Microsoft has released a large batch of software updates to address significant security vulnerabilities in its Windows operating system and software components. The Patch Tuesday updates target 70 documented vulnerabilities, including six critical issues that pose risks of code execution attacks.
Although none of the vulnerabilities have been publicly exploited, Windows network administrators are advised to focus on three highly critical bugs in Windows Pragmatic General Multicast (PGM) protocol. These PGM vulnerabilities, tracked as CVE-2023-29363, CVE-2023-32014, and CVE-2023-32015, can be exploited remotely by unauthenticated attackers to execute code on affected systems.
Experts highlight another critical bug, CVE-2023-32021, in Microsoft Exchange Server, which allows attackers to bypass previously exploited issues. Although an attacker requires an account on the Exchange server to exploit this vulnerability, successful exploitation could result in code execution with SYSTEM privileges.
Additionally, the June patch batch addresses CVE-2023-3079, a type confusion flaw in Chrome (Chromium) that has already been exploited in malware attacks.
Coinciding with Microsoft’s updates, Adobe has also released patches for critical flaws in multiple products, including Adobe Commerce. Adobe identified 12 security problems in Adobe Commerce, warning that exploitation could lead to arbitrary code execution, security feature bypass, and arbitrary file system read.
The vulnerabilities affect both Adobe Commerce and Magento Open Source products, although no known exploits have been reported for the addressed issues.
