Microsoft June 2023 Security Updates

Security 10808 Published 2023-06-13 21:41 by Philipp Esselbach

News

Microsoft has announced the security updates for June 2023.

June 2023 Security Updates
This release consists of the following 73 Microsoft CVEs:
Tag CVE Exploitability Mitigations?
Azure DevOps CVE-2023-21565 Exploitation Less Likely
No
Azure DevOps CVE-2023-21569 Exploitation Less Likely
No
.NET and Visual Studio CVE-2023-24895 Exploitation Less Likely
No
Microsoft Dynamics CVE-2023-24896 Exploitation Less Likely
No
.NET and Visual Studio CVE-2023-24897 Exploitation Less Likely
No
.NET and Visual Studio CVE-2023-24936 Exploitation Less Likely
No
Windows CryptoAPI CVE-2023-24937 Exploitation Less Likely
No
Windows CryptoAPI CVE-2023-24938 Exploitation Less Likely
No
Microsoft Exchange Server CVE-2023-28310 Exploitation More Likely
No
.NET Framework CVE-2023-29326 Exploitation Less Likely
No
.NET Core CVE-2023-29331 Exploitation Less Likely
No
NuGet Client CVE-2023-29337 Exploitation Less Likely
No
Microsoft Edge (Chromium-based) CVE-2023-29345 Exploitation Less Likely
No
Windows NTFS CVE-2023-29346 Exploitation Less Likely
No
Windows Group Policy CVE-2023-29351 Exploitation Less Likely
No
Remote Desktop Client CVE-2023-29352 Exploitation Less Likely
No
SysInternals CVE-2023-29353 Exploitation Less Likely
No
Windows DHCP Server CVE-2023-29355 Exploitation Less Likely
Yes
Microsoft Office SharePoint CVE-2023-29357 Exploitation More Likely
Yes
Windows GDI CVE-2023-29358 Exploitation More Likely
No
Windows Win32K CVE-2023-29359 Exploitation More Likely
No
Windows TPM Device Driver CVE-2023-29360 Exploitation More Likely
No
Windows Cloud Files Mini Filter Driver CVE-2023-29361 Exploitation More Likely
No
Remote Desktop Client CVE-2023-29362 Exploitation Less Likely
No
Windows PGM CVE-2023-29363 Exploitation Less Likely
Yes
Windows Authentication Methods CVE-2023-29364 Exploitation Less Likely
No
Microsoft Windows Codecs Library CVE-2023-29365 Exploitation Less Likely
No
Windows Geolocation Service CVE-2023-29366 Exploitation Less Likely
No
Windows OLE CVE-2023-29367 Exploitation Less Likely
No
Windows Filtering CVE-2023-29368 Exploitation Less Likely
No
Windows Remote Procedure Call Runtime CVE-2023-29369 Exploitation Less Likely
No
Microsoft Windows Codecs Library CVE-2023-29370 Exploitation Less Likely
No
Windows Win32K CVE-2023-29371 Exploitation More Likely
No
Microsoft WDAC OLE DB provider for SQL CVE-2023-29372 Exploitation Less Likely
No
Windows ODBC Driver CVE-2023-29373 Exploitation Less Likely
No
Windows Resilient File System (ReFS) CVE-2023-32008 Exploitation Less Likely
No
Windows Collaborative Translation Framework CVE-2023-32009 Exploitation Less Likely
No
Windows Bus Filter Driver CVE-2023-32010 Exploitation Less Likely
No
Windows iSCSI CVE-2023-32011 Exploitation Less Likely
No
Windows Container Manager Service CVE-2023-32012 Exploitation Less Likely
No
Windows Hyper-V CVE-2023-32013 Exploitation Less Likely
No
Windows PGM CVE-2023-32014 Exploitation Less Likely
Yes
Windows PGM CVE-2023-32015 Exploitation Less Likely
Yes
Windows Installer CVE-2023-32016 Exploitation Less Likely
No
Microsoft Printer Drivers CVE-2023-32017 Exploitation Less Likely
No
Windows Hello CVE-2023-32018 Exploitation Less Likely
No
Windows Kernel CVE-2023-32019 Exploitation Less Likely
No
Role: DNS Server CVE-2023-32020 Exploitation Less Likely
No
Windows SMB CVE-2023-32021 Exploitation Less Likely
Yes
Windows Server Service CVE-2023-32022 Exploitation Less Likely
Yes
Microsoft Power Apps CVE-2023-32024 Exploitation Less Likely
No
Microsoft Office Excel CVE-2023-32029 Exploitation Less Likely
