Published: Jun 13, 2023
Microsoft has just released the June 2023 Patch Tuesday updates for Windows 11 and Windows 10. On the security front, the software giant has fixed more than 60 vulnerabilities in Windows, Office, and other components, with six security flaws being rated as “critical.”
On the quality and experiences update front, Microsoft is adding Bluetooth Low Energy (LE) Audio support on Windows 11 version 22H2, and the company also addressed various bugs affecting Narrator, the touch keyboard, and more. Microsoft is also slightly tweaking how the taskbar searchbox works on Windows 10.
As pointed out by the Zero Day Initiative, Microsoft has fixed 69 new vulnerabilities this month, including six critical ones, though none of them are currently being exploited by attackers. Let’s take a look at the most important vulnerabilities Microsoft fixed this month:
You can find below the full list of security patches Microsoft released this month:
Product | Impact | Max Severity | Article | Download | Details |
Microsoft .NET Framework 3.5.1 | Denial of Service | Important | 5027540 | Monthly Rollup | CVE-2023-32030 |
Microsoft .NET Framework 3.5 | Denial of Service | Important | 5027542 | Monthly Rollup | CVE-2023-32030 |
Microsoft .NET Framework 3.0 Service Pack 2 | Denial of Service | Important | 5027543 | Monthly Rollup | CVE-2023-32030 |
Microsoft .NET Framework 2.0 Service Pack 2 | Denial of Service | Important | 5027543 | Monthly Rollup | CVE-2023-32030 |
Microsoft .NET Framework 3.5 and 4.6.2 | Denial of Service | Important | 5027230 | Security Update | CVE-2023-32030 |
Microsoft .NET Framework 4.6.2 | Denial of Service | Important | 5027543 | Monthly Rollup | CVE-2023-32030 |
Microsoft .NET Framework 3.5 AND 4.8.1 | Denial of Service | Important | 5027538 | Security Update | CVE-2023-32030 |
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 | Denial of Service | Important | 5027542 | Monthly Rollup | CVE-2023-32030 |
Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 | Denial of Service | Important | 5027219 | Security Update | CVE-2023-32030 |
Microsoft .NET Framework 3.5 AND 4.7.2 | Denial of Service | Important | 5027536 | Security Update | CVE-2023-32030 |
Microsoft .NET Framework 3.5 AND 4.8 | Denial of Service | Important | 5027538 | Security Update | CVE-2023-32030 |
Microsoft .NET Framework 4.8 | Denial of Service | Important | 5027542 | Monthly Rollup | CVE-2023-32030 |
NuGet 6.6.0 | Remote Code Execution | Important | Release Notes | Security Update | CVE-2023-29337 |
NuGet 6.0.4 | Remote Code Execution | Important | Release Notes | Security Update | CVE-2023-29337 |
NuGet 6.3.2 | Remote Code Execution | Important | Release Notes | Security Update | CVE-2023-29337 |
NuGet 6.5.0 | Remote Code Execution | Important | Release Notes | Security Update | CVE-2023-29337 |
NuGet 6.4.1 | Remote Code Execution | Important | Release Notes | Security Update | CVE-2023-29337 |
NuGet 6.2.3 | Remote Code Execution | Important | Release Notes | Security Update | CVE-2023-29337 |
Microsoft OneNote for Universal | Spoofing | Important | Release Notes | Security Update | CVE-2023-33140 |
Microsoft SharePoint Server 2019 | Elevation of Privilege | Critical | 5002402 | Security Update | CVE-2023-29357 |
Microsoft SharePoint Server Subscription Edition | Elevation of Privilege | Important | 5002416 | Security Update | CVE-2023-33142 |
Sysinternals Suite | Denial of Service | Low | Release Notes | Security Update | CVE-2023-29353 |
Microsoft Exchange Server 2019 Cumulative Update 13 | Remote Code Execution | Important | 5026261 | Security Update | CVE-2023-32031 |
Microsoft Office LTSC for Mac 2021 | Remote Code Execution | Important | Release Notes | Security Update | CVE-2023-33146 |
Microsoft 365 Apps for Enterprise for 64-bit Systems | Remote Code Execution | Important | Click to Run | Security Update | CVE-2023-33146 |
Microsoft 365 Apps for Enterprise for 32-bit Systems | Remote Code Execution | Important | Click to Run | Security Update | CVE-2023-33146 |
