Analyse Patch Tuesday - juin

Patch Tuesday Webinar
jeudi, 15 juin 2023
Présenté par Lauriane Mounier et Maxime Le Glatin

Agenda
June 2023 Patch Tuesday Overview
In the News
Bulletins and Releases
Between Patch Tuesdays
Q & A

Copyright © 2023 Ivanti. All rights reserved.
June Patch Tuesday 2023
We are at the half-way point for Patch Tuesday releases in 2023. This month Microsoft has resolved 78
new CVEs and has made updates to seven previously released CVEs for a total of 85 CVEs in this month’s
update. Six CVEs are rated as Critical. Two of the previously released CVEs have been confirmed to be
exploited, but no new CVEs are exploited or disclosed. Google has released a Chrome update resolving
five CVEs including one Critical CVE. While the overall release this month is not severe from a security
perspective, the updates apply to a broad set of Microsoft products including .Net Framework and
Exchange Server. This month’s update will have a lot more operational focus for organizations as Microsoft
has advanced changes in Kerberos and Netlogon to address vulnerabilities originally discovered in 2022.

In the News
 Fake zero-day PoC exploits on GitHub push Windows, Linux
malware
 Chinese Cyberspies Caught Exploiting VMware ESXi Zero-Day
 “the use of CVE-2023-20867 does not generate an
authentication log event on the guest VM when commands are
executed from the ESXi host”
 https://www.mandiant.com/resources/blog/vmware-esxi-zero-day-bypass
 Google fixes new Chrome zero-day flaw with exploit in the wild
 June 6 - Google is aware that an exploit for CVE-2023-3079
exists in the wild
 Apple urges users to upgrade their devices immediately to patch
three 'active' zero day exploits
 May 21 - The security patch was deployed using Apple's new
Rapid Security Response automatic update system

Known Exploited and Publicly Disclosed Vulnerability
 CVE-2021-34527 Windows Print Spooler Remote Code Execution
Vulnerability
 CVSS 3.0 Scores: 8.8 / 8.2
 Severity: Critical
 This was an information-only update to maintain awareness of PrintNightmare
 Per Microsoft - In the Security Updates table, added all supported editions of Windows 10
version 21H2, Windows 11 version 21H2, Windows 11 version 22H2, and Windows Server
2022 as they are affected by this vulnerability. Customers running any of these versions of
Windows should install listed updates or newer to be protected from this vulnerability. After
these updates are installed, please follow the advice included in the documentation on this
CVE. With this revision, products that are no longer in support have been removed.

Known Exploited and Publicly Disclosed Vulnerability
 CVE-2023-24880 Windows SmartScreen Security Feature Bypass
Vulnerability
 CVSS 3.1 Scores: 4.4 / 4.1
 Severity: Moderate
 This was an information-only update to the CVSS values
 Per Microsoft - An attacker can craft a malicious file that would evade Mark of the Web
(MOTW) defenses, resulting in a limited loss of integrity and availability of security features
such as Protected View in Microsoft Office, which rely on MOTW tagging.

Vulnerabilities of Interest
 CVE-2022-37967 Windows Kerberos Elevation of Privilege Vulnerability
 CVSS 3.1 Scores: 7.2 / 6.3
 Severity: Critical
 All supported server operating systems
 Per Microsoft - Microsoft is announcing the release of the third phase of Windows security
updates to address this vulnerability. These updates remove the ability to disable PAC
signature addition by setting the KrbtgtFullPacSignature subkey to a value of 0. Microsoft
strongly recommends that customers install the June updates to be fully protected from this
vulnerability, and review How to manage the Kerberos and Netlogon Protocol changes
related to CVE-2022-37967 for further information. Customers whose Windows devices are
configured to receive automatic updates do not need to take any further action.

Vulnerabilities of Interest
 CVE-2022-38023 Netlogon RPC Elevation of Privilege Vulnerability
 CVSS 3.1 Scores: 8.1 / 7.1
 Severity: Important
 This month begins ‘enforcement by default’.
 This has been a multi-year, multi-phase implementation to correct a complex system flaw.
For more details see KB5021130: How to manage the Netlogon protocol changes related to
CVE-2022-38023