No
.NET and Visual Studio CVE-2023-32030 Exploitation Less Likely
No
Microsoft Exchange Server CVE-2023-32031 Exploitation More Likely
No
.NET and Visual Studio CVE-2023-32032 Exploitation Less Likely
No
.NET and Visual Studio CVE-2023-33126 Exploitation Less Likely
No
.NET and Visual Studio CVE-2023-33127 Exploitation Less Likely
No
.NET and Visual Studio CVE-2023-33128 Exploitation Less Likely
No
Microsoft Office SharePoint CVE-2023-33129 Exploitation Less Likely
No
Microsoft Office SharePoint CVE-2023-33130 Exploitation Less Likely
No
Microsoft Office Outlook CVE-2023-33131 Exploitation Less Likely
No
Microsoft Office SharePoint CVE-2023-33132 Exploitation Less Likely
No
Microsoft Office Excel CVE-2023-33133 Exploitation Less Likely
No
.NET and Visual Studio CVE-2023-33135 Exploitation Less Likely
No
Microsoft Office Excel CVE-2023-33137 Exploitation Less Likely
No
Visual Studio CVE-2023-33139 Exploitation Less Likely
No
Microsoft Office OneNote CVE-2023-33140 Exploitation Less Likely
No
ASP .NET CVE-2023-33141 Exploitation Less Likely
No
Microsoft Office SharePoint CVE-2023-33142 Exploitation Less Likely
No
Microsoft Edge (Chromium-based) CVE-2023-33143 Exploitation Less Likely
No
Visual Studio Code CVE-2023-33144 Exploitation Less Likely
No
Microsoft Edge (Chromium-based) CVE-2023-33145 Exploitation Less Likely
No
Microsoft Office CVE-2023-33146 Exploitation Less Likely
No
We are republising 22 non-Microsoft CVEs:
CNA Tag CVE FAQs? Workarounds? Mitigations?
Chrome Microsoft Edge (Chromium-based) CVE-2023-2929 Yes No No
Chrome Microsoft Edge (Chromium-based) CVE-2023-2930 Yes No No
Chrome Microsoft Edge (Chromium-based) CVE-2023-2931 Yes No No
Chrome Microsoft Edge (Chromium-based) CVE-2023-2932 Yes No No
Chrome Microsoft Edge (Chromium-based) CVE-2023-2933 Yes No No
Chrome Microsoft Edge (Chromium-based) CVE-2023-2934 Yes No No
Chrome Microsoft Edge (Chromium-based) CVE-2023-2935 Yes No No
Chrome Microsoft Edge (Chromium-based) CVE-2023-2936 Yes No No
Chrome Microsoft Edge (Chromium-based) CVE-2023-2937 Yes No No
Chrome Microsoft Edge (Chromium-based) CVE-2023-2938 Yes No No
Chrome Microsoft Edge (Chromium-based) CVE-2023-2939 Yes No No
Chrome Microsoft Edge (Chromium-based) CVE-2023-2940 Yes No No
Chrome Microsoft Edge (Chromium-based) CVE-2023-2941 Yes No No
Chrome Microsoft Edge (Chromium-based) CVE-2023-3079 Yes No No
Github Visual Studio CVE-2023-25815 Yes No No
Github Visual Studio CVE-2023-25652 Yes No No
AutoDesk Visual Studio CVE-2023-27909 Yes No No
AutoDesk Visual Studio CVE-2023-27910 Yes No No
AutoDesk Visual Studio CVE-2023-27911 Yes No No
Github Visual Studio CVE-2023-29007 Yes No No
Github Visual Studio CVE-2023-29011 Yes No No
Github Visual Studio CVE-2023-29012 Yes No No
Security Update Guide Blog Posts
Date Blog Post
January 11, 2022 Coming Soon: New Security Update Guide Notification System
February 9, 2021 Continuing to Listen: Good News about the Security Update Guide API
January 13, 2021 Security Update Guide Supports CVEs Assigned by Industry Partners
December 8, 2020 Security Update Guide: Let’s keep the conversation going
November 9, 2020 Vulnerability Descriptions in the New Version of the Security Update Guide
Relevant Resources
The new Hotpatching feature is now generally available. Please see Hotpatching feature for Windows Server Azure Edition virtual machines (VMs) for more information.
Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.
A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.
Known Issues
You can see these in more detail from the Deployments tab by selecting Known Issues column in the Edit Columns panel.

