9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.053 Low
EPSS
Percentile
92.0%
Microsoft has released June's edition of Patch Tuesday! This installment of security updates addressed 94 security vulnerabilities in various products, features, and roles.
No zero-day vulnerabilities known to be exploited in the wild have been fixed in this month's Patch Tuesday edition. Sixof these 94 vulnerabilities****are rated as critical and70 as important. This month's security updates covered17 Microsoft Edge (Chromium-based) vulnerabilities patched earlier this month.
Microsoft Patch Tuesday, June edition includes updates for vulnerabilities in Microsoft Office and Components, Microsoft Exchange Server, Win32K, Windows TPM Device Driver, Windows Remote Procedure Call Runtime, Windows PGM, Microsoft Printer Drivers, Windows Hello, Windows Kernel, DNS Server, Windows SMB, Windows Server Service, Microsoft Power Apps, and more.
Microsoft has fixed several flaws in multiple software, including Denial of Service (DoS), Elevation of Privilege (EoP), Information Disclosure, Remote Code Execution (RCE), Security Feature Bypass, and Spoofing.
The June 2023 Microsoft vulnerabilities are classified as follows:
Vulnerability Category | Quantity | Severities |
---|---|---|
Spoofing Vulnerability | 10 | Important: 9 |
Denial of Service Vulnerability | 10 | Critical: 1 |
Important: 9 | ||
Elevation of Privilege Vulnerability | 17 | Critical: 1 |
Important: 15 | ||
Information Disclosure Vulnerability | 5 | Important: 5 |
Remote Code Execution Vulnerability | 32 | Critical: 4 |
Important: 24 | ||
Security Feature Bypass Vulnerability | 3 | Important: 4 |
Microsoft Edge (Chromium-based) | 17 |
Adobe has released only Four security advisories for June. The advisories addressed 18 critical and important vulnerabilities in Adobe Experience Manager, Adobe Commerce, Adobe Animate, and Substance 3D Designer.**Four **of the 18 vulnerabilities are rated as critical. Successful exploitation of the vulnerabilities could lead to arbitrary code execution and security feature bypass.
Microsoft SharePoint is a web-based document management and collaboration platform that helps share files, data, news, and resources. The application transforms business processes by providing simple sharing and seamless collaboration.
An attacker with access to spoofed JWT authentication tokens may exploit this vulnerability to execute a network attack. A successful network attack will bypass authentication and allow an attacker to gain access as an authenticated user. On successful exploitation of the vulnerability, an attacker would gain administrator privileges.
To exploit this vulnerability, an attacker must convince a user to download and open a specially crafted file from a website through social engineering. The malicious link will lead to a local attack on their computer and allow an attacker to perform remote code execution.
Windows Hyper-V is a piece of software that allows hardware virtualization. IT professionals and software developers use virtualization to test software on multiple operating systems. Hyper-V enables working professionals to perform these tasks smoothly. With the help of Hyper-V, one can create virtual hard drives, virtual switches, and numerous different virtual devices, all of which can be added to virtual machines.
To exploit this vulnerability, an attacker must prepare the target environment to improve exploit reliability. A network attacker with low privileges may exploit this vulnerability in a low-complexity attack to cause a denial of service (DoS) situation.
Pragmatic General Multicast (PGM), a.k.a. 'reliable multicast,' is a scalable receiver-reliable protocol. PGM allows receivers to detect loss, request retransmission of lost data, or notify an application of unrecoverable loss. PGM is best suited for applications that require duplicate-free multicast data delivery from multiple sources to multiple receivers.
Windows message queuing service must be running in a PGM Server environment to exploit the vulnerability. When the service is running, an attacker may send a specially crafted file over the network to achieve remote code execution. The Windows message queuing service is a Windows component that needs to be enabled for a system to be exploitable by this vulnerability. This feature can be added with the help of the Control Panel.
