Cookie Consent by Free Privacy Policy Generator 📌 The June 2023 Security Update Review

🏠 Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeiträge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden Überblick über die wichtigsten Aspekte der IT-Sicherheit in einer sich ständig verändernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch übersetzen, erst Englisch auswählen dann wieder Deutsch!

Google Android Playstore Download Button für Team IT Security



📚 The June 2023 Security Update Review


💡 Newskategorie: Hacking
🔗 Quelle: thezdi.com

It’s the second Tuesday of the month, which means Adobe and Microsoft have released their latest security patches. Take a break from your regularly scheduled activities and join us as we review the details of their latest advisories. If you’d rather watch the video recap, check out the Patch Report webcast on our YouTube channel.

Adobe Patches for June 2023

For June, Adobe released four patches addressing 18 CVEs in Adobe Commerce, Substance 3D Designer, Adobe Animate, and Experience Manager. The bug in Substance 3D Designer was found by ZDI researcher Mat Powell and could lead to arbitrary code execution when opening a specially crafted file. The patch for Commerce is the largest this month with a dozen total fixes. Most of these are Important or Moderate rated Security Feature Bypasses (SFB), but there is a lone Critical-rate code execution bug in there as well. The fix for Adobe Animate also addresses a lone code execution bug. The patch for Experience Manager fixes four bugs, but none are Critical. There are three Important-rated cross-site scripting (XSS) bugs getting fixes plus one more SFB.

None of the bugs fixed by Adobe this month are listed as publicly known or under active attack at the time of release. Adobe categorizes these updates as a deployment priority rating of 3.

Microsoft Patches for June 2023

This month, Microsoft released 69 new patches addressing CVES in Microsoft Windows and Windows Components; Office and Office Components; Exchange Server; Microsoft Edge (Chromium-based); SharePoint Server; .NET and Visual Studio; Microsoft Teams; Azure DevOps; Microsoft Dynamics; and the Remote Desktop Client. This is in addition to 25 CVEs that were previously released by third parties and are now being documented in the Security Updates Guide.

A total of five of these bugs were submitted through the ZDI program. This includes fixes for some of the bugs submitted at the Pwn2Own Vancouver contest. The SharePoint and local privilege escalations should be addressed with these fixes. However, we’re still awaiting the fixes for the Teams bugs demonstrated during the competition.

Of the new patches released today, six are rated Critical, 62 are rated Important, and one is rated Moderate in severity. This volume of fixes is slighter larger than the typical number of fixes for June, but not extraordinarily so. July tends to be a larger month as it is the last patch Tuesday before the Black Hat USA conference. It will be interesting to see if this trend continues.

None of the CVEs released today are listed as being publicly known or under active attack at the time of release. Let’s take a closer look at some of the more interesting updates for this month, starting with a familiar-looking bug in the Exchange Server:

-       CVE-2023-32031 – Microsoft Exchange Server Remote Code Execution Vulnerability
This vulnerability was discovered by ZDI researcher Piotr Bazydło and is a bypass of both CVE-2022-41082 and CVE-2023-21529. The former was listed as being under active exploit. The specific flaw exists within the Command class. The issue results from the lack of proper validation of user-supplied data, which can result in the deserialization of untrusted data. While this does require the attacker to have an account on the Exchange server, successful exploitation could lead to executing code with SYSTEM privileges.

-       CVE-2023-29357 – Microsoft SharePoint Server Elevation of Privilege Vulnerability
This bug was one of the bugs chained together during the Pwn2Own Vancouver contest held back in March. This particular bug was used to bypass authentication due to a flaw within the ValidateTokenIssuer method. Microsoft recommends enabling the AMSI feature to mitigate this vulnerability, but we have not tested the efficacy of this action. The best bet is to test and deploy the update as soon as possible.

-       CVE-2023-29363/32014/32015 – Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
These three bugs look identical on paper, and all are listed as a CVSS 9.8. They allow a remote, unauthenticated attacker to execute code on an affected system where the message queuing service is running in a Pragmatic General Multicast (PGM) Server environment. This is the third month in a row for PGM to have a CVSS 9.8 bug addressed, and it’s beginning to be a bit of a theme. While not enabled by default, PGM isn’t an uncommon configuration. Let’s hope these bugs get fixed before any active exploitation starts.

