Today’s VERT Alert addresses Microsoft’s June 2023 Security Updates, which include a new release notes format. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1060 on Wednesday, June 14th.
In-The-Wild & Disclosed CVEs
There were no in-the-wild or disclosed CVEs in the June Patch Tuesday drop. CVE Breakdown by Tag While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis. Vulnerabilities are also colour coded to aid with identifying key issues.
CVE Breakdown by Tag
While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis. Vulnerabilities are also colour coded to aid with identifying key issues.
- Traditional Software
- Mobile Software
- Cloud or Cloud Adjacent
- Vulnerabilities that are being exploited or that have been disclosed will be highlighted.
|
Tag |
CVE Count |
CVEs |
|
Windows Installer |
1 |
CVE-2023-32016 |
|
Windows Hyper-V |
1 |
CVE-2023-32013 |
|
Microsoft Power Apps |
1 |
CVE-2023-32024 |
|
Windows Group Policy |
1 |
CVE-2023-29351 |
|
Remote Desktop Client |
2 |
CVE-2023-29352, CVE-2023-29362 |
|
Visual Studio |
9 |
CVE-2023-33139, CVE-2023-29012, CVE-2023-29011, CVE-2023-25815, CVE-2023-29007, CVE-2023-25652, CVE-2023-27909, CVE-2023-27910, CVE-2023-27911 |
|
Microsoft Dynamics |
1 |
CVE-2023-24896 |
|
Microsoft Office Outlook |
1 |
CVE-2023-33131 |
|
Windows Hello |
1 |
CVE-2023-32018 |
|
Windows Collaborative Translation Framework |
1 |
CVE-2023-32009 |
|
Microsoft Office SharePoint |
5 |
CVE-2023-29357, CVE-2023-33129, CVE-2023-33130, CVE-2023-33132, CVE-2023-33142 |
|
Windows PGM |
3 |
CVE-2023-29363, CVE-2023-32014, CVE-2023-32015 |
|
Microsoft Windows Codecs Library |
2 |
CVE-2023-29365, CVE-2023-29370 |
|
Visual Studio Code |
1 |
CVE-2023-33144 |
|
Windows Cloud Files Mini Filter Driver |
1 |
CVE-2023-29361 |
|
Microsoft Office Excel |
3 |
CVE-2023-32029, CVE-2023-33137, CVE-2023-33133 |
|
Windows GDI |
1 |
CVE-2023-29358 |
|
Windows Kernel |
1 |
CVE-2023-32019 |
|
Microsoft Exchange Server |
2 |
CVE-2023-28310, CVE-2023-32031 |
|
Windows Server Service |
1 |
CVE-2023-32022 |
|
Microsoft Office |
1 |
CVE-2023-33146 |
|
Windows Remote Procedure Call Runtime |
1 |
CVE-2023-29369 |
|
NuGet Client |
1 |
CVE-2023-29337 |
|
Windows Filtering |
1 |
CVE-2023-29368 |
|
Windows iSCSI |
1 |
CVE-2023-32011 |
|
Windows CryptoAPI |
2 |
CVE-2023-24937, CVE-2023-24938 |
|
Windows ODBC Driver |
1 |
CVE-2023-29373 |
|
.NET Framework |
1 |
CVE-2023-29326 |
|
Microsoft WDAC OLE DB provider for SQL |
1 |
CVE-2023-29372 |
|
Windows OLE |
1 |
CVE-2023-29367 |
|
Role: DNS Server |
1 |
CVE-2023-32020 |
|
Windows Win32K |
2 |
CVE-2023-29359, CVE-2023-29371 |
|
.NET and Visual Studio |
8 |
CVE-2023-24897, CVE-2023-24895, CVE-2023-24936, CVE-2023-32030, CVE-2023-32032, CVE-2023-33126, CVE-2023-33128, CVE-2023-33135 |
|
Windows Authentication Methods |
1 |
CVE-2023-29364 |
|
Windows TPM Device Driver |
1 |
CVE-2023-29360 |
|
Windows Bus Filter Driver |
1 |
CVE-2023-32010 |
|
.NET Core |
1 |
CVE-2023-29331 |
|
Windows Resilient File System (ReFS) |
1 |
CVE-2023-32008 |
|
Microsoft Printer Drivers |
1 |
CVE-2023-32017 |
|
Windows Container Manager Service |
1 |
CVE-2023-32012 |
|
Microsoft Office OneNote |
1 |
CVE-2023-33140 |
|
Windows DHCP Server |
1 |
CVE-2023-29355 |
|
Microsoft Edge (Chromium-based) |
17 |
CVE-2023-3079, CVE-2023-29345, CVE-2023-33143, CVE-2023-33145, CVE-2023-2929, CVE-2023-2930, CVE-2023-2931, CVE-2023-2932, CVE-2023-2933, CVE-2023-2934, CVE-2023-2935, CVE-2023-2936, CVE-2023-2937, CVE-2023-2938, CVE-2023-2939, CVE-2023-2940, CVE-2023-2941 |
|
ASP .NET |
1 |
CVE-2023-33141 |
|
SysInternals |
1 |
CVE-2023-29353 |
|
Azure DevOps |
2 |
CVE-2023-21565, CVE-2023-21569 |
|
Windows Geolocation Service |
1 |
CVE-2023-29366 |
|
Windows SMB |
1 |
CVE-2023-32021 |
|
Windows NTFS |
1 |
CVE-2023-29346 |
Other Information
At the time of publication, there were no new advisories included with the June Security Guidance.
Mastering Security Configuration Management
Master Security Configuration Management with Tripwire's guide on best practices. This resource explores SCM's role in modern cybersecurity, reducing the attack surface, and achieving compliance with regulations. Gain practical insights for using SCM effectively in various environments.