This month's release notes cover multiple Microsoft product families and products/versions affected, including, but not limited to, Azure DevOps, .NET and Visual Studio, Microsoft Dynamics, Windows CryptoAPI, .NET Framework, .NET Core, NuGet Client, Microsoft Edge (Chromium-based), Windows NTFS, Windows Group Policy, Remote Desktop Client, SysInternals, Windows DHCP Server, Microsoft Office SharePoint, Windows GDI, Windows Cloud Files Mini Filter Driver Windows Authentication Methods, Microsoft Windows Codecs Library, Windows Geolocation Service, Windows OLE, Windows Filtering, Microsoft WDAC OLE DB provider for SQL, Windows ODBC Driver, Windows Resilient File System (ReFS), Windows Collaborative Translation Framework, Windows Bus Filter Driver, Windows iSCSI, Windows Container Manager Service, Windows Hyper-V, and Windows Installer.
Qualys VMDR automatically detects new Patch Tuesday vulnerabilities using continuous updates to its Knowledgebase (KB).
You can see all your impacted hosts by these vulnerabilities using the following QQL query:
vulnerabilities.vulnerability: ( qid:110437
OR qid:110438
OR qid:110439
OR qid:378574
OR qid:50126
OR qid:92021
OR qid:92022
OR qid:92023
OR qid:92024
OR qid:92025
OR qid:92027
)
VMDR rapidly remediates Windows hosts by deploying the most relevant and applicable per-technology version patches. You can simply select respective QIDs in the Patch Catalog and filter on the “Missing” patches to identify and deploy the applicable, available patches with one click.
The following QQL will return the missing patches for this Patch Tuesday:
( qid:110437
OR qid:110438
OR qid:110439
OR qid:378574
OR qid:50126
OR qid:92021
OR qid:92022
OR qid:92023
OR qid:92024
OR qid:92025
OR qid:92027
)
Qualys Policy Compliance Control Library makes it easy to evaluate your technology infrastructure when the current situation requires implementation validation of vendor-suggested mitigation or workaround.
Mitigation refers to a setting, standard configuration, or general best practice existing in a default state that could reduce the severity of the exploitation of a vulnerability.
A workaround is sometimes used temporarily for achieving a task or goal when the usual or planned method isn't working. Information technology often uses a workaround to overcome hardware, programming, or communication problems. Once a problem is fixed, a workaround is usually abandoned. Source
The following Qualys Policy Compliance Control IDs (CIDs), and System Defined Controls (SDC) have been updated to support Microsoft recommended mitigation(s) for this Patch Tuesday:
This vulnerability has a CVSSv3.1 9.8 / 8.5
Policy Compliance Control IDs (CIDs):
19494 Status of Anti-Malware Scan Interface (AMSI) protection
This vulnerability has a CVSSv3.1 9.8 / 8.5
Policy Compliance Control IDs (CIDs):
4030 `Status of the 'Windows Message Queuing Service'
14916 Status of Windows Services
14297 Status of the open network connections and listening ports (Qualys Agent only)
This vulnerability has a CVSSv3.1 5.3 / 4.6
Policy Compliance Control IDs (CIDs):
26238 Status of the DHCP Failover Configuration
This vulnerability has a CVSSv3.1 7.6 / 6.6
Policy Compliance Control IDs (CIDs):
26239 Status of the AD-detached clusters configured on the host (Qualys Agent Only)
This vulnerability has a CVSSv3.1 7.1 / 6.2
Policy Compliance Control IDs (CIDs):
26239 Status of the AD-detached clusters configured on the host (Qualys Agent Only)
The following QQL will return a posture assessment for the CIDs for this Patch Tuesday:
control.id: [4030,14916,14297,19494,26238,26239]
Qualys Custom Assessment and Remediation (CAR) can be leveraged to execute mitigation steps provided by MSRC on vulnerable assets.
This vulnerability has a CVSSv3.1 score of 9.8/10.
The next Patch Tuesday falls on July 11, and we'll be back with details and patch analysis. Until next Patch Tuesday, stay safe and secure. Be sure to subscribe to the 'This Month in Vulnerabilities and Patches webinar.'
The Qualys Research team hosts a monthly webinar series to help our existing customers leverage the seamless integration between Qualys Vulnerability Management Detection Response (VMDR) and Qualys Patch Management. Combining these two solutions can reduce the median time to remediate critical vulnerabilities.
During the webcast, we will discuss this month's high-impact vulnerabilities, including those that are part of this month's Patch Tuesday alert. We will walk you through the necessary steps to address the key vulnerabilities using Qualys VMDR and Qualys Patch Management.
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.053 Low
EPSS
Percentile
92.0%