Microsoft Patch Tuesday Updates of Interest
 Advisory 990001 Latest Servicing Stack Updates (SSU)
 https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV990001
 Windows Server 2012 and 2012 R2
 Azure and Development Tool Updates
 .NET 6.0
 .NET 7.0
 Azure DevOps Servers 2020-2022
 AutoDesk (multiple)
 GitHub (multiple)
 NuGet 6.x.x (multiple)
 Sysinternals Suite
 Visual Studio 2013 - 2022 (multiple)
 YARP 2.0
Source: Microsoft

Server 2012/2012 R2 EOL is Coming
 Lifecycle Fact Sheet
 https://docs.microsoft.com/en-us/lifecycle/products/windows-server-2012-r2
Source: Microsoft

Windows 10 and 11 Lifecycle Awareness
Windows 10 Enterprise and Education
Version Release Date End of Support Date
22H2 10/18/2022 5/13/2025
21H2 11/16/2021 6/11/2024
Windows 10 Home and Pro
22H2 10/18/2022 5/14/2024
21H2 11/16/2021 6/13/2023
Windows Server
2019 11/13/2019 1/9/2024
2022 8/18/2021 10/13/2026
Windows 11 Home and Pro
22H2 9/20/2022 10/8/2024
21H2 10/4/2021 10/10/2023
 Lifecycle Fact Sheet
 https://docs.microsoft.com/en-us/lifecycle/faq/windows

Patch Content Announcements
 Announcements Posted on Community Forum Pages
 https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2
 Subscribe to receive email for the desired product(s)

CHROME-230613: Security Update for Chrome Desktop
 Maximum Severity: Critical
 Affected Products: Google Chrome
 Description: The stable channel was updated to 114.0.5735.133/134 for Windows,
Mac and Linux. See https://chromereleases.googleblog.com/2023/06/stable-channel-
update-for-desktop_13.html for more details.
 Impact: Remote Code Execution
 Fixes 5 Vulnerabilities: See Google site for details
 Restart Required: Requires restart

MS23-06-W11: Windows 11 Update
 Affected Products: Microsoft Windows 11 Version 21H2, 22H2, and Edge
Chromium
 Description: This bulletin references KB 5027223 (21H2) and KB 5027231 (22H2).
 Impact: Remote Code Execution, Security Feature Bypass, Denial of Service,
Elevation of Privilege, Information Disclosure
 Fixes 32 Vulnerabilities: See the Security Update Guide for the complete list of
CVEs.
 Known Issues: See next slide

June Known Issues for Windows 11
 KB 5027231 – Windows 11 version 22H2
 [Provision] Using provisioning packages on Windows 11, version 22H2 (also called
Windows 11 2022 Update) might not work as expected. Windows might only be
partially configured, and the Out Of Box Experience might not finish or might restart
unexpectedly. Workaround: Provision before updating to 22H2. Microsoft is working
on a resolution.
 KB 5027223 – Windows 11 version 21H2
 [App Fail] Windows devices with some third-party UI customization apps might not
start up. These third-party apps might cause errors with explorer.exe that might repeat
multiple times in a loop. The known affected third-party UI customization apps are
ExplorerPatcher and StartAllBack. Workaround: Uninstall any third-party UI
customization app before installing this or later updates. Microsoft is investigating and
will provide more info in the future.

MS23-06-W10: Windows 10 Update
 Affected Products: Microsoft Windows 10 Versions 1607, 1809, 20H2, 21H1, 21H2,
Server 2016, Server 2019, Server 2022, Server 2022 Datacenter: Azure Edition and
Edge Chromium
 Description: This bulletin references 5 KB articles. See KBs for the list of changes.
 Impact: Remote Code Execution, Security Feature Bypass, Denial of Service,
Spoofing, Elevation of Privilege, Information Disclosure
CVEs.
 Known Issues: See next slide

June Known Issues for Windows 10
 KB 5027222 – Windows 10 Enterprise 2019 LTSC, Windows 10 IoT
Enterprise 2019 LTSC, Windows 10 IoT Core 2019 LTSC, Windows
Server 2019
 [Cluster Update] After installing KB 5001342 or later, the Cluster Service might fail
to start because a Cluster Network Driver is not found. Workaround: This issue
occurs because of an update to the PnP class drivers used by this service. After
about 20 minutes, you should be able to restart your device and not encounter this
issue. For more information about the specific errors, cause, and workaround for
this issue, please see KB 5003571.
 [Kiosk Login] After installing updates released January 10, 2023, and later, kiosk
device profiles that have auto log on enabled might not sign in automatically. After
Autopilot completes provisioning, affected devices will stay on the sign-in screen
prompting for credentials. Workaround: Microsoft is working on a resolution.