-       CVE-2023-3079 – Chromium: CVE-2023-3079 Type Confusion in V8
This CVE shouldn’t be news to anyone as it was released by the Chrome team back on June 1. However, since it’s listed as being under active attack, I wanted to highlight it for anyone who may have missed it due to graduations, vacations, or other distractions. This is a type confusion bug in Chrome that could lead to code execution at the level of the logged-on user. It’s also the second type of confusion bug in Chrome actively exploited this year. Definitely make sure your Chromium-based browsers (including Edge) are up to date.

Here’s the full list of CVEs released by Microsoft for June 2023:

CVE Title Severity CVSS Public Exploited Type
CVE-2023-24897 .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability Critical 7.8 No No RCE
CVE-2023-29357 Microsoft SharePoint Server Elevation of Privilege Vulnerability Critical 9.8 No No EoP
CVE-2023-32013 Windows Hyper-V Denial of Service Vulnerability Critical 6.5 No No DoS
CVE-2023-29363 Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability Critical 9.8 No No RCE
CVE-2023-32014 Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability Critical 9.8 No No RCE
CVE-2023-32015 Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability Critical 9.8 No No RCE
CVE-2023-32030 .NET and Visual Studio Denial of Service Vulnerability Important 7.5 No No DoS
CVE-2023-32032 .NET and Visual Studio Elevation of Privilege Vulnerability Important 6.5 No No EoP
CVE-2023-33135 .NET and Visual Studio Elevation of Privilege Vulnerability Important 7.3 No No EoP
CVE-2023-33126 .NET and Visual Studio Remote Code Execution Vulnerability Important 7.3 No No RCE
CVE-2023-33128 .NET and Visual Studio Remote Code Execution Vulnerability Important 7.3 No No RCE
CVE-2023-29331 .NET Denial of Service Vulnerability Important 7.5 No No DoS
CVE-2023-29326 .NET Framework Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2023-24895 .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2023-27909 * AutoDesk: CVE-2023-27909 Out-Of-Bounds Write Vulnerability in Autodesk® FBX® SDK 2020 or prior Important 7.8 No No RCE
CVE-2023-27910 * AutoDesk: CVE-2023-27910 stack buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior Important 7.8 No No RCE
CVE-2023-27911 * AutoDesk: CVE-2023-27911 Heap buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior Important 7.8 No No RCE
CVE-2023-21565 Azure DevOps Server Spoofing Vulnerability Important 7.1 No No Spoofing
CVE-2023-21569 Azure DevOps Server Spoofing Vulnerability Important 5.5 No No Spoofing
CVE-2023-29355 DHCP Server Service Information Disclosure Vulnerability Important 5.3 No No Info
CVE-2023-25652 * GitHub: CVE-2023-25652 "git apply --reject" partially-controlled arbitrary file write Important 7.5 No No N/A
CVE-2023-25815 * GitHub: CVE-2023-25815 Git looks for localized messages in an unprivileged place Important 3.3 No No N/A
CVE-2023-29007 * GitHub: CVE-2023-29007 Arbitrary configuration injection via `git submodule deinit` Important 7.8 No No N/A
CVE-2023-29011 * GitHub: CVE-2023-29011 The config file of `connect.exe` is susceptible to malicious placing Important 7.5 No No N/A
CVE-2023-29012 * GitHub: CVE-2023-29012 Git CMD erroneously executes `doskey.exe` in current directory, if it exists Important 7.2 No No N/A
CVE-2023-29367 iSCSI Target WMI Provider Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2023-24896 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Important 5.4 No No XSS
CVE-2023-33145 Microsoft Edge (Chromium-based) Information Disclosure Vulnerability Important 6.5 No No Info
CVE-2023-32029 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2023-33133 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2023-33137 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2023-28310 Microsoft Exchange Server Remote Code Execution Vulnerability Important 8 No No RCE
CVE-2023-32031 Microsoft Exchange Server Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2023-29373 Microsoft ODBC Driver Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2023-33146 Microsoft Office Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2023-33140 Microsoft OneNote Spoofing Vulnerability Important 6.5 No No Spoofing
CVE-2023-33131 Microsoft Outlook Spoofing Vulnerability Important 6.5 No No Spoofing
CVE-2023-32017 Microsoft PostScript Printer Driver Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2023-32024 Microsoft Power Apps Spoofing Vulnerability Important 3 No No Spoofing
CVE-2023-33129 Microsoft SharePoint Denial of Service Vulnerability Important 6.5 No No DoS
CVE-2023-33142 Microsoft SharePoint Server Elevation of Privilege Vulnerability Important 6.5 No No EoP