For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).

KB Article Applies To
5027215 Windows 10, version 21H2 and Windows 10, version 22H2
5027222 Windows 10, version 1809, Windows Server 2019
5027223 Windows 11, version 21H2
5027225 Windows Server 2022
5027231 Windows 11, version 22H2
5027256 Windows Server 2008 R2 (Security-only update)
5027275 Windows Server 2008 R2 (Monthly Rollup)
5027277 Windows Server 2008 (Security-only update)
5027279 Windows Server 2008 (Monthly Rollup)

Security Update Guide - Microsoft Security Response Center

Tag	CVE	Exploitability	Mitigations?
Azure DevOps	CVE-2023-21565	Exploitation Less Likely	No
Azure DevOps	CVE-2023-21569	Exploitation Less Likely	No
.NET and Visual Studio	CVE-2023-24895	Exploitation Less Likely	No
Microsoft Dynamics	CVE-2023-24896	Exploitation Less Likely	No
.NET and Visual Studio	CVE-2023-24897	Exploitation Less Likely	No
.NET and Visual Studio	CVE-2023-24936	Exploitation Less Likely	No
Windows CryptoAPI	CVE-2023-24937	Exploitation Less Likely	No
Windows CryptoAPI	CVE-2023-24938	Exploitation Less Likely	No
Microsoft Exchange Server	CVE-2023-28310	Exploitation More Likely	No
.NET Framework	CVE-2023-29326	Exploitation Less Likely	No
.NET Core	CVE-2023-29331	Exploitation Less Likely	No
NuGet Client	CVE-2023-29337	Exploitation Less Likely	No
Microsoft Edge (Chromium-based)	CVE-2023-29345	Exploitation Less Likely	No
Windows NTFS	CVE-2023-29346	Exploitation Less Likely	No
Windows Group Policy	CVE-2023-29351	Exploitation Less Likely	No
Remote Desktop Client	CVE-2023-29352	Exploitation Less Likely	No
SysInternals	CVE-2023-29353	Exploitation Less Likely	No
Windows DHCP Server	CVE-2023-29355	Exploitation Less Likely	Yes
Microsoft Office SharePoint	CVE-2023-29357	Exploitation More Likely	Yes
Windows GDI	CVE-2023-29358	Exploitation More Likely	No
Windows Win32K	CVE-2023-29359	Exploitation More Likely	No
Windows TPM Device Driver	CVE-2023-29360	Exploitation More Likely	No
Windows Cloud Files Mini Filter Driver	CVE-2023-29361	Exploitation More Likely	No
Remote Desktop Client	CVE-2023-29362	Exploitation Less Likely	No
Windows PGM	CVE-2023-29363	Exploitation Less Likely	Yes
Windows Authentication Methods	CVE-2023-29364	Exploitation Less Likely	No
Microsoft Windows Codecs Library	CVE-2023-29365	Exploitation Less Likely	No
Windows Geolocation Service	CVE-2023-29366	Exploitation Less Likely	No
Windows OLE	CVE-2023-29367	Exploitation Less Likely	No
Windows Filtering	CVE-2023-29368	Exploitation Less Likely	No
Windows Remote Procedure Call Runtime	CVE-2023-29369	Exploitation Less Likely	No
Microsoft Windows Codecs Library	CVE-2023-29370	Exploitation Less Likely	No
Windows Win32K	CVE-2023-29371	Exploitation More Likely	No
Microsoft WDAC OLE DB provider for SQL	CVE-2023-29372	Exploitation Less Likely	No
Windows ODBC Driver	CVE-2023-29373	Exploitation Less Likely	No
Windows Resilient File System (ReFS)	CVE-2023-32008	Exploitation Less Likely	No
Windows Collaborative Translation Framework	CVE-2023-32009	Exploitation Less Likely	No
Windows Bus Filter Driver	CVE-2023-32010	Exploitation Less Likely	No
Windows iSCSI	CVE-2023-32011	Exploitation Less Likely	No
Windows Container Manager Service	CVE-2023-32012	Exploitation Less Likely	No
Windows Hyper-V	CVE-2023-32013	Exploitation Less Likely	No
Windows PGM	CVE-2023-32014	Exploitation Less Likely	Yes
Windows PGM	CVE-2023-32015	Exploitation Less Likely	Yes
Windows Installer	CVE-2023-32016	Exploitation Less Likely	No
Microsoft Printer Drivers	CVE-2023-32017	Exploitation Less Likely	No
Windows Hello	CVE-2023-32018	Exploitation Less Likely	No
Windows Kernel	CVE-2023-32019	Exploitation Less Likely	No
Role: DNS Server	CVE-2023-32020	Exploitation Less Likely	No
Windows SMB	CVE-2023-32021	Exploitation Less Likely	Yes
Windows Server Service	CVE-2023-32022	Exploitation Less Likely	Yes
Microsoft Power Apps	CVE-2023-32024	Exploitation Less Likely	No
Microsoft Office Excel	CVE-2023-32029	Exploitation Less Likely	No
.NET and Visual Studio	CVE-2023-32030	Exploitation Less Likely	No
Microsoft Exchange Server	CVE-2023-32031	Exploitation More Likely	No
.NET and Visual Studio	CVE-2023-32032	Exploitation Less Likely	No
.NET and Visual Studio	CVE-2023-33126	Exploitation Less Likely	No
.NET and Visual Studio	CVE-2023-33127	Exploitation Less Likely	No
.NET and Visual Studio	CVE-2023-33128	Exploitation Less Likely	No
Microsoft Office SharePoint	CVE-2023-33129	Exploitation Less Likely	No
Microsoft Office SharePoint	CVE-2023-33130	Exploitation Less Likely	No
Microsoft Office Outlook	CVE-2023-33131	Exploitation Less Likely	No
Microsoft Office SharePoint	CVE-2023-33132	Exploitation Less Likely	No
Microsoft Office Excel	CVE-2023-33133	Exploitation Less Likely	No
.NET and Visual Studio	CVE-2023-33135	Exploitation Less Likely	No
Microsoft Office Excel	CVE-2023-33137	Exploitation Less Likely	No
Visual Studio	CVE-2023-33139	Exploitation Less Likely	No
Microsoft Office OneNote	CVE-2023-33140	Exploitation Less Likely	No
ASP .NET	CVE-2023-33141	Exploitation Less Likely	No
Microsoft Office SharePoint	CVE-2023-33142	Exploitation Less Likely	No
Microsoft Edge (Chromium-based)	CVE-2023-33143	Exploitation Less Likely	No
Visual Studio Code	CVE-2023-33144	Exploitation Less Likely	No
Microsoft Edge (Chromium-based)	CVE-2023-33145	Exploitation Less Likely	No
Microsoft Office	CVE-2023-33146	Exploitation Less Likely	No

