Microsoft Releases June 2023 Patch Tuesday Updates

Windows 11

Microsoft has just released the June 2023 Patch Tuesday updates for Windows 11 and Windows 10. On the security front, the software giant has fixed more than 60 vulnerabilities in Windows, Office, and other components, with six security flaws being rated as “critical.”

On the quality and experiences update front, Microsoft is adding Bluetooth Low Energy (LE) Audio support on Windows 11 version 22H2, and the company also addressed various bugs affecting Narrator, the touch keyboard, and more. Microsoft is also slightly tweaking how the taskbar searchbox works on Windows 10.

69 vulnerabilities fixed with the June 2023 Patch Tuesday updates

As pointed out by the Zero Day Initiative, Microsoft has fixed 69 new vulnerabilities this month, including six critical ones, though none of them are currently being exploited by attackers. Let’s take a look at the most important vulnerabilities Microsoft fixed this month:

  • CVE-2023-24897: This is a critical .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability.
  • CVE-2023-29357: This critical Microsoft SharePoint Server Elevation of Privilege Vulnerability allows attackers who gained access to spoofed JWT authentication tokens to execute a network attack that bypasses authentication, allowing them to gain access to the privileges of an authenticated user.
  • CVE-2023-32013: Microsoft said that the attack complexity for this critical Windows Hyper-V Denial of Service Vulnerability is high, and it requires an attacker to “prepare the target environment to improve exploit reliability.”
  • CVE-2023-29363: This critical Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability can allow attackers to trigger malicious code by sending a specially crafted file over the network when the Windows message queuing service is running in a PGM Server environment.

You can find below the full list of security patches Microsoft released this month: 

