uTalk
Official forum for Utopia Community
You are not logged in.
- Topics: Active | Unanswered
#1 2023-06-14 21:10:02
- thrive
- Member
- Registered: 2023-01-04
- Posts: 2,018
Updates are released by Microsoft to fix serious flaws in Windows
As part of the June 2023 Patch Tuesday updates, Microsoft has released fixes for the Windows operating system and other software components to address serious security flaws.
The severity of the 73 flaws is divided into six Critical, 63 Important, two Moderate, and one Low flaw. Three of these issues were also addressed by the tech giant in its Edge browser, which is based on Chromium.
In addition, since the May Patch Tuesday updates, Microsoft has patched up 26 additional Edge vulnerabilities, all of which had their origins in Chromium. This includes CVE-2023-3079, a zero-day bug that Google disclosed as being actively exploited in the wild last week.
The June 2023 updates are also notable for being the first time in a number of months that no publicly known or actively exploited zero-day vulnerabilities in Microsoft products are present.
The vulnerability that could allow an attacker to gain administrator privileges in SharePoint Server, CVE-2023-29357 (CVSS score: 9.8), is at the top of the list of fixes.
According to Microsoft, if an attacker has access to spoofed JWT authentication tokens, they can use them to launch a network attack that bypasses the authentication and gives them access to the privileges of an authenticated user. "Neither the user nor the attacker need to take any action in order for the attack to succeed. ".
Redmond has also patched three serious remote code execution flaws in Windows Pragmatic General Multicast (PGM) (CVE-2023-29363, CVE-2023-32014, and CVE-2023-32015; CVSS scores: 9.8) that could be used as weapons to "achieve remote code execution and attempt to trigger malicious code.". ".
A similar flaw (CVE-2023-28250, CVSS score: 9.8) in the same component, a protocol intended to deliver packets between multiple network members reliably, was patched by Microsoft in April 2023.
Two Exchange Server remote code execution bugs (CVE-2023-28310 and CVE-2023-32031) that could have allowed an authenticated attacker to execute remote code on affected installations have also been fixed by the tech giant.
Software updates provided by different vendors.
Over the past few weeks, security updates have been released by additional vendors in addition to Microsoft to address a number of vulnerabilities, including —.
Adobe
Android
Arm
Cisco
Citrix
Dell
Drupal
F5
Fortinet
GitLab
Google Chrome
Hitachi Energy
HP
IBM
Lenovo
Linux distributions Debian, Oracle Linux, Red Hat, SUSE, and Ubuntu
MediaTek
Mitsubishi Electric
MOVEit Transfer
Mozilla Firefox, Firefox ESR, and Thunderbird
NETGEAR
Qualcomm
Samsung
SAP
Schneider Electric
Siemens
Splunk
Synology
Trend Micro
VMware
WordPress
Zoom, and
Zyxel
Offline