Service Notices

All Notices > Security Notices > Microsoft Releases June 2023 Security Updates

Microsoft Releases June 2023 Security Updates

Jun 15, 2023 GMT+08:00

I. Overview

Microsoft has released its June 2023 Security Updates. A total of 70 security vulnerabilities have been disclosed, among which 6 are marked as important vulnerabilities. Attackers can exploit these vulnerabilities to implement remote code execution, privilege escalation, and security feature bypass. The affected applications include components such as Microsoft Windows, Microsoft Office, Windows Hyper-V and .NET.

For details, visit the Microsoft official website:

https://msrc.microsoft.com/update-guide/releaseNote/2023-Jun

8 vulnerabilities (such as CVE-2023-29357, CVE-2023-32031, and CVE-2023-28310) are marked as Exploitation More Likely. For details, see the official announcement. Please perform security self-check and security hardening in a timely manner to reduce attack risks.

II. Severity

Severity: important

(Severity: low, moderate, important, and critical)

III. Affected Products

Microsoft Windows, Microsoft Office, Windows Hyper-V, .NET, and other products.

IV. Vulnerability Details

CVE ID

Vulnerability

Severity

Description

CVE-2023-29363

CVE-2023-32014

CVE-2023-32015

Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability

Important

When Windows message queuing service is running in a PGM Server environment, an attacker could send a specially crafted file over the network to achieve remote code execution and attempt to trigger malicious code.

CVE-2023-29357

Microsoft SharePoint Server Elevation of Privilege Vulnerability

Important

An attacker who has gained access to spoofed JWT authentication tokens can use them to execute a network attack which bypasses authentication and allows them to gain administrator privileges.

CVE-2023-24897

.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability

Important

A remote attacker could trigger this vulnerability by inducing the victim to download and open a specially crafted file, which enables arbitrary code execution on the target system.

CVE-2023-32013

Windows Hyper-V Denial of Service Vulnerability

Important

A remote attacker could send malicious input to applications, resulting in denial of service (DoS) of Hyper-V physical machines.

(Note: Vulnerabilities listed above are important ones. For more information, refer to the official website of Microsoft.)

V. Security Recommendations

1. Use Windows Update or download patches from the following address to fix the vulnerabilities:

https://msrc.microsoft.com/update-guide

2. Back up data remotely to protect your data.

Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.