Microsoft Office 2019 for Mac | Remote Code Execution | Important | Release Notes | Security Update | CVE-2023-33146 |
Windows Sysinternals Process Monitor | Denial of Service | Low | Release Notes | Security Update | CVE-2023-29353 |
Microsoft Edge (Chromium-based) | Information Disclosure | Important | Release Notes | Security Update | CVE-2023-33145 |
Visual Studio Code | Spoofing | Important | Release Notes | Security Update | CVE-2023-33144 |
Azure DevOps Server 2022.0.1 | Spoofing | Moderate | Release Notes | Security Update | CVE-2023-21569 |
Azure DevOps Server 2020.1.2 | Spoofing | Important | Release Notes | Security Update | CVE-2023-21565 |
YARP 2.0 | Denial of Service | Important | Release Notes | Security Update | CVE-2023-33141 |
Microsoft Visual Studio 2022 version 17.6 | Remote Code Execution | Important | Release Notes | Security Update | CVE-2023-27911 |
Microsoft Visual Studio 2022 version 17.4 | Remote Code Execution | Important | Release Notes | Security Update | CVE-2023-27911 |
Microsoft Visual Studio 2022 version 17.2 | Remote Code Execution | Important | Release Notes | Security Update | CVE-2023-33128 |
Microsoft Visual Studio 2022 version 17.0 | Remote Code Execution | Important | Release Notes | Security Update | CVE-2023-33128 |
Microsoft Visual Studio 2015 Update 3 | Remote Code Execution | Important | 5026455 | Security Update | CVE-2023-27911 |
Microsoft Visual Studio 2013 Update 5 | Remote Code Execution | Important | 5026454 | Security Update | CVE-2023-27911 |
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 – 16.10) | Remote Code Execution | Important | Release Notes | Security Update | CVE-2023-27911 |
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 – 15.8) | Remote Code Execution | Important | Release Notes | Security Update | CVE-2023-27911 |
Microsoft Power Apps | Spoofing | Important | Information | Security Update | CVE-2023-32024 |
Microsoft Excel 2013 Service Pack 1 (64-bit editions) | Remote Code Execution | Important | 5002414 | Security Update | CVE-2023-33137 |
Microsoft Excel 2013 Service Pack 1 (32-bit editions) | Remote Code Execution | Important | 5002414 | Security Update | CVE-2023-33137 |
Microsoft Excel 2013 RT Service Pack 1 | Remote Code Execution | Important | 5002414 | Security Update | CVE-2023-33137 |
Microsoft Excel 2016 (64-bit edition) | Remote Code Execution | Important | 5002405 | Security Update | CVE-2023-33137 |
Microsoft Excel 2016 (32-bit edition) | Remote Code Execution | Important | 5002405 | Security Update | CVE-2023-33137 |
Microsoft Office Online Server | Remote Code Execution | Important | 5002401 | Security Update | CVE-2023-33137 |
Microsoft Office 2019 for 64-bit editions | Remote Code Execution | Important | Click to Run | Security Update | CVE-2023-33137 |
Microsoft Office 2019 for 32-bit editions | Remote Code Execution | Important | Click to Run | Security Update | CVE-2023-33137 |
.NET 7.0 | Elevation of Privilege | Important | 5027798 | Security Update | CVE-2023-33135 |
.NET 6.0 | Elevation of Privilege | Important | 5027797 | Security Update | CVE-2023-33135 |
Microsoft Office LTSC 2021 for 32-bit editions | Remote Code Execution | Important | Click to Run | Security Update | CVE-2023-33133 |
Microsoft Office LTSC 2021 for 64-bit editions | Remote Code Execution | Important | Click to Run | Security Update | CVE-2023-33133 |
Microsoft Outlook 2013 RT Service Pack 1 | Remote Code Execution | Important | 5002382 | Security Update | CVE-2023-33131 |
Microsoft Outlook 2013 (64-bit editions) | Remote Code Execution | Important | 5002387 | Security Update | CVE-2023-33131 |
Microsoft Outlook 2013 (32-bit editions) | Remote Code Execution | Important | 5002382 | Security Update | CVE-2023-33131 |
Microsoft Outlook 2016 (64-bit edition) | Remote Code Execution | Important | 5002387 | Security Update | CVE-2023-33131 |
Microsoft Outlook 2016 (32-bit edition) | Remote Code Execution | Important | 5002387 | Security Update | CVE-2023-33131 |
