Patch Now: Microsoft Fixes Critical SharePoint RCE and Dozens of High-Impact Bugs
Microsoft has released its latest security update, addressing a substantial number of vulnerabilities across its product ecosystem. This month’s patch cycle is particularly noteworthy, tackling 60 security flaws, including 12 rated as “Critical.” System administrators and security teams should act quickly, as the update patches a severe Remote Code Execution (RCE) vulnerability in Microsoft SharePoint Server.
This wave of fixes covers a wide range of essential software, including Windows, Office, Exchange Server, Azure, and Microsoft Dynamics. Prioritizing these updates is crucial to defending against potential exploitation by malicious actors.
The Headliner: Critical SharePoint Remote Code Execution (RCE) Vulnerability
The most urgent threat addressed in this update is a critical Remote Code Execution (RCE) vulnerability in Microsoft SharePoint Server. Tracked as CVE-2023-29357, this flaw could allow an authenticated attacker with “Site Owner” privileges to execute arbitrary code on the server.
Here’s what makes this so dangerous:
- Authenticated, but Low-Complexity: While an attacker needs to be authenticated, the attack itself is considered low in complexity.
- Complete System Takeover: A successful RCE attack essentially hands over control of the SharePoint server to the attacker, enabling them to steal sensitive data, deploy malware, or pivot to other areas of your network.
- High Priority for Patching: Any organization using SharePoint Server must prioritize the deployment of this patch immediately to mitigate the risk.
A Closer Look at Other Critical Vulnerabilities
Beyond the SharePoint flaw, several other critical vulnerabilities demand immediate attention. These bugs open the door to remote code execution, which is among the most severe types of security risks.
Key critical vulnerabilities fixed this month include:
- Windows Pragmatic General Multicast (PGM): Identified as CVE-2023-29363, this RCE vulnerability affects the PGM protocol, which is used for reliable multicast data transmission. A specially crafted file sent over the network could trigger remote code execution on a vulnerable machine, making it a “wormable” threat that could spread rapidly without user interaction.
- Windows Secure Channel: Two critical RCE vulnerabilities (CVE-2023-24941 and CVE-2023-28283) were patched in the Windows Secure Channel security package. These could allow a remote attacker to execute code by winning a race condition, making them complex but highly impactful if exploited.
- Microsoft Exchange Server: A critical bug (CVE-2023-21707) was addressed that could lead to remote code execution. This continues a trend of critical patches for Exchange, underscoring the importance of keeping mail servers fully updated at all times.
No Actively Exploited Zero-Days This Month
In a spot of good news, none of the vulnerabilities fixed in this update were listed as being actively exploited in the wild at
Source: https://go.theregister.com/feed/www.theregister.com/2025/08/12/august_patch_tuesday/