ProductImpactMax SeverityArticleDownloadDetails
Microsoft .NET Framework 3.5.1Denial of ServiceImportant5027540Monthly RollupCVE-2023-32030
Microsoft .NET Framework 3.5Denial of ServiceImportant5027542Monthly RollupCVE-2023-32030
Microsoft .NET Framework 3.0 Service Pack 2Denial of ServiceImportant5027543Monthly RollupCVE-2023-32030
Microsoft .NET Framework 2.0 Service Pack 2Denial of ServiceImportant5027543Monthly RollupCVE-2023-32030
Microsoft .NET Framework 3.5 and 4.6.2Denial of ServiceImportant5027230Security UpdateCVE-2023-32030
Microsoft .NET Framework 4.6.2Denial of ServiceImportant5027543Monthly RollupCVE-2023-32030
Microsoft .NET Framework 3.5 AND 4.8.1Denial of ServiceImportant5027538Security UpdateCVE-2023-32030
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2Denial of ServiceImportant5027542Monthly RollupCVE-2023-32030
Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2Denial of ServiceImportant5027219Security UpdateCVE-2023-32030
Microsoft .NET Framework 3.5 AND 4.7.2Denial of ServiceImportant5027536Security UpdateCVE-2023-32030
Microsoft .NET Framework 3.5 AND 4.8Denial of ServiceImportant5027538Security UpdateCVE-2023-32030
Microsoft .NET Framework 4.8Denial of ServiceImportant5027542Monthly RollupCVE-2023-32030
NuGet 6.6.0Remote Code ExecutionImportantRelease NotesSecurity UpdateCVE-2023-29337
NuGet 6.0.4Remote Code ExecutionImportantRelease NotesSecurity UpdateCVE-2023-29337
NuGet 6.3.2Remote Code ExecutionImportantRelease NotesSecurity UpdateCVE-2023-29337
NuGet 6.5.0Remote Code ExecutionImportantRelease NotesSecurity UpdateCVE-2023-29337
NuGet 6.4.1Remote Code ExecutionImportantRelease NotesSecurity UpdateCVE-2023-29337
NuGet 6.2.3Remote Code ExecutionImportantRelease NotesSecurity UpdateCVE-2023-29337
Microsoft OneNote for UniversalSpoofingImportantRelease NotesSecurity UpdateCVE-2023-33140
Microsoft SharePoint Server 2019Elevation of PrivilegeCritical5002402Security UpdateCVE-2023-29357
Microsoft SharePoint Server Subscription EditionElevation of PrivilegeImportant5002416Security UpdateCVE-2023-33142
Sysinternals SuiteDenial of ServiceLowRelease NotesSecurity UpdateCVE-2023-29353
Microsoft Exchange Server 2019 Cumulative Update 13Remote Code ExecutionImportant5026261Security UpdateCVE-2023-32031
Microsoft Office LTSC for Mac 2021Remote Code ExecutionImportantRelease NotesSecurity UpdateCVE-2023-33146
Microsoft 365 Apps for Enterprise for 64-bit SystemsRemote Code ExecutionImportantClick to RunSecurity UpdateCVE-2023-33146
Microsoft 365 Apps for Enterprise for 32-bit SystemsRemote Code ExecutionImportantClick to RunSecurity UpdateCVE-2023-33146
Microsoft Office 2019 for MacRemote Code ExecutionImportantRelease NotesSecurity UpdateCVE-2023-33146
Windows Sysinternals Process MonitorDenial of ServiceLowRelease NotesSecurity UpdateCVE-2023-29353
Microsoft Edge (Chromium-based)Information DisclosureImportantRelease NotesSecurity UpdateCVE-2023-33145
Visual Studio CodeSpoofingImportantRelease NotesSecurity UpdateCVE-2023-33144
Azure DevOps Server 2022.0.1SpoofingModerateRelease NotesSecurity UpdateCVE-2023-21569
Azure DevOps Server 2020.1.2SpoofingImportantRelease NotesSecurity UpdateCVE-2023-21565
YARP 2.0Denial of ServiceImportantRelease NotesSecurity UpdateCVE-2023-33141
Microsoft Visual Studio 2022 version 17.6Remote Code ExecutionImportantRelease NotesSecurity UpdateCVE-2023-27911
Microsoft Visual Studio 2022 version 17.4Remote Code ExecutionImportantRelease NotesSecurity UpdateCVE-2023-27911
Microsoft Visual Studio 2022 version 17.2Remote Code ExecutionImportantRelease NotesSecurity UpdateCVE-2023-33128
Microsoft Visual Studio 2022 version 17.0Remote Code ExecutionImportantRelease NotesSecurity UpdateCVE-2023-33128
Microsoft Visual Studio 2015 Update 3Remote Code ExecutionImportant5026455Security UpdateCVE-2023-27911
Microsoft Visual Studio 2013 Update 5Remote Code ExecutionImportant5026454Security UpdateCVE-2023-27911
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 – 16.10)Remote Code ExecutionImportantRelease NotesSecurity UpdateCVE-2023-27911
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 – 15.8)Remote Code ExecutionImportantRelease NotesSecurity UpdateCVE-2023-27911
Microsoft Power AppsSpoofingImportantInformationSecurity UpdateCVE-2023-32024
Microsoft Excel 2013 Service Pack 1 (64-bit editions)Remote Code ExecutionImportant5002414Security UpdateCVE-2023-33137
Microsoft Excel 2013 Service Pack 1 (32-bit editions)Remote Code ExecutionImportant5002414Security UpdateCVE-2023-33137
Microsoft Excel 2013 RT Service Pack 1Remote Code ExecutionImportant5002414Security UpdateCVE-2023-33137
Microsoft Excel 2016 (64-bit edition)Remote Code ExecutionImportant5002405Security UpdateCVE-2023-33137
Microsoft Excel 2016 (32-bit edition)Remote Code ExecutionImportant5002405Security UpdateCVE-2023-33137
Microsoft Office Online ServerRemote Code ExecutionImportant5002401Security UpdateCVE-2023-33137
Microsoft Office 2019 for 64-bit editionsRemote Code ExecutionImportantClick to RunSecurity UpdateCVE-2023-33137
Microsoft Office 2019 for 32-bit editionsRemote Code ExecutionImportantClick to RunSecurity UpdateCVE-2023-33137