June Known Issues for Windows 10 (cont)
 KB 5027225 – Windows Server 2022
 [ESXi Fail] After installing this update on guest virtual machines (VMs) running
Windows Server 2022 on some versions of VMware ESXi, Windows Server 2022
might not start up. Only Windows Server 2022 VMs with Secure Boot enabled are
affected by this issue. Affected versions of VMware ESXi are versions vSphere
ESXi 7.0.x and below. Workaround: Please see VMware’s documentation to
mitigate this issue. Microsoft and VMware are investigating this issue and will
provide more information when it is available.

MS23-06-MR8: Monthly Rollup for Server 2012
 Affected Products: Microsoft Windows Server 2012 and IE
 Description: This cumulative security update contains improvements that are part of update
KB 5026419 (released May 9, 2023). This update also contains miscellaneous security
improvements to internal Windows OS functionality. Bulletin is based on KB 5027283.
 Impact: Remote Code Execution, Denial of Service, Spoofing, Elevation of Privilege,
Information Disclosure
 Fixes 20 Vulnerabilities: See the Security Update Guide for the complete list of CVEs.
 Known Issues: None reported

MS23-06-SO8: Security-only Update for Windows Server 2012
 Affected Products: Microsoft Windows Server 2012
 Description: This update contains miscellaneous security improvements to internal
Windows OS functionality. Bulletin is based on KB 5027281.
 Impact: Remote Code Execution, Denial of Service, Spoofing, Elevation of Privilege,
Information Disclosure
CVEs.

MS23-06-MR81: Monthly Rollup for Server 2012 R2
 Affected Products: Server 2012 R2 and IE
 Description: This cumulative security update includes improvements that are part of update
KB 5026415 (released May 9, 2023). This update also contains miscellaneous security
improvements to internal Windows OS functionality. Bulletin is based on KB 5027271.
 Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing,
NOTE: Windows 8.1 reached EOS on January 10, 2023.

MS23-06-SO81: Security-only for Server 2012 R2
 Affected Products: Server 2012 R2
 Description: This update contains miscellaneous security improvements to internal
Windows OS functionality. Bulletin is based on KB 5027282.
 Impact: Remote Code Execution, Security Feature Bypass, Denial of Service, Spoofing,
NOTE: Windows 8.1 reached EOS on January 10, 2023.

MS23-06-SPT: Security Updates for SharePoint Server
 Affected Products: Microsoft SharePoint Server Subscription Edition, SharePoint
Enterprise Server 2016, and SharePoint Server 2019
 Description: This security update resolves five security vulnerabilities and well as a
several non-security issues. This bulletin is based on 4 KB articles.
 Impact: Denial of Service, Spoofing, Elevation of Privilege
 Fixes 5 Vulnerabilities: CVE-2023-29357, CVE-2023-33129, CVE-2023-33130,
CVE-2023-33132 and CVE-2023-33142 are not publicly disclosed or known exploited.

MS23-06-MRNET: Monthly Rollup for Microsoft .NET
 Affected Products: Microsoft Windows .Net Framework 2.0 through 4.8.1
 Description: This update addresses 3 remote code execution, 1 elevation of
privilege and 2 denial of service vulnerabilities. This bulletin references 17 KB articles.
 Impact: Remote Code Execution, Denial of Service, Elevation of Privilege
CVE-2023-29326, CVE-2023-29331 and CVE-2023-32030 are not publicly disclosed
or known exploited.
 Restart Required: Does not require a system restart after you apply it unless files
that are being updated are locked or are being used.
 Known Issues: Microsoft released a security update to .NET Framework and .NET
which impacts how the runtime imports X.509 certificates. These changes may cause
X.509 certificate import to throw CryptographicException in scenarios where import
would have succeeded prior to the update. Check specific KB articles for guidance.

MS23-06-SONET: Security-only Update for Microsoft .NET
 Affected Products: Microsoft Windows .Net Framework 2.0 through 4.8.1
 Description: This update addresses 3 remote code execution, 1 elevation of
privilege and 2 denial of service vulnerabilities. This bulletin references 17 KB articles.
 Impact: Remote Code Execution, Denial of Service, Elevation of Privilege
CVE-2023-29326, CVE-2023-29331 and CVE-2023-32030 are not publicly disclosed
or known exploited.
 Restart Required: Does not require a system restart after you apply it unless files
that are being updated are locked or are being used.
 Known Issues: Microsoft released a security update to .NET Framework and .NET
which impacts how the runtime imports X.509 certificates. These changes may cause
X.509 certificate import to throw CryptographicException in scenarios where import
would have succeeded prior to the update. Check specific KB articles for guidance.