CVE-2023-33130 Microsoft SharePoint Server Spoofing Vulnerability Important 7.3 No No Spoofing
CVE-2023-33132 Microsoft SharePoint Server Spoofing Vulnerability Important 6.3 No No Spoofing
CVE-2023-29372 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2023-29346 NTFS Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2023-29337 NuGet Client Remote Code Execution Vulnerability Important 7.1 No No RCE
CVE-2023-29362 Remote Desktop Client Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2023-29369 Remote Procedure Call Runtime Denial of Service Vulnerability Important 6.5 No No DoS
CVE-2023-29353 Sysinternals Process Monitor for Windows Denial of Service Vulnerability Important 5.5 No No DoS
CVE-2023-33144 Visual Studio Code Spoofing Vulnerability Important 5 No No Spoofing
CVE-2023-33139 Visual Studio Information Disclosure Vulnerability Important 7.8 No No Info
CVE-2023-29359 Win32k Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2023-29364 Windows Authentication Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2023-32010 Windows Bus Filter Driver Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2023-29361 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2023-32009 Windows Collaborative Translation Framework Elevation of Privilege Vulnerability Important 8.8 No No EoP
CVE-2023-32012 Windows Container Manager Service Elevation of Privilege Vulnerability Important 6.3 No No EoP
CVE-2023-24937 Windows CryptoAPI Denial of Service Vulnerability Important 5.5 No No DoS
CVE-2023-24938 Windows CryptoAPI Denial of Service Vulnerability Important 5.5 No No DoS
CVE-2023-32020 Windows DNS Spoofing Vulnerability Important 3.7 No No Spoofing
CVE-2023-29358 Windows GDI Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2023-29366 Windows Geolocation Service Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2023-29351 Windows Group Policy Elevation of Privilege Vulnerability Important 8.1 No No EoP
CVE-2023-32018 Windows Hello Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2023-32016 Windows Installer Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2023-32011 Windows iSCSI Discovery Service Denial of Service Vulnerability Important 7.5 No No DoS
CVE-2023-32019 Windows Kernel Information Disclosure Vulnerability Important 4.7 No No Info
CVE-2023-29365 Windows Media Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2023-29370 Windows Media Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2023-29352 Windows Remote Desktop Security Feature Bypass Vulnerability Important 6.5 No No SFB
CVE-2023-32008 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2023-32022 Windows Server Service Security Feature Bypass Vulnerability Important 7.6 No No SFB
CVE-2023-32021 Windows SMB Witness Service Security Feature Bypass Vulnerability Important 7.1 No No SFB
CVE-2023-29368 Windows TCP/IP Driver Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2023-29360 Windows TPM Device Driver Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2023-29371 Windows Win32k Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2023-33141 Yet Another Reverse Proxy (YARP) Denial of Service Vulnerability Important 7.5 No No DoS
CVE-2023-24936 .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability Moderate 8.1 No No RCE
CVE-2023-33143 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Moderate 7.5 No No EoP
CVE-2023-29345 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability Low 6.1 No No SFB
CVE-2023-3079 * Chromium: CVE-2023-3079 Type Confusion in V8 High N/A No Yes RCE
CVE-2023-2929 * Chromium: CVE-2023-2929 Out of bounds write in Swiftshader High N/A No No RCE
CVE-2023-2930 * Chromium: CVE-2023-2930 Use after free in Extensions High N/A No No RCE
CVE-2023-2931 * Chromium: CVE-2023-2931 Use after free in PDF High N/A No No RCE
CVE-2023-2932 * Chromium: CVE-2023-2932 Use after free in PDF High N/A No No RCE
CVE-2023-2933 * Chromium: CVE-2023-2933 Use after free in PDF High N/A No No RCE
CVE-2023-2934 * Chromium: CVE-2023-2934 Out of bounds memory access in Mojo High N/A No No RCE
CVE-2023-2935 * Chromium: CVE-2023-2935 Type Confusion in V8 High N/A No No RCE
CVE-2023-2936 * Chromium: CVE-2023-2936 Type Confusion in V8 High N/A No No RCE
CVE-2023-2937 * Chromium: CVE-2023-2937 Inappropriate implementation in Picture In Picture Medium N/A No No N/A
CVE-2023-2938 * Chromium: CVE-2023-2938 Inappropriate implementation in Picture In Picture Medium N/A No No N/A
CVE-2023-2939 * Chromium: CVE-2023-2939 Insufficient data validation in Installer Medium N/A No No N/A
CVE-2023-2940 * Chromium: CVE-2023-2940 Inappropriate implementation in Downloads Medium N/A No No N/A
CVE-2023-2941 * Chromium: CVE-2023-2941 Inappropriate implementation in Extensions API Low N/A No No N/A