.NET 7.0Elevation of PrivilegeImportant5027798Security UpdateCVE-2023-33135
.NET 6.0Elevation of PrivilegeImportant5027797Security UpdateCVE-2023-33135
Microsoft Office LTSC 2021 for 32-bit editionsRemote Code ExecutionImportantClick to RunSecurity UpdateCVE-2023-33133
Microsoft Office LTSC 2021 for 64-bit editionsRemote Code ExecutionImportantClick to RunSecurity UpdateCVE-2023-33133
Microsoft Outlook 2013 RT Service Pack 1Remote Code ExecutionImportant5002382Security UpdateCVE-2023-33131
Microsoft Outlook 2013 (64-bit editions)Remote Code ExecutionImportant5002387Security UpdateCVE-2023-33131
Microsoft Outlook 2013 (32-bit editions)Remote Code ExecutionImportant5002382Security UpdateCVE-2023-33131
Microsoft Outlook 2016 (64-bit edition)Remote Code ExecutionImportant5002387Security UpdateCVE-2023-33131
Microsoft Outlook 2016 (32-bit edition)Remote Code ExecutionImportant5002387Security UpdateCVE-2023-33131
Microsoft SharePoint Enterprise Server 2016Denial of ServiceImportant5002404Security UpdateCVE-2023-33129
Microsoft Exchange Server 2016 Cumulative Update 23Remote Code ExecutionImportant5025903Security UpdateCVE-2023-32031
Microsoft Exchange Server 2019 Cumulative Update 12Remote Code ExecutionImportant5026261Security UpdateCVE-2023-32031
Windows Server 2012 R2 (Server Core installation)Security Feature BypassImportant5027271Monthly RollupCVE-2023-32022
Windows Server 2012 R2Security Feature BypassImportant5027271Monthly RollupCVE-2023-32022
Windows Server 2016 (Server Core installation)Security Feature BypassImportant5027219Security UpdateCVE-2023-32022
Windows Server 2016Security Feature BypassImportant5027219Security UpdateCVE-2023-32022
Windows Server 2022 (Server Core installation)Security Feature BypassImportant5027225Security UpdateCVE-2023-32022
Windows Server 2022Security Feature BypassImportant5027225Security UpdateCVE-2023-32022
Windows Server 2019 (Server Core installation)Security Feature BypassImportant5027222Security UpdateCVE-2023-32022
Windows Server 2019Security Feature BypassImportant5027222Security UpdateCVE-2023-32022
Windows Server 2012 (Server Core installation)SpoofingImportant5027283Monthly RollupCVE-2023-32020
Windows Server 2012SpoofingImportant5027283Monthly RollupCVE-2023-32020
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)SpoofingImportant5027275Monthly RollupCVE-2023-32020
Windows Server 2008 R2 for x64-based Systems Service Pack 1SpoofingImportant5027275Monthly RollupCVE-2023-32020
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)SpoofingImportant5027279Monthly RollupCVE-2023-32020
Windows Server 2008 for x64-based Systems Service Pack 2SpoofingImportant5027279Monthly RollupCVE-2023-32020
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)SpoofingImportant5027279Monthly RollupCVE-2023-32020
Windows Server 2008 for 32-bit Systems Service Pack 2SpoofingImportant5027279Monthly RollupCVE-2023-32020
Windows 10 Version 1607 for x64-based SystemsInformation DisclosureImportant5027219Security UpdateCVE-2023-32019
Windows 10 Version 1607 for 32-bit SystemsInformation DisclosureImportant5027219Security UpdateCVE-2023-32019
Windows 10 Version 22H2 for 32-bit SystemsInformation DisclosureImportant5027215Security UpdateCVE-2023-32019
Windows 10 Version 22H2 for ARM64-based SystemsInformation DisclosureImportant5027215Security UpdateCVE-2023-32019
Windows 10 Version 22H2 for x64-based SystemsInformation DisclosureImportant5027215Security UpdateCVE-2023-32019
Windows 11 Version 22H2 for x64-based SystemsInformation DisclosureImportant5027231Security UpdateCVE-2023-32019
Windows 11 Version 22H2 for ARM64-based SystemsInformation DisclosureImportant5027231Security UpdateCVE-2023-32019
Windows 10 Version 21H2 for x64-based SystemsInformation DisclosureImportant5027215Security UpdateCVE-2023-32019
Windows 10 Version 21H2 for ARM64-based SystemsInformation DisclosureImportant5027215Security UpdateCVE-2023-32019
Windows 10 Version 21H2 for 32-bit SystemsInformation DisclosureImportant5027215Security UpdateCVE-2023-32019
Windows 11 version 21H2 for ARM64-based SystemsInformation DisclosureImportant5027223Security UpdateCVE-2023-32019
Windows 11 version 21H2 for x64-based SystemsInformation DisclosureImportant5027223Security UpdateCVE-2023-32019
Windows 10 Version 1809 for ARM64-based SystemsInformation DisclosureImportant5027222Security UpdateCVE-2023-32019
Windows 10 Version 1809 for x64-based SystemsInformation DisclosureImportant5027222Security UpdateCVE-2023-32019
Windows 10 Version 1809 for 32-bit SystemsInformation DisclosureImportant5027222Security UpdateCVE-2023-32019
Windows 10 for x64-based SystemsRemote Code ExecutionImportant5027230Security UpdateCVE-2023-32017
Windows 10 for 32-bit SystemsRemote Code ExecutionImportant5027230Security UpdateCVE-2023-32017
Remote Desktop client for Windows DesktopRemote Code ExecutionImportantRelease NotesSecurity UpdateCVE-2023-29362
Dynamics 365 for Finance and OperationsSpoofingImportantCVE-2023-24896
Microsoft Visual Studio 2022 version 17.5Elevation of PrivilegeModerateRelease NotesSecurity UpdateCVE-2023-24936
Azure DevOps Server 2022SpoofingImportantRelease NotesSecurity UpdateCVE-2023-21565