MS23-06-O365: Security Updates Microsoft 365 Apps, Office 2019
and Office LTSC 2021
 Maximum Severity: Important
 Affected Products: Microsoft 365 Apps, Office 2019 and Office LTSC 2021
 Description: This month’s update resolved various bugs and performance issues in
Office applications. Information on the security updates is available at
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates.
 Restart Required: Requires application restart

MS23-06-OFF: Security Updates for Microsoft Office
 Affected Products: Excel 2013 & 2016, Office 2019 & Office LTSC 2021 for Mac,
Office Online Server, OneNote for Universal, Outlook 2103 & 2016
 Description: This security update resolves security issues in Microsoft Excel and
Outlook. This bulletin references 5 KB articles, and release notes for the Mac updates.
 Impact: Remote Code Execution, Spoofing
 Restart Required: Requires application restart

MS23-06-EXCH: Security Updates for Exchange Server
 Affected Products: Microsoft Exchange Server 2016 CU23, and Exchange
Server 2019 CU12 & CU13.
 Description: This security update rollup resolves 2 remote code execution
vulnerabilities as well as several non-security issues in Microsoft Exchange
Server. This bulletin is based on KB 5025903 and KB 5026261.
 Fixes 2 Vulnerabilities: CVE-2023-28310 and CVE-2023-32031 are not
publicly disclosed or known exploited.

Windows Release Summary
 Security Updates (with CVEs): Google Chrome (3), Firefox (1), Firefox ESR (1), Apple iTunes (1),
Wireshark (2)
 Security Updates (w/o CVEs): Adobe Acrobat DC and Acrobat Reader DC (1), Apache Tomcat (3),
Audacity (1), Box Edit (2), CCleaner (2), ClickShare App Machine-Wide Installer (2), Citrix Workspace App
(1), Docker for Windows (2), Dropbox (2), Evernote (4), Firefox (3), Foxit PDF Editor (2), GoodSync (2), GIT
for windows (1), Jabra Direct (1), LibreOffice (2), LogMeIn (2), Malwarebytes (1), Node.JS (Current) (2),
Notepad++ (1),Opera (1), Paint.net (2), Pulse Secure VPN Desktop Client (1), Python (1), Recuva (1), Royal
TS (2), Screenpresso (1), Skype (2), Slack Machine-Wide Installer (2), Splunk Universal Forwarder (2),
Sourcetree for Windows Enterprise (1), Tableau Desktop (4), Tableau Prep (1), Tableau Reader (1),
Thunderbird (3), TeamViewer (3), WinSCP (1), WinRAR (1), Zoom Client (2), Zoom Outlook Plugin (1), Zoom
VDI (1)
 Non-Security Updates: 8x8 Work Desktop (1), AIMP (1), Bitwarden (1), Client for Open Enterprise
Server (1), Google Drive File Stream (1), GeoGebra Classic (2), KeePass Pro (1), KeePassXC (1),
NextCloud Desktop Client (1), PDF24 Creator (1), RingCentral App (Machine-Wide Installer) (2), Rocket.Chat
Desktop Client (1), RealVNC Server (2), RealVNC Viewer (2), WeCom (1)

Windows Third Party CVE Information
 Google Chrome 113.0.5672.127
 CHROME-230516, QGC11305672127
 Fixes 6 Vulnerabilities: CVE-2023-2721, CVE-2023-2722, CVE-2023-2723, CVE-
2023-2725, CVE-2023-2724, CVE-2023-2726
 CHROME-230530, QGC1140573591
2023-2932, CVE-2023-2933, CVE-2023-2935, CVE-2023-2934, CVE-2023-2937,
CVE-2023-2936, CVE-2023-2938, CVE-2023-2939, CVE-2023-2941, CVE-2023-2940
 CHROME-230605, QGC11405735110
 Fixes 1 Vulnerability: CVE-2023-3079

Windows Third Party CVE Information (cont)
 Firefox 114.0
 FF-230606, QFF1140
2023-34416
 Firefox ESR 102.12.0
 FFE-230606, QFFE102120
 Fixes 2 Vulnerabilities: CVE-2023-34416, CVE-2023-34414
 Apple iTunes 12.12.9.4
 ITUNES-230524, QITUNES121294