* Indicates this CVE had been released prior to today.

There are only two other Critical-rated bugs in this month’s release. The first is in what appears to be all supported versions of .NET, .NET Framework, and Visual Studio. It’s an open-and-own sort of exploit, but guessing by the Critical rating, it appears there are no warning dialogs when opening the dodgy file. The final Critical-rated fix for June addresses a Denial-of-Service (DoS) bug in the Hyper-V server. The Critical rating here implies a guest OS could potentially shut down the host OS, or at least cause some form of a DoS condition.

Moving on to the other code execution bugs fixed this month, there are the standard complement of open-and-own bugs in Office components and services. There are also a few more RCE bugs in .NET, .NET Framework, and Visual Studio. This includes the lone Moderate-rated bug, which surprisingly still comes in at a CVSS of 8.1. It’s implied (but not stated) that there would be some warning dialog when opening a crafted XML, thus lowering the severity. There’s another bug in Exchange that allows network adjacent authenticated attackers to achieve RCE via a PowerShell remoting session. You rarely see RCE bugs with a physical component, but that’s the case for the vulnerability in the Windows Resilient File System (ReFS). An attacker could gain code execution either through mounting a specially crafted VHD or by inserting a malicious USB drive. There’s a fix for the RDP client, but since it requires connecting to a malicious RDP server, it’s not as concerning. That’s similar to the two bugs that require connecting to an attacker’s SQL server. The final code execution bug is in our old frenemy the PostScript Printer Driver. Again, a user would need to open a specially crafted file on an affected system to trigger the RCE.

Looking at the Elevation of Privilege (EoP) bugs receiving fixes this month, the vast majority require an attacker to run a specially crafted program on an affected system. In most cases, this leads to attackers running code at SYSTEM level. The EoP bugs in .NET and Visual Studio lead some different scenarios, such as gaining some understanding of the filesystem layout or gaining the rights of the user running an affected application. This Moderate-rated EoP in Edge could allow a browser sandbox escape.

The June release includes fixes for four security feature bypass (SFB) bugs, and two of these involve bypassing the check RPC procedure. They could allow the execution of RCE procedures that should otherwise be restricted when making calls to an SMB server. The bug in the RDP requires someone open a specially crafted file, but if they can convince the use to take that action, the attacker could bypass certificate or private key authentication when establishing a remote desktop protocol session. The final SFB patch is the Low-severity bug in Edge that could allow attackers to bypass the permissions dialog feature when clicking on a URL.

There’s an unusually large number of spoofing bugs receiving patches this month. There are two bugs in the Azure DevOps Server that could be exploited to gain data available to the current user. An attacker is able to manipulate DOM model of website adding/removing elements, with crafted script is able to do actions on ADO in current user context without user consent or awareness. There’s little detail provided about the SharePoint bugs, but spoofing in SharePoint generally equates to cross-site scripting (XSS). The bug in the Power Apps component almost acts like an information disclosure, as successful exploitation would allow the attacker to read information in the target’s browser associated with a vulnerable URL. Little detail is provided about the other spoofing bugs other than to say user interaction is required to trigger them.