Quality and experiences updates

For users running Windows 11 version 22H2, today’s KB5027231 patch adds support for Bluetooth Low Energy audio. When using compatible Bluetooth headphones, users should get better audio quality and also see their battery last longer. Microsoft has also updated the Setting app to display the full amount of storage capacity across all of a user’s OneDrive subscriptions. 

On the quality front, users should no longer encounter issues when saving, copying, or attaching files using 32-bit apps that are large address aware and use the CopyFile API.  Moreover, this update fixed an issue causing the touch keyboard to not show the correct layout based on the current input scope. Lastly, Narrator should now announce text attributes correctly for words such as “misspelled,” “deletion change,” and “comment.”

At its Build conference last month, Microsoft detailed new features coming to Windows 11 as part of the “Moment 3” update. The list of changes includes a glanceable VPN icon on the taskbar, new privacy settings for presence-sensing features, as well as support for 10 additional languages for live captions. These “Moment 3” features are rolling out to consumers via a “controlled feature rollout” (CFR), and Microsoft said that they would be enabled by default in the June 2023 optional non-security preview release coming later this month.

The "Moment 3" update will add a new VPN icon to the system tray area of the taskbar
The “Moment 3” update will add a new VPN icon to the system tray area of the taskbar (image credit: Microsoft)

In the meantime, consumers who have turned on the new Windows Update toggle for getting the latest updates as soon as they’re available can get these Moment 3 features without waiting. This new Windows Update toggle is disabled on managed devices, but IT pros can access these new features now via the Windows Insider Program Release Preview channel. 

For Windows 10 users, today’s KB5027215 patch will make the taskbar search box always appear when users choose to have a top, bottom, regular, or small icons taskbar. Moreover, this update now displays up to three high-priority toast notifications at the same time. 

Lastly, today also marks the end of support for Windows 10 version 21H2 for Home and Pro users. However, the Enterprise and Education editions of this OS will be supported until June 2024. 

Windows Update testing and best practices

Organizations looking to deploy this month’s patches should conduct thorough testing before deploying them widely on production systems. That said, applying the patches widely shouldn’t be delayed longer than necessary as hackers start to work out how to weaponize newly reported vulnerabilities.

A best practice is to make sure you have backed up systems before applying updates. Every month, users experience issues with Windows updates that lead to systems not booting, application and hardware compatibility issues, or even data loss in extreme cases.

There are backup tools built into Windows and Windows Server that you can use to restore systems in the event a patch causes a problem. The backup features in Windows can be used to restore an entire system, or files and folders on a granular basis.

If you have any problems with this month’s patches, please let us know in the comments below. Other readers might be able to share their experiences in how to roll back problematic updates or mitigate issues caused by patches that are important to have in place.