This week, Microsoft released security updates for several vulnerabilities, honing in on four in particular. CVE-2023-29357, CVE-2023-32014, and CVE-2023-32015 are three vulnerabilities found in Windows Pragmatic General Multicast (PGM), which is used to deliver packets between multiple network members. All the vulnerabilities have a CVSS score of 9.8/10.  

Unauthenticated attackers can exploit CVE-2023-29357, CVE-2023-32014, and CVE-2023-32015 by remotely executing code on an affected system. Although the flaws have not been exploited, Windows network administrators should keep an eye on them since they don’t have a patch yet.  

According to Microsoft, all three vulnerabilities have a low attack complexity. In a PGM Server environment running a Windows message queuing service, an attacker could exploit the vulnerabilities and achieve remote code execution by sending a specifically crafted file over the network and attempting to trigger malicious code. 

Additionally, Microsoft has addressed a critical vulnerability (CVE-2023-29357) discovered in Microsoft SharePoint Server. This bug, with a CVSS score of 9.8, can be exploited by an unauthenticated remote attacker who is on the same network. If successfully exploited, the attacker could gain administrative privileges on an internal SharePoint server. Please see the recommendations below for mitigations and patch guidance.  



avertium's recommendationS

  • For further details and for patch guidance for CVE-2023-29357, CVE-2023-32014, and CVE-2023-32015, please see the following links:  
  • To mitigate CVE-2023-29357, CVE-2023-32014, and CVE-2023-32015, Microsoft recommends the following: 
    • The Windows message queuing service, which is a Windows component, needs to be enabled for a system to be exploitable by this vulnerability. This feature can be added via the Control Panel. 
    • You can check to see if there is a service running named Message Queuing and TCP port 1801 is listening on the machine. 
  • For further details regarding mitigation and patch guidance for CVE-2023-29357, please see the following link:  



At this time, there are no known IoCs associated with CVE-2023-29357, CVE-2023-32014, CVE-2023-32015, and CVE-2023-29357.  Avertium’s threat hunters remain vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.   



How Avertium is Protecting Our CUSTOMERS

  • Expanding endpoints, cloud computing environments, and accelerated digital transformation have decimated the perimeter in an ever-expanding attack surface. Avertium offers Attack Surface Management, so you’ll have no more blind spots, weak links, or fire drills. 
  • Fusion MXDR is the first MDR offering that fuse together all aspects of security operations into a living, breathing, threat-resistant XDR solution. By fusing insights from threat intelligence, security assessments, and vulnerability management into our MDR approach, Fusion MXDR offers a more informed, robust, and cost-effective approach to cybersecurity – one that is greater than the sum of its parts. 



CVE-2023-29363 - Security Update Guide - Microsoft - Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability 

CVE-2023-32015 - Security Update Guide - Microsoft - Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability 

CVE-2023-32014 - Security Update Guide - Microsoft - Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability 

Microsoft Patch Tuesday, June 2023 Edition – Krebs on Security 

CVE-2023-29357 - Security Update Guide - Microsoft - Microsoft SharePoint Server Elevation of Privilege Vulnerability 

Microsoft Patches Critical Windows Vulns, Warns of Code Execution Risks - SecurityWeek 

Chat With One of Our Experts

microsoft Flash Notice Microsoft Vulnerability Critical Vulnerability High-Severity Vulnerability Blog