Microsoft released a monthly security update as part of the June “Tuesday of corrections”, eliminating 51 vulnerabilities at once. Of these, one received the classification of “Critical” (CVSS above 9 points), and the remaining 50 – “Important” (CVSS above 4 points).
The number of errors in each category of vulnerabilities is indicated below:
- 25 vulnerabilities with an increase in privileges
- 18 of the vulnerabilities of the remote execution of the code
- 5 vulnerabilities such as “Refusal to Service”
- 3 vulnerabilities of information disclosure
In addition to the last month, 17 vulnerabilities in the edge browser based on Chromium were eliminated.
The critical vulnerability in the Microsoft Message Queuing (MSMQ) service with the identifier and the CVSS 9.8 rating allows a remote attacker to execute arbitrary code on the server. For successful operation, hackers need to send a specially formed MSMQ malicious package to the server.
Also, among noticeable vulnerabilities, remote code execution errors in Microsoft Outlook (CVSS 8.8), Wi-Fi driver Windows (CVSS 8.8) and several vulnerabilities in raising privileges in the Win32 Kernel subsystem, Windows Cloud Files Mini-filter, and other components.
One of the vulnerabilities, cve-2023-50868 (CVSS 7.5), is associated with the refusal to maintain DNSSEC in the validation process, which can cause CPU overload on the DNSSEC-watering resolver. This vulnerability was identified by researchers from the National Center for Applied Cybersecurity (Athene) in February.
Tyler Reg, Deputy Director for Security Research in Fortra, noted: “N