfully exploit this vulnerability to bypass authentication and obtain privileges of the authenticated user, including administrators. The threat actor does not need privileges or user interaction to exploit.

Microsoft .NET Framework and Microsoft Visual Studio

Impacted Products
.NET 3.5, .NET 4.6.2, .NET 4.7, .NET 4.7.1, .NET 4.7.2, .NET 4.8, .NET 4.8.1, .NET 6.0, .NET 7.0
Microsoft Visual Studio 2013 Update 5, Microsoft Visual Studio 2015 Update 3, Microsoft Visual Studio 2017 Version 15.9, Microsoft Visual Studio 2019 Version 16.11, Microsoft Visual Studio 2022 Version 17.0, Microsoft Visual Studio 2022 Version 17.2, Microsoft Visual Studio 2022 Version 17.4, Microsoft Visual Studio 2022 Version 17.6

 

CVE-2023-24897 (CVSS 7.8 – High) Microsoft Max Severity- Critical: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability- A threat actor could successfully exploit this vulnerability and achieve remote code execution by social engineering the victim into performing downloading or opening a specially crafted file.

Note: User interaction is required to successfully exploit this vulnerability.

Recommendations

Recommendation #1: Apply Security Updates to Impacted Products

Arctic Wolf strongly recommends applying the available security updates to all impacted products to prevent potential exploitation.

Note: Arctic Wolf recommends the following change management best practices for deploying security patches, including testing changes in a dev environment before deploying to production to avoid operational impact.

Product CVE Update
Windows 10 Version 1607 CVE-2023-24897, CVE-2023-32015, CVE-2023-32014, CVE-2023-29363 Security Update: 5027123, 5027219
Windows 10 Version 1809 CVE-2023-24897, CVE-2023-32013, CVE-2023-32015, CVE-2023-32014, CVE-2023-29363 Security Update: 5027536, 5027222
Windows 10 Version 21H2 CVE-2023-24897, CVE-2023-32013, CVE-2023-32015, CVE-2023-32014, CVE-2023-29363 Security Update: 5027537, 5027215
Windows 10 Version 22H2 CVE-2023-24897, CVE-2023-32013, CVE-2023-32015, CVE-2023-32014, CVE-2023-29363 Security Update: 5027538, 5027215
Windows 10 CVE-2023-24897, CVE-2023-32015, CVE-2023-32014, CVE-2023-29363 Security Update: 5027230
Windows 11 Version 22H2 CVE-2023-24897, CVE-2023-32013, CVE-2023-32015, CVE-2023-32014, CVE-2023-29363 Security Update: 5027119, 5027231
Windows 11 Version 21H2 CVE-2023-24897, CVE-2023-32013, CVE-2023-32015, CVE-2023-32014, CVE-2023-29363 Security Update: 5027539, 5027223
Windows Server 2008 R2 CVE-2023-24897, CVE-2023-32015, CVE-2023-32014, CVE-2023-29363 Monthly Rollup: 5027540, 5027275

Security Update: 5027531, 5027256

Windows Server 2008 CVE-2023-24897, CVE-2023-32015, CVE-2023-32014, CVE-2023-29363 Monthly Rollup: 5027543, 5027279

Security Update: 5027534, 5027277

Windows Server 2012 CVE-2023-24897, CVE-2023-32015, CVE-2023-32014, CVE-2023-29363 Monthly Rollup: 5027541, 5027283

Security Update: 5027532, 5027281

Windows Server 2012 R2 CVE-2023-24897, CVE-2023-32015, CVE-2023-32014, CVE-2023-29363 Monthly Rollup: 5027542, 5027271

Security Update: 5027533, 5027282

Windows Server 2016 CVE-2023-24897, CVE-2023-32015, CVE-2023-32014, CVE-2023-29363 Security Update: 5027219, 5027123
Windows Server 2019 CVE-2023-24897, CVE-2023-32013, CVE-2023-32015, CVE-2023-32014, CVE-2023-29363 Security Update: 5027536, 5027222
Windows Server 2022 CVE-2023-24897, CVE-2023-32013, CVE-2023-32015, CVE-2023-32014, CVE-2023-29363 Security Update: 5027544, 5027225
Microsoft Visual Studio 2017 Version 15.9 CVE-2023-24897 Release Notes
Microsoft Visual Studio 2022 Version 17.2 CVE-2023-24897 Release Notes
Microsoft Visual Studio 2019 Version 16.11 CVE-2023-24897 Release Notes
Microsoft Visual Studio 2022 Version 17.0 CVE-2023-24897 Release Notes
Microsoft Visual Studio 2022 Version 17.4 CVE-2023-24897 Release Notes
Microsoft Visual Studio 2022 Version 17.6 CVE-2023-24897 Release Notes
Microsoft Visual Studio 2013 Update 5 CVE-2023-24897 Security Update: 5026610
Microsoft Visual Studio 2015 Update 3 CVE-2023-24897 Security Update: 5025792
.NET 7.0 CVE-2023-24897 Security Update: 5027798
.NET 6.0 CVE-2023-24897 Security Update: 5027797
Microsoft SharePoint Server 2019 CVE-2023-29357 Security Update: 5002402, 5002403

Recommendation #2: Disable Message Queuing Service if not Required

To be vulnerable, CVE-2023-32014, CVE-2023-32015, CVE-2023-29363 require Message Queuing (MSMQ) service to be enabled. Consider disabling MSMQ if the service is not required in your environment to prevent exploitation.

Note: You can check by looking for a service running named “Message Queuing” and for TCP port 1801 listening on the system.

If disabling MSMQ is not feasible, consider blocking inbound connections to TCP port 1801 from suspicious sources.

Recommendation #3: Enable the AMSI Integration Feature with SharePoint Server

According to Microsoft, enabling the AMSI integration feature and using Microsoft Defender across an organisation’s SharePoint Server farms will mitigate CVE-2023-29357. Regardless of antivirus/antimalware provider, consider enabling the AMSI integration feature to harden your SharePoint Server environment.

References

Steven Campbell

Steven Campbell

Steven Campbell is a Senior Threat Intelligence Researcher at Arctic Wolf Labs and has more than eight years of experience in intelligence analysis and security research. He has a strong background in infrastructure analysis and adversary tradecraft.
Share :
Table of Contents
Categories