{"id":46250,"date":"2023-06-14T12:01:43","date_gmt":"2023-06-14T11:01:43","guid":{"rendered":"https:\/\/www.n-able.com\/?p=46250"},"modified":"2023-07-17T15:21:17","modified_gmt":"2023-07-17T14:21:17","slug":"patch-tuesday-june-2023-no-zero-days-or-actively-exploited-vulnerabilities-but-exchange-is-in-the-crosshairs","status":"publish","type":"post","link":"https:\/\/www.n-able.com\/de\/blog\/patch-tuesday-june-2023-no-zero-days-or-actively-exploited-vulnerabilities-but-exchange-is-in-the-crosshairs","title":{"rendered":"Patch Tuesday June 2023: No Zero-Days or Actively Exploited Vulnerabilities, But Exchange is in the Crosshairs"},"content":{"rendered":"

Last month\u2019s Patch Tuesday (May 2023)<\/a> brought fixes for only 38 vulnerabilities. Such a small number gave some the sense that it was the \u2018calm before the storm\u2019 with June likely to bring some surprises. June\u2019s Patch Tuesday has indeed brought a surprise, no zero-days and no vulnerabilities under active exploitation. <\/span><\/p>\n

A total of 78 vulnerabilities were addressed this month and that number is more inline with the typical number of vulnerabilities that receive fixes from Microsoft. The lack of any zero-days or Actively Exploited Vulnerabilities might provide an initial feeling of relief, but there are some notable vulnerabilities waiting in the wings that are marked as Exploitation More Likely. With Exchange in the crosshairs of two vulnerabilities that could be as impactful as last year’s ProxyNotShell<\/span><\/a>, once attackers start leveraging them. <\/span><\/p>\n

Microsoft Vulnerabilities <\/span><\/h2>\n

Microsoft has released updates to address 78 vulnerabilities with six of those marked Critical and 11 as Exploitation More Likely. Without any headline vulnerabilities under active exploitation, this month\u2019s focus gets to shift to vulnerabilities that are considered more likely to be exploited\u2014and that\u2019s good because there are some that should be on everyone\u2019s priority list. <\/span><\/p>\n

Microsoft Exchange Server vulnerabilities\u2014CVE-2023-32014 and CVE-2023-28310<\/span><\/h2>\n

Microsoft Exchange admins will want to be quick about getting fixes in place to contend with these two vulnerabilities. CVE-2023-32031<\/span><\/a> and CVE-2023-28310<\/span><\/a> are both Microsoft Exchange Server Remote Code Execution vulnerabilities. While they require an authenticated user to exploit since they are exploitable by an attacker on the same network, just isolating an Exchange Server from the internet isn\u2019t going to be a sufficient mitigation. An attacker exploiting either of these vulnerabilities will be able to run code on the target Exchange Server. It\u2019s a good idea to start testing the security updates that address these vulnerabilities this week and get them in production ASAP.<\/span><\/p>\n

CVE-2023-32015, CVE-2023-32014, and CVE2023-29363<\/span><\/h2>\n

If any of the vulnerabilities from this month were going to induce nightmare scenarios for defenders this trio may be it. CVE-2023-32015<\/span><\/a>, CVE-2023-32014<\/span><\/a><\/span>,<\/span> and CVE-2023-29363<\/span><\/a> all carry CVSS scores of 9.8, can be exploited remotely, and require no user interaction. They are prime candidates for being leveraged by threat actors to move laterally within an environment once proof of concept attacks are developed. These vulnerabilities apply to Windows Pragmatic General Multicast, which is a widely available component that might not be part of the usual rogues gallery of Windows services with vulnerabilities. However, their potential to be in almost any environment, just silently existing without anyone really paying much attention on the defender side, means they might fly under the radar of some defenders. If updates with fixes for these vulnerabilities can\u2019t be implemented in your environment, Microsoft\u2019s recommended mitigation is to disable the Windows Pragmatic General Multicast component. <\/span><\/p>\n

CVE-2023-29357<\/span><\/h2>\n

This vulnerability also carries a CVSS score of 9.8 and gives an attacker the ability to gain administrator privileges, allowing them attacker to execute follow-up actions that range such as data exfiltration, ransomware payload delivery, data destruction, or any other number of malicious actions. While CVE-2023-29357<\/span><\/a> has the potential to be part of a devastating attack on a business since it is a Microsoft SharePoint Server vulnerability, the small deployment base will keep this from being exploited as widely as the other notable vulnerabilities from this month. <\/span><\/p>\n

Microsoft 365 and Click to Run<\/span><\/h2>\n

As a reminder and review from previous months Microsoft Patch Tuesday coverage, modern Microsoft 365 apps leverage a different update mechanism than older versions of Microsoft Office. Make sure you review your patching tools and processes to ensure M365 Apps have a defined update process<\/span><\/a> in place. We have an automation item available in the Automation Cookbook<\/span><\/a> for N‑sight<\/span> and N‑central<\/span> partners to use to update and check Microsoft 365 versions that leverages Microsoft\u2019s Click to Run executable, included in all installs of M365 apps.<\/span><\/p>\n