There are only five patches addressing information disclosure bugs this month, and as usual, the majority result in info leaks consisting of unspecified memory contents. The two exceptions are for Edge and the DHCP service. The bug in the DHCP server could allow an attacker to learn the IP addresses pool information of affected systems. The Edge bug could disclose IDs, tokens, nonces, and other sensitive information when following malicious URLs. Considering how much is down in the browser these days, that information could prove quite useful to threat actors.

Looking at the remaining DoS fixes for June, the vast majority have no details. It’s not clear an attack would only impact the component or the entire system. The bugs in the CryptoAPI service may impact authentication actions, but that’s just speculation based on the component. Microsoft does specify the SharePoint bug only crashes the application. The bug in the Sysinternals Process Monitor likely only crashed the application. For that fix, you’ll need to access the Microsoft Store. If you have updates enabled, you should get it automatically. However, if you’re in a disconnected or otherwise isolated environment, you’ll need to get the Sysinternals MSIX package.

The June release is rounded out with a fix for a single XSS bug in Microsoft Dynamics 365.

No new advisories were released this month.

Looking Ahead

The next Patch Tuesday will be on July 11, and we’ll return with details and patch analysis then. Be sure to catch the Patch Report webcast on our YouTube channel. It should be posted in just a few hours. Until then, stay safe, happy patching, and may all your reboots be smooth and clean!

...



📌 Google Releases June Android Security Update (June 6, 2016)


📈 24.02 Punkte

📌 Google Releases June Android Security Update (June 6, 2016)


📈 24.02 Punkte

📌 The June 2023 Security Update Review


📈 23.65 Punkte

📌 What to expect from WWDC 2023 on June 5 through June 9


📈 22.6 Punkte

📌 The June 2019 Security Update Review


📈 20.64 Punkte

📌 The June 2020 Security Update Review


📈 20.64 Punkte

📌 The June 2021 Security Update Review


📈 20.64 Punkte

📌 The June 2022 Security Update Review


📈 20.64 Punkte

📌 Linux Mint 19 Beta Will Arrive on June 4, Final Release Expected at End of June


📈 19.59 Punkte

📌 Apple's June 2023 in review: Vision Pro, Mac Pro, and tech titan fighting talk


📈 19.22 Punkte

📌 WWDC, iPhone's anniversary, and USB-C is taking over - Apple's June 2022 in review


📈 16.21 Punkte

📌 Steam Year in Review 2023: How to view your stats and get around 'this account's Year in Review is not shared' error


📈 15.83 Punkte

📌 LifeLock Review (2023): Privacy Wizards Publish Review of Norton LifeLock Identity Theft Protection Services


📈 15.83 Punkte

📌 June 2018 Security Update Release


📈 14.23 Punkte

📌 June 2019 security update release


📈 14.23 Punkte

📌 4025685 - Guidance related to June 2017 security update release - Version: 1.0


📈 14.23 Punkte

📌 June 2019 security update release


📈 14.23 Punkte

📌 June 2018 Security Update Release


📈 14.23 Punkte

📌 June 2017 security update release


📈 14.23 Punkte

📌 June 2019 security update release


📈 14.23 Punkte

📌 June 2018 Security Update Release


📈 14.23 Punkte

📌 June 2017 security update release


📈 14.23 Punkte

📌 June 2016 security update release


📈 14.23 Punkte

📌 The January 2023 Security Update Review


📈 13.85 Punkte

📌 The March 2023 Security Update Review


📈 13.85 Punkte

📌 The April 2023 Security Update Review


📈 13.85 Punkte

📌 The May 2023 Security Update Review


📈 13.85 Punkte

📌 The October 2023 Security Update Review


📈 13.85 Punkte

📌 The September 2023 Security Update Review


📈 13.85 Punkte

📌 The August 2023 Security Update Review


📈 13.85 Punkte

📌 The July 2023 Security Update Review


📈 13.85 Punkte

📌 The November 2023 Security Update Review


📈 13.85 Punkte

📌 The December 2023 Security Update Review


📈 13.85 Punkte

📌 Google Releases Android Security Patch for June 2019 with 22 Security Fixes


📈 13.63 Punkte











matomo