CNA	Tag	CVE	FAQs?	Workarounds?	Mitigations?
Chrome	Microsoft Edge (Chromium-based)	CVE-2023-2929	Yes	No	No
Chrome	Microsoft Edge (Chromium-based)	CVE-2023-2930	Yes	No	No
Chrome	Microsoft Edge (Chromium-based)	CVE-2023-2931	Yes	No	No
Chrome	Microsoft Edge (Chromium-based)	CVE-2023-2932	Yes	No	No
Chrome	Microsoft Edge (Chromium-based)	CVE-2023-2933	Yes	No	No
Chrome	Microsoft Edge (Chromium-based)	CVE-2023-2934	Yes	No	No
Chrome	Microsoft Edge (Chromium-based)	CVE-2023-2935	Yes	No	No
Chrome	Microsoft Edge (Chromium-based)	CVE-2023-2936	Yes	No	No
Chrome	Microsoft Edge (Chromium-based)	CVE-2023-2937	Yes	No	No
Chrome	Microsoft Edge (Chromium-based)	CVE-2023-2938	Yes	No	No
Chrome	Microsoft Edge (Chromium-based)	CVE-2023-2939	Yes	No	No
Chrome	Microsoft Edge (Chromium-based)	CVE-2023-2940	Yes	No	No
Chrome	Microsoft Edge (Chromium-based)	CVE-2023-2941	Yes	No	No
Chrome	Microsoft Edge (Chromium-based)	CVE-2023-3079	Yes	No	No
Github	Visual Studio	CVE-2023-25815	Yes	No	No
Github	Visual Studio	CVE-2023-25652	Yes	No	No
AutoDesk	Visual Studio	CVE-2023-27909	Yes	No	No
AutoDesk	Visual Studio	CVE-2023-27910	Yes	No	No
AutoDesk	Visual Studio	CVE-2023-27911	Yes	No	No
Github	Visual Studio	CVE-2023-29007	Yes	No	No
Github	Visual Studio	CVE-2023-29011	Yes	No	No
Github	Visual Studio	CVE-2023-29012	Yes	No	No

Date	Blog Post
January 11, 2022	Coming Soon: New Security Update Guide Notification System
February 9, 2021	Continuing to Listen: Good News about the Security Update Guide API
January 13, 2021	Security Update Guide Supports CVEs Assigned by Industry Partners
December 8, 2020	Security Update Guide: Let’s keep the conversation going
November 9, 2020	Vulnerability Descriptions in the New Version of the Security Update Guide

KB Article	Applies To
5027215	Windows 10, version 21H2 and Windows 10, version 22H2
5027222	Windows 10, version 1809, Windows Server 2019
5027223	Windows 11, version 21H2
5027225	Windows Server 2022
5027231	Windows 11, version 22H2
5027256	Windows Server 2008 R2 (Security-only update)
5027275	Windows Server 2008 R2 (Monthly Rollup)
5027277	Windows Server 2008 (Security-only update)
5027279	Windows Server 2008 (Monthly Rollup)

Azure SDK Release (June 2023)

Fedora 38 Update: php-8.2.7-2.fc38

Microsoft June 2023 Security Updates

June 2023 Security Updates

This release consists of the following 73 Microsoft CVEs:

We are republising 22 non-Microsoft CVEs:

Security Update Guide Blog Posts

Relevant Resources

Known Issues

Windows

Linux

macOS

Community