CVE-2023-32014
published 2023-06-14CVE-2023-32014: Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.94%
77.5th percentile
Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
Affected
41 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10_1507 | < 10.0.10240.19983 | 10.0.10240.19983 |
| microsoft | windows_10_1607 | < 10.0.14393.5989 | 10.0.14393.5989 |
| microsoft | windows_10_1809 | < 10.0.17763.4499 | 10.0.17763.4499 |
| microsoft | windows_10_21h2 | < 10.0.19044.3086 | 10.0.19044.3086 |
| microsoft | windows_10_22h2 | < 10.0.19045.3087 | 10.0.19045.3087 |
| microsoft | windows_10_version_1507 | >= 10.0.10240.0 < 10.0.10240.19983 | 10.0.10240.19983 |
| microsoft | windows_10_version_1607 | >= 10.0.14393.0 < 10.0.14393.5989 | 10.0.14393.5989 |
| microsoft | windows_10_version_1809 | >= 10.0.0 < 10.0.17763.4499 | 10.0.17763.4499 |
| microsoft | windows_10_version_1809 | >= 10.0.17763.0 < 10.0.17763.4499 | 10.0.17763.4499 |
| microsoft | windows_10_version_21h2 | >= 10.0.19043.0 < 10.0.19044.3086 | 10.0.19044.3086 |
| microsoft | windows_10_version_22h2 | >= 10.0.19045.0 < 10.0.19045.3086 | 10.0.19045.3086 |
| microsoft | windows_11_21h2 | < 10.0.22000.2057 | 10.0.22000.2057 |
| microsoft | windows_11_22h2 | < 10.0.22621.1848 | 10.0.22621.1848 |
| microsoft | windows_11_version_21h2 | >= 10.0.0 < 10.0.22000.2057 | 10.0.22000.2057 |
| microsoft | windows_11_version_22h2 | >= 10.0.22621.0 < 10.0.22621.1848 | 10.0.22621.1848 |
| microsoft | windows_server_2008 | — | — |
| microsoft | windows_server_2008_r2_service_pack_1 | >= 6.1.7601.0 < 6.1.7601.26564 | 6.1.7601.26564 |
| microsoft | windows_server_2008_service_pack_2 | >= 6.0.6003.0 < 6.0.6003.22113 | 6.0.6003.22113 |
| microsoft | windows_server_2012 | — | — |
| microsoft | windows_server_2012 | >= 6.2.9200.0 < 6.2.9200.24314 | 6.2.9200.24314 |
| microsoft | windows_server_2012_r2 | >= 6.3.9600.0 < 6.3.9600.21013 | 6.3.9600.21013 |
| microsoft | windows_server_2016 | < 10.0.14393.5989 | 10.0.14393.5989 |
| microsoft | windows_server_2016 | >= 10.0.14393.0 < 10.0.14393.5989 | 10.0.14393.5989 |
| microsoft | windows_server_2