Microsoft SharePoint Enterprise Server 2016 | Denial of Service | Important | 5002404 | Security Update | CVE-2023-33129 |
Microsoft Exchange Server 2016 Cumulative Update 23 | Remote Code Execution | Important | 5025903 | Security Update | CVE-2023-32031 |
Microsoft Exchange Server 2019 Cumulative Update 12 | Remote Code Execution | Important | 5026261 | Security Update | CVE-2023-32031 |
Windows Server 2012 R2 (Server Core installation) | Security Feature Bypass | Important | 5027271 | Monthly Rollup | CVE-2023-32022 |
Windows Server 2012 R2 | Security Feature Bypass | Important | 5027271 | Monthly Rollup | CVE-2023-32022 |
Windows Server 2016 (Server Core installation) | Security Feature Bypass | Important | 5027219 | Security Update | CVE-2023-32022 |
Windows Server 2016 | Security Feature Bypass | Important | 5027219 | Security Update | CVE-2023-32022 |
Windows Server 2022 (Server Core installation) | Security Feature Bypass | Important | 5027225 | Security Update | CVE-2023-32022 |
Windows Server 2022 | Security Feature Bypass | Important | 5027225 | Security Update | CVE-2023-32022 |
Windows Server 2019 (Server Core installation) | Security Feature Bypass | Important | 5027222 | Security Update | CVE-2023-32022 |
Windows Server 2019 | Security Feature Bypass | Important | 5027222 | Security Update | CVE-2023-32022 |
Windows Server 2012 (Server Core installation) | Spoofing | Important | 5027283 | Monthly Rollup | CVE-2023-32020 |
Windows Server 2012 | Spoofing | Important | 5027283 | Monthly Rollup | CVE-2023-32020 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | Spoofing | Important | 5027275 | Monthly Rollup | CVE-2023-32020 |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | Spoofing | Important | 5027275 | Monthly Rollup | CVE-2023-32020 |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | Spoofing | Important | 5027279 | Monthly Rollup | CVE-2023-32020 |
Windows Server 2008 for x64-based Systems Service Pack 2 | Spoofing | Important | 5027279 | Monthly Rollup | CVE-2023-32020 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | Spoofing | Important | 5027279 | Monthly Rollup | CVE-2023-32020 |
Windows Server 2008 for 32-bit Systems Service Pack 2 | Spoofing | Important | 5027279 | Monthly Rollup | CVE-2023-32020 |
Windows 10 Version 1607 for x64-based Systems | Information Disclosure | Important | 5027219 | Security Update | CVE-2023-32019 |
Windows 10 Version 1607 for 32-bit Systems | Information Disclosure | Important | 5027219 | Security Update | CVE-2023-32019 |
Windows 10 Version 22H2 for 32-bit Systems | Information Disclosure | Important | 5027215 | Security Update | CVE-2023-32019 |
Windows 10 Version 22H2 for ARM64-based Systems | Information Disclosure | Important | 5027215 | Security Update | CVE-2023-32019 |
Windows 10 Version 22H2 for x64-based Systems | Information Disclosure | Important | 5027215 | Security Update | CVE-2023-32019 |
Windows 11 Version 22H2 for x64-based Systems | Information Disclosure | Important | 5027231 | Security Update | CVE-2023-32019 |
Windows 11 Version 22H2 for ARM64-based Systems | Information Disclosure | Important | 5027231 | Security Update | CVE-2023-32019 |
Windows 10 Version 21H2 for x64-based Systems | Information Disclosure | Important | 5027215 | Security Update | CVE-2023-32019 |
Windows 10 Version 21H2 for ARM64-based Systems | Information Disclosure | Important | 5027215 | Security Update | CVE-2023-32019 |
Windows 10 Version 21H2 for 32-bit Systems | Information Disclosure | Important | 5027215 | Security Update | CVE-2023-32019 |
Windows 11 version 21H2 for ARM64-based Systems | Information Disclosure | Important | 5027223 | Security Update | CVE-2023-32019 |
Windows 11 version 21H2 for x64-based Systems | Information Disclosure | Important | 5027223 | Security Update | CVE-2023-32019 |
Windows 10 Version 1809 for ARM64-based Systems | Information Disclosure | Important | 5027222 | Security Update | CVE-2023-32019 |
Windows 10 Version 1809 for x64-based Systems | Information Disclosure | Important | 5027222 | Security Update | CVE-2023-32019 |
