Virtual Administrator’s June 2023 Patch Recommendations
This month Microsoft released patches for 70 vulnerabilities with 6 rated “Critical” in severity.
All patches will be approved in our patch policy.
For the first time in over a year we have no zero-day releases! We are also seeing few known issues.
The top priority this month is an elevation vulnerability in Microsoft SharePoint CVE-2023-29357.
CVE-2023-32013 is a Hyper-V Denial of Service vulnerability. CVE-2023-28310/CVE-2023-32031 are Exchange Server Remote Code Execution patches.
We have more (CVE-2023-29363/CVE-2023-32014/CVE-2023-32015) Remote Code Execution (RCE) vulnerabilities affecting Windows Pragmatic General Multicast (PGM).
Phase 3 of Windows hardening campaign begins – see “Heads Up” below. The patch for CVE-2023-32019 is not enabled by default and requires additional steps – see “FYI” below. New SSU for Windows Server 8.1, 2012/2012R2
Disclosed: None
Exploited: None
Heads Up! Phase 3 of Windows DCOM authentication hardening and Netjoin: domain join hardening.
“Starting June 2023, Enforcement mode will be enabled on all Windows domain controllers and will block vulnerable connections from non-compliant devices. At that time, you will not be able to disable the update, but may move back to the Compatibility mode setting.”
KB5021130: How to manage the Netlogon protocol changes related to CVE-2022-38023
Latest Windows hardening guidance and key dates
We have written a script to automatically enable the CVE on machines as you are ready.
FYI CVE-2023-32019 Windows Kernel Information Disclosure Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32019
“By default, the fix for this vulnerability is disabled. To enable the fix, you must set a registry key value based on your Windows operating system.”
KB5028407: How to manage the vulnerability associated with CVE-2023-32019
Our Recommendation: Proceed with caution. The CVSS score is a relatively low 4.7 and the vulnerability is not being actively exploited. Check the KB page for Known Issues that may surface. Test on a few non-production machines first. ClubMSP will post a script for the registry changes.
Notable News June is last security update for Windows 10, version 21H2
Windows 10, version 21H2 is at end of service today, June 13, 2023. We will continue to service the following editions of Windows 10, version 21H2: Windows 10 Enterprise and Education, Windows 10 IoT Enterprise, and Windows 10 Enterprise multi-session.
All editions of Windows 10, version 22H2 will continue to receive security and optional releases.
Windows 10, version 21H2 end of servicing (Home & Pro)
https://learn.microsoft.com/en-us/lifecycle/announcements/windows-10-21h2-end-of-servicing
All editions of Windows 10, version 22H2 will continue to receive security and optional releases.
Security Update Guide
https://portal.msrc.microsoft.com/en-us/security-guidance
Morphus Labs patch dashboard here: https://patchtuesdaydashboard.com
Microsoft Security Advisories
ADV990001 | Latest Servicing Stack Updates (Published:11/13/2018 | Last Updated:06/13/2023)
https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV990001
Reason for Revision: A Servicing Stack Update has been released for some versions of Windows.
NOTE: The Windows 10 Security Stack Updates are included in the monthly Cumulative Updates.
Known Issues
No new issues reported by Microsoft.
Microsoft continues to list unresolved older problems under the Known Issues for new patches. So if you have not yet experienced one of these issues it is unlikely it will occur now.
Good resource for known issues with Windows 10/11 patches. Find the version and click on “Known issues”.
Windows release health
https://docs.microsoft.com/en-us/windows/release-health/
Monthly Rollup/Security Only/Windows 10,11/Server 2016,2019,2022 KBs
Links are https://support.microsoft.com/en-us/help/####### with the KB number only.
Security and Quality Rollup
- KB5027275 – Windows Server 2008 R2 (ESU)
- KB5027271 – Windows Server 2012 R2
- KB5027283 – Windows Server 2012
- KB5027279 – Windows Server 2008 (ESU)
Security Only Update
- KB5027256 – Windows Server 2008 R2 (ESU)
- KB5027282 – Windows Server 2012 R2
- KB5027281 – Windows Server 2012
- KB5027277 – Windows Server 2008 (ESU)
Cumulative Updates
Windows 10
- KB5027230 – Original release version 1507 (OS Build 10240)
- KB5027219 – Version 1607 “Anniversary Update” (OS Build 14393)
- KB5027222 – Version 1809 “October 2018 Update” (OS Build 17763)
- KB5027215 – Version 21H2 “November 2021 Update” (OS Build 19044)
- KB5027215 – Version 22H2 “November 2022 Update” (OS Build 19045)
- (Versions 1511,1703,1709,1803,1903,2004, 20H2 are no longer under support)
Windows 11
- KB5027223 – 21H2 (OS Build 22000) Original release
- KB5027231 – 22H2 (OS Build 22621)
Windows Server
- KB5027219 – Server 2016 (same KB as Windows 10 Version 1607)
- KB5027222 – Server 2019 (same KB as Windows 10 Version 1809)
- KB5027225 – Server 2022 (OS Build 20348)
June 2023 updates for Microsoft Office
Notable CVEs
CVE-2023-24897 | .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability (Cumulative Update for .NET Framework)
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24897
“This security update addresses a vulnerability in the MSDIA SDK where corrupted PDBs can cause heap overflow, leading to a crash or remove code execution.”
CVE-2023-28310/CVE-2023-32031 | Microsoft Exchange Server Remote Code Execution Vulnerability (KB5025903,KB5026261)
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28310
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32031
“The attacker must be authenticated. An authenticated attacker who is on the same intranet as the Exchange server can achieve remote code execution via a PowerShell remoting session. The attacker for this vulnerability could target the server accounts in an arbitrary or remote code execution. As an authenticated user, the attacker could attempt to trigger malicious code in the context of the server’s account through a network call.”
CVE-2023-29357 | Microsoft SharePoint Server Elevation of Privilege Vulnerability (KB5002402,KB5002403)
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-29357
“An attacker who successfully exploited this vulnerability could gain administrator privileges.”
CVE-2023-29363/CVE-2023-32014/CVE-2023-32015 | Critical Vulnerabilities Affect Windows Pragmatic General Multicast (Cumulative Update/Monthly Rollup)
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-29363
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-32014
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-32015
“When Windows message queuing service is running in a PGM Server environment, an attacker could send a specially crafted file over the network to achieve remote code execution and attempt to trigger malicious code.”
CVE-2023-32013 | Windows Hyper-V Denial of Service Vulnerability (Cumulative Update)
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-32013
“Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.”
CVE-2023-32019 | Windows Kernel Information Disclosure Vulnerability (Cumulative Update/Monthly Rollup)
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32019
“An attacker who successfully exploited this vulnerability could view heap memory from a privileged process running on the server.”