icon

Digital safety starts here for both commercial and personal Use...

Defend Your Business Against the Latest WNY Cyber Threats We offer Safe, Secure and Affordable Solutions for your Business and Personal Networks and Devices.



WNYCyber is there to help you to choose the best service providers in Western New York... We DO NOT provide the services ourselves, as we are Internet Programmers who have to deak daily with Cyber Threats... (Ugghhh)... So we know what it's like and what it takes to protect OUR and OUR CUSTOMERS DATA... We built this Website to help steer you to those that can give you the best service at realistic and non-inflated prices. We do charge or collect any fees.

Buffalo, New York
United States

Current Threat Data

Microsoft June 2023 Patch Tuesday fixes 78 flaws, 38 RCE bugs

Cyber Security Threat Summary:
As part of the June Patch Tuesday, Microsoft addressed 78 flaws which include 17 Elevation of Privilege Vulnerabilities, 3 Security Feature Bypass Vulnerabilities, 32 Remote Code Execution Vulnerabilities, 5 Information Disclosure Vulnerabilities, 10 Denial of Service Vulnerabilities, 10 Spoofing Vulnerabilities, and 1 Edge - Chromium Vulnerability. Out of the 78 flaws fixed, 6 have been rated critical in severity, 63 rated Important, 2 rated moderate, and 1 rated low in severity.

In addition to Microsoft, several other vendors have released updates in June 2023:

  • Cisco released security updates for Cisco AnyConnect and other products.
  • Fortinet released new FortiOS firmware to fix an actively exploited Fortigate RCE zero-day.
  • Google released security updates for Google Chrome to fix an actively exploited zero-day and the Android June 2023 updates.
  • MOVEit released security updates for a zero-day actively exploited by the Clop ransomware gang in data theft attacks. A week later, they released another update for an RCE flaw found by Huntress Labs.
  • SAP has released its June 2023 Patch Day updates.
  • VMware released VMware ESXi updates to fix an actively exploited zero-day tracked as CVE-2023-20867.


    Security Officer Comments:
    Luckily, the latest Microsoft patch Tuesday does not address any zero-days or actively exploited flaws. There were however six critical bugs for this month's patch which relate to a case of denial of service, remote code execution, and privilege escalation. Below is a list of the CVEs:
  • CVE-2023-24897: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
  • CVE-2023-29357: Microsoft SharePoint Server Elevation of Privilege Vulnerability
  • CVE-2023-32013: Windows Hyper-V Denial of Service Vulnerability
  • CVE-2023-29363: Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
  • CVE-2023-32014: Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
  • CVE-2023-32015: Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability


    Suggested Correction(s):
    Organizations should review the list of vulnerabilities resolved and apply the relevant patches as needed. To access the full list of vulnerabilities addressed, please use the link down below:

    https://www.bleepingcomputer.com/microsoft-patch-tuesday-reports/June-2023.html

    Link(s):
    https://www.bleepingcomputer.com/

    Contact Us for Threat Assistance
    Back to Current Threats