Microsoft Security Bulletin Coverage for June 2023
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of June 2023. A list of issues reported, along with SonicWall coverage information, is as follows:
CVE-2023-28310 Microsoft Exchange Server Remote Code Execution Vulnerability
ASPY 452 : Malformed-xml xml.MP_7
CVE-2023-29357 Microsoft SharePoint Server Elevation of Privilege Vulnerability
IPS 3917 : Microsoft SharePoint Server Elevation of Privilege (CVE-2023-29357)
CVE-2023-29358 Windows GDI Elevation of Privilege Vulnerability
ASPY 453 : Exploit-exe exe.MP_326
CVE-2023-29360 Windows TPM Device Driver Elevation of Privilege Vulnerability
ASPY 454 : Exploit-exe exe.MP_327
CVE-2023-29361 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
ASPY 455 : Exploit-exe exe.MP_328
CVE-2023-29371 Windows GDI Elevation of Privilege Vulnerability
ASPY 456 : Exploit-exe exe.MP_329
The following vulnerabilities do not have exploits in the wild :
CVE-2023-21565 Azure DevOps Server Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2023-21569 Azure DevOps Server Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2023-24895 .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-24896 Dynamics Finance and Operations Cross-site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2023-24897 .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-24936 .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-24937 Windows CryptoAPI Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2023-24938 Windows CryptoAPI Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2023-29326 .NET Framework Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-29331 .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2023-29337 NuGet Client Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-29346 NTFS Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-29351 Windows Group Policy Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-29352 Windows Remote Desktop Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2023-29353 Sysinternals Process Monitor for Windows Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2023-29355 DHCP Server Service Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2023-29359 GDI Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-29362 Remote Desktop Client Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-29363 Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-29364 Windows Authentication Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-29365 Windows Media Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-29366 Windows Geolocation Service Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-29367 iSCSI Target WMI Provider Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-29368 Windows Filtering Platform Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-29369 Remote Procedure Call Runtime Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2023-29370 Windows Media Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-29372 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-29373 Microsoft ODBC Driver Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-32008 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-32009 Windows Collaborative Translation Framework Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-32010 Windows Bus Filter Driver Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-32011 Windows iSCSI Discovery Service Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2023-32012 Windows Container Manager Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-32013 Windows Hyper-V Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2023-32014 Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-32015 Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-32016 Windows Installer Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2023-32017 Microsoft PostScript Printer Driver Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-32018 Windows Hello Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-32019 Windows Kernel Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2023-32020 Windows DNS Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2023-32021 Windows SMB Witness Service Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2023-32022 Windows Server Service Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2023-32024 Microsoft Power Apps Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2023-32029 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-32030 .NET and Visual Studio Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2023-32031 Microsoft Exchange Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-32032 .NET and Visual Studio Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-33126 .NET and Visual Studio Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-33128 .NET and Visual Studio Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-33129 Microsoft SharePoint Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2023-33130 Microsoft SharePoint Server Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2023-33131 Microsoft Outlook Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-33132 Microsoft SharePoint Server Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2023-33133 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-33135 .NET and Visual Studio Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-33137 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2023-33139 Visual Studio Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2023-33140 Microsoft OneNote Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2023-33141 Yet Another Reverse Proxy (YARP) Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2023-33142 Microsoft SharePoint Server Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2023-33144 Visual Studio Code Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2023-33146 Microsoft Office Remote Code Execution Vulnerability
There are no known exploits in the wild.