This Report perpared by : Hazem Mohamed- IT SysAdmins Egypt Blog Founder
This is June – Tuesday Microsoft Security updates:
Microsoft announcement regarding Windows clients: Starting in April 2023, optional, non-security preview updates will release on the fourth Tuesday of the month.
*****Note: till now there no anyone reports any issues or bugs after installing this month’s patches.
I have gathered the information about June security updates :
| CVEs |
| Microsoft’s June 2023 Tuesday Updates, Microsoft released patches to 69 vulnerabilities,
There are no zero-day vulnerabilities announced by Microsoft with the June patch Tuesday.
This list of CVEs only for Windows Server 2016 :has 28 CVEs: 3 Critical and 25 Important Critical CVEs : |
| KBs for Windows Servers and Clients |
| 1- KB5023788 (March-Servicing stack update) –> Windows Servers 2016
2- KB5027219 (Monthly Security Update)–> Windows Servers 2019 3- KB5027271 (Monthly Rollup) –> Windows Servers 2012 R2 4- KB5027282 (Monthly Security Update) –> Windows Servers 2012 R2 5- KB5027225 (Monthly Security Update) –> Windows Servers 2022 6- KB5027215 (Monthly Security Update) –> Windows 10 Version 22H2 for x64-based Systems. 7- KB5027231 (Monthly Security Update) –> Windows 11 Version 22H2 for x64-based Systems |
| Exchange Security Updates |
| KB5025903 —> for Exchange 2016 CU23
KB5026261 —> for Exchange 2019 CU13 and CU12 |
Some information about some KBs ( Not all KBs)
1- KB5023788 (Servicing stack update)
Before installing Security updates:
Recommended to take a backup of the Operating System to avoid any bugs infecting your system..
Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security updates.
the latest SSU (KB5023788) as mentioned …
- 2- KB5027219 (Monthly security update Windows Server 2016):
Highlights:
- This update addresses security issues for your Windows operating system.
Improvements:
This security update includes quality improvements. When you install this KB:
- This update addresses an issue that might cause a memory leak. The leak might occur during prolonged Remote Desktop audio redirection.
- This update addresses an issue that affects the Windows Kernel. This issue is related to CVE-2023-32019. To learn more, see KB5028407.
If you installed earlier updates, only the new updates contained in this package will be downloaded and installed on your device.
For more information about security vulnerabilities, please refer to the new Security Update Guide website and the June 2023 Security Updates..
Known issues in this update :
Microsoft is not currently aware of any issues with this update.
3- KB5025903 Exchange 2016 CU23 Security Updates:
his security update rollup resolves vulnerabilities in Microsoft Exchange Server. To learn more about these vulnerabilities, see the following Common Vulnerabilities and Exposures (CVE):
Issues that are fixed in this update
- Extended Protection doesn’t support Public Folder Client Permission Management through Outlook
- Microsoft Exchange Replication service crashes on host server
- Store Worker process crashes and returns “System.NullReferenceExceptions” multiple times per day
- Exchange won’t uninstall after the January Security Update (KB5022143) is applied
It’s required to enable Extended Protection in Exchange Server:
To enable Extended Protection on Exchange-based servers, see Extended Protection enabled in Exchange Server (KB5017260).
Microsoft Patched 70 CVEs in its June Patch Tuesday Release, with six rated as critical, 62 rated as important, 1 rated as moderate and 1 rated as low. As part of its Patch Tuesday release, Microsoft published several non-Microsoft CVEs including five vulnerabilities for GitHub and three vulnerabilities for AutoDesk. We did not include these advisories in our overall Patch Tuesday counts.
This month’s update includes patches for:
- .NET Core
- 3D Builder
- Azure Service Fabric Container
- Microsoft Bluetooth Driver
- Microsoft Edge (Chromium-based)
- Microsoft Exchange Server
- Microsoft Graphics Component
- Microsoft Local Security Authority Server (lsasrv)
- Microsoft Message Queuing
- Microsoft Office
- Microsoft Office SharePoint
- Microsoft Office Visio
- Microsoft WDAC OLE DB provider for SQL
- Visual Studio Code
- Windows ALPC
- Windows Ancillary Function Driver for WinSock
- Windows Authentication Methods
- Windows Backup Engine
- Windows Bind Filter Driver
- Windows BitLocker
- Windows Boot Manager
- Windows Credential Manager
- Windows Cryptographic Services
- Windows DWM Core Library
- Windows Error Reporting
- Windows Event Tracing
- Windows IKE Extension
- Windows Installer
- Windows Internet Key Exchange (IKE) Protocol
- Windows iSCSI
- Windows Kernel
- Windows Layer 2 Tunneling Protocol
- Windows LDAP – Lightweight Directory Access Protocol
- Windows Local Security Authority (LSA)
- Windows Local Session Manager (LSM)
- Windows Malicious Software Removal Tool
- Windows Management Instrumentation
- Windows MSCryptDImportKey
- Windows NTLM
- Windows ODBC Driver
- Windows Overlay Filter
- Windows Point-to-Point Tunneling Protocol
- Windows Print Spooler Components
- Windows Remote Access Service L2TP Driver
- Windows RPC API
- Windows Secure Socket Tunneling Protocol (SSTP)
- Windows Smart Card
- Windows Task Scheduler
- Windows Virtual Registry Provider
- Windows Workstation Service
References:
https://msrc.microsoft.com/update-guide/
https://msrc.microsoft.com/update-guide/en-us/releaseNote/2023-May
Best Regards,
Hazem Mohamed – SC & BC
hmohamed200@gmail.com