Windows 10 Version 1809 for 32-bit Systems | Information Disclosure | Important | 5027222 | Security Update | CVE-2023-32019 |
Windows 10 for x64-based Systems | Remote Code Execution | Important | 5027230 | Security Update | CVE-2023-32017 |
Windows 10 for 32-bit Systems | Remote Code Execution | Important | 5027230 | Security Update | CVE-2023-32017 |
Remote Desktop client for Windows Desktop | Remote Code Execution | Important | Release Notes | Security Update | CVE-2023-29362 |
Dynamics 365 for Finance and Operations | Spoofing | Important | CVE-2023-24896 | ||
Microsoft Visual Studio 2022 version 17.5 | Elevation of Privilege | Moderate | Release Notes | Security Update | CVE-2023-24936 |
Azure DevOps Server 2022 | Spoofing | Important | Release Notes | Security Update | CVE-2023-21565 |
For users running Windows 11 version 22H2, today’s KB5027231 patch adds support for Bluetooth Low Energy audio. When using compatible Bluetooth headphones, users should get better audio quality and also see their battery last longer. Microsoft has also updated the Setting app to display the full amount of storage capacity across all of a user’s OneDrive subscriptions.
On the quality front, users should no longer encounter issues when saving, copying, or attaching files using 32-bit apps that are large address aware and use the CopyFile API. Moreover, this update fixed an issue causing the touch keyboard to not show the correct layout based on the current input scope. Lastly, Narrator should now announce text attributes correctly for words such as “misspelled,” “deletion change,” and “comment.”
At its Build conference last month, Microsoft detailed new features coming to Windows 11 as part of the “Moment 3” update. The list of changes includes a glanceable VPN icon on the taskbar, new privacy settings for presence-sensing features, as well as support for 10 additional languages for live captions. These “Moment 3” features are rolling out to consumers via a “controlled feature rollout” (CFR), and Microsoft said that they would be enabled by default in the June 2023 optional non-security preview release coming later this month.
In the meantime, consumers who have turned on the new Windows Update toggle for getting the latest updates as soon as they’re available can get these Moment 3 features without waiting. This new Windows Update toggle is disabled on managed devices, but IT pros can access these new features now via the Windows Insider Program Release Preview channel.
For Windows 10 users, today’s KB5027215 patch will make the taskbar search box always appear when users choose to have a top, bottom, regular, or small icons taskbar. Moreover, this update now displays up to three high-priority toast notifications at the same time.
Lastly, today also marks the end of support for Windows 10 version 21H2 for Home and Pro users. However, the Enterprise and Education editions of this OS will be supported until June 2024.
Organizations looking to deploy this month’s patches should conduct thorough testing before deploying them widely on production systems. That said, applying the patches widely shouldn’t be delayed longer than necessary as hackers start to work out how to weaponize newly reported vulnerabilities.
A best practice is to make sure you have backed up systems before applying updates. Every month, users experience issues with Windows updates that lead to systems not booting, application and hardware compatibility issues, or even data loss in extreme cases.
There are backup tools built into Windows and Windows Server that you can use to restore systems in the event a patch causes a problem. The backup features in Windows can be used to restore an entire system, or files and folders on a granular basis.
If you have any problems with this month’s patches, please let us know in the comments below. Other readers might be able to share their experiences in how to roll back problematic updates or mitigate issues caused by patches that are important to have in place.