Home > Security Bulletins > Microsoft Patch Tuesday – June 2023

Microsoft Patch Tuesday – June 2023


Microsoft Patch Tuesday

This month’s Patch Tuesday fixes a total of 78 vulnerabilities, with 38 of those being for Remote Code Execution. 6 vulnerabilities are rated as Critical by Microsoft.

None of the vulnerabilities this month are zero-days.

Fixes for multiple products were released as usual. The most important patches are:

CVE-2023-29357 – Microsoft SharePoint Server Privilege Escalation Vulnerability. An attacker who has gained access to spoofed JWT authentication tokens can use them to execute a network attack which bypasses authentication and allows them to gain access to the privileges of an authenticated user. CVSS 3.1: 9.8 (Critical)

CVE-2023-32031 – Microsoft Exchange Server Remote Code Execution Vulnerability. An attacker could run arbitrary code in the context of the server’s account through a network call. CVSS 3.1: 8.8 (High)

The main list of patches breaks down as follows:

  • 32 Remote Code Execution
  • 17 Privilege Escalation
  • 10 Spoofing
  • 10 Denial of Service
  • 5 Information Disclosure
  • 3 Security Feature Bypass
  • 1 Edge – Chromium

This month also includes numerous updates for vulnerabilities in Microsoft Outlook, and an RCE vulnerability in Windows Hello (CVE-2023-32018)