Windows Third Party CVE Information (cont)
 Wireshark 3.6.14
 WIRES36-230525, QWIRES3614EXE & QWIRES3614MSI
2023-2856, CVE-2023-2857
 Wireshark 4.0.6
 WIRES40-230525, QWIRES406EXE & QWIRES406MSI
2023-2855, CVE-2023-2856, CVE-2023-2857, CVE-2023-2858

Apple Release Summary
 Security Updates (with CVEs): Google Chrome (3), Firefox (1), Firefox ESR (1), Microsoft Edge (3),
Microsoft Office 2019 (1), macOS Monterey (1), macOS Ventura (1), macOS Big Sur (1), Safari (1)
 Security Updates (w/o CVEs): Thunderbird (1)
 Non-Security Updates: Alfred (1), Adobe Acrobat DC and Acrobat Reader DC (1), aText (1), BBEdit
(1), Dropbox (2), Evernote (4), Firefox (3), Google Drive (1), Hazel (1), LibreOffice (1), Microsoft AutoUpdate
(1), Microsoft Edge (2), Skype (1), Slack (2), Spotify (3), Thunderbird (2), Microsoft Teams (Mac) (1), Visual
Studio Code (1), Zoom Client (1)

Apple Updates CVE Information
 macOS Ventura 13.4
 HT213578
 Fixes 51 Vulnerabilities:CVE-2023-27940, CVE-2023-27930, CVE-2023-28191, CVE-2023-
32355, CVE-2023-28202, CVE-2023-32369, CVE-2023-28204, CVE-2023-32371, CVE-
2023-32352, CVE-2023-32372, CVE-2023-32357, CVE-2023-32373, CVE-2023-32360,
CVE-2023-32380, CVE-2023-32363, CVE-2023-32382, CVE-2023-32367, CVE-2023-
2023-32376, CVE-2023-32391, CVE-2023-32386, CVE-2023-32397, CVE-2023-32388,
2023-32395, CVE-2023-32409, CVE-2023-32402, CVE-2023-32410, CVE-2023-32403,
2023-32415

 macOS Monterey 12.6.6
 HT213759
2023-27945, CVE-2023-32352, CVE-2023-32357, CVE-2023-32355, CVE-2023-
32368, CVE-2023-32360, CVE-2023-32369, CVE-2023-32380, CVE-2023-32375,
32387, CVE-2023-32395, CVE-2023-32388, CVE-2023-32397, CVE-2023-32398,
32412, CVE-2023-32407, CVE-2023-32413, CVE-2023-32410
 Safari 16.5
 HT213762
2023-32402, CVE-2023-32409

 macOS Big Sur 11.7.7
 HT213760
2023-28181, CVE-2023-32360, CVE-2023-28191, CVE-2023-32380, CVE-2023-
32357, CVE-2023-32382, CVE-2023-32369, CVE-2023-32384, CVE-2023-32386,
32392, CVE-2023-32411, CVE-2023-32395, CVE-2023-32412, CVE-2023-32403,
CVE-2023-32413, CVE-2023-32405, CVE-2023-32407, CVE-2023-32410

Apple Third Party CVE Information
 CHROMEMAC-230516
2023-2725, CVE-2023-2724, CVE-2023-2726
2023-2931, CVE-2023-2932, CVE-2023-2933, CVE-2023-2935, CVE-2023-2934,
2941, CVE-2023-2940

Apple Third Party CVE Information (cont)
 Microsoft Edge 113.0.1774.50
 MEDGEMAC-230518
2023-2725, CVE-2023-2724, CVE-2023-2726
 MEDGEMAC-230602
 MEDGEMAC-230606

Apple Third Party CVE Information (cont)
 Firefox 114.0
 FF-230606
 Fixes 4 Vulnerabilities: CVE-2023-34414, CVE-2023-34415, CVE-2023-34417, CVE-2023-
34416
 Firefox ESR 102.12.0
 FFE-230606
 Microsoft Office 2019 16.73
 EXCEL19-230516, OUTLOOK19-230516, ONENOTE19-230516, POWERPOINT19-230516

Thank You!

Analyse Patch Tuesday - juin

Recommended

Recommended

More Related Content

Similar to Analyse Patch Tuesday - juin

Similar to Analyse Patch Tuesday - juin (20)

More from Ivanti

More from Ivanti (20)

Recently uploaded

Recently uploaded (20)

Analyse Patch Tuesday - juin