Microsoft’s June 2023 Patch Tuesday Addresses 70 CVEs (CVE-2023-29357)

Microsoft addresses 70 CVEs in its June 2023 Patch Tuesday update including six rated as critical.

1. 6Critical
2. 62Important
3. 1Moderate
4. 1Low

Microsoft Patched 70 CVEs in its June Patch Tuesday Release, with six rated as critical, 62 rated as important, 1 rated as moderate and 1 rated as low. As part of its Patch Tuesday release, Microsoft published several non-Microsoft CVEs including five vulnerabilities for GitHub and three vulnerabilities for AutoDesk. We did not include these advisories in our overall Patch Tuesday counts.

This month’s update includes patches for:

• .NET Core
• 3D Builder
• Azure Service Fabric Container
• Microsoft Bluetooth Driver
• Microsoft Edge (Chromium-based)
• Microsoft Exchange Server
• Microsoft Graphics Component
• Microsoft Local Security Authority Server (lsasrv)
• Microsoft Message Queuing
• Microsoft Office
• Microsoft Office SharePoint
• Microsoft Office Visio
• Microsoft WDAC OLE DB provider for SQL
• Visual Studio Code
• Windows ALPC
• Windows Ancillary Function Driver for WinSock
• Windows Authentication Methods
• Windows Backup Engine
• Windows Bind Filter Driver
• Windows BitLocker
• Windows Boot Manager
• Windows Credential Manager
• Windows Cryptographic Services
• Windows DWM Core Library
• Windows Error Reporting
• Windows Event Tracing
• Windows IKE Extension
• Windows Installer
• Windows Internet Key Exchange (IKE) Protocol
• Windows iSCSI
• Windows Kernel
• Windows Layer 2 Tunneling Protocol
• Windows LDAP - Lightweight Directory Access Protocol
• Windows Local Security Authority (LSA)
• Windows Local Session Manager (LSM)
• Windows Malicious Software Removal Tool
• Windows Management Instrumentation
• Windows MSCryptDImportKey
• Windows NTLM
• Windows ODBC Driver
• Windows Overlay Filter
• Windows Point-to-Point Tunneling Protocol
• Windows Print Spooler Components
• Windows Remote Access Service L2TP Driver
• Windows RPC API
• Windows Secure Socket Tunneling Protocol (SSTP)
• Windows Smart Card
• Windows Task Scheduler
• Windows Virtual Registry Provider
• Windows Workstation Service

Remote code execution (RCE) vulnerabilities accounted for 37.1% of the vulnerabilities patched this month, followed by elevation of privilege (EoP) vulnerabilities at 24.3%.

Windows 10 21H2 End Of Life

Microsoft announced that Windows 10 21H2 has reached its end of life for Home, Pro, Pro Education, and Pro for Workstations editions. This means that users of these versions of Windows 10 21H2 will no longer receive security updates and should upgrade as soon as possible. Plugin ID 170963 can be used to identify hosts that have unsupported installations of Windows 10 version 21H2.

Tenable Solutions

Users can create scans that focus specifically on our Patch Tuesday plugins. From a new advanced scan, in the plugins tab, set an advanced filter for Plugin Name contains June 2023.

With that filter set, click the plugin families to the left and enable each plugin that appears on the right side. Note: If your families on the left say Enabled, then all the plugins in that family are set. Disable the whole family before selecting the individual plugins for this scan. Here’s an example from Tenable Vulnerability Management:

A list of all the plugins released for Tenable’s June 2023 Patch Tuesday update can be found here. As always, we recommend patching systems as soon as possible and regularly scanning your environment to identify those systems yet to be patched.

Get more information

• Microsoft's June 2023 Security Updates
• Tenable plugins for Microsoft June 2023 Patch Tuesday Security Updates

Join Tenable's Security Response Team on the Tenable Community.

Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.