June’s Patch Tuesday release from Microsoft gives admins some breathing room with no reported zero-days and only 70 total vulnerabilities to patch as we launch into summer.
But that doesn’t mean admins are totally off the hook this month. Several critical vulnerabilities should get your attention, including a CVSS 9.8 elevation of privilege vulnerability affecting Microsoft SharePoint. CVE-2023-29357 opens the doors for attackers to gain access to spoofed JWT authentication tokens to then use them to execute a network attack, with no privileges or user action needed.
There are also three critical remote code execution vulnerabilities affecting Windows Pragmatic General Multicast (PGM) that all score a CVSS 9.8 and should be patched within 24 hours.
Other vulnerabilities to prioritize include a Microsoft Exchange Server vulnerability that scores a CVSS 8.8 which attackers could use to target server accounts in an arbitrary or remote code execution and gain access. And there’s a Windows TPM Device Driver vulnerability that Microsoft notes is more likely to be exploited because no user interaction is needed, and via which a successful attacker could gain SYSTEM privileges.
Read on HERE for details…and happy patching!