Important Vulnerabilities in Microsoft’s June 2023 Security Update

Background / What has happened?

The Australian Signals Directorate’s Australian Cyber Security Centre (ASD's ACSC) has reviewed the Microsoft June 2023 Security Update.

The following vulnerabilities are important based on their severity, widespread use of the related product and/or likelihood of exploitation.

A Critical rated vulnerability which could allow an attacker to gain administrator privileges.
An attacker requires access to an authentication token (Known as a JSON Web Token).
The attacker can impersonate a user with this token, and use it to gain the same level of access.

An attacker who is authenticated can attempt to trigger malicious code on the exchange server.
It is not clear what level of authentication is required. It is possible this may allow a non-administrator to trigger malicious code, which in turn may give them control of the server.
This vulnerability is listed as ‘more likely’ to be exploited. Both Exchange Server 2016 & 2019 are vulnerable.

Multiple Critical Remote Code Execution vulnerabilities have been addressed in Microsoft Message Quering Service (MSMQ), when running in a Pragmatic General Multicast (PGM) Server.
MSMQ is not enabled by default. A user can check if MSMQ is running by looking for a service called ‘Message Queuing’.
A user can also check if TCP Port 1801 is listening on the machine.
This is the third month in a row that a critical vulnerability has been patched in MSMQ.

Technical subject matter experts that use Microsoft products should read the associated security update guides available for their products.

General users should consider enabling automatic patching of Microsoft products if they have not already done so. Read further advice Advice is available on the ASD's ACSC website.

Organisations or individuals that have been impacted or require assistance can contact us via 1300 CYBER1 (1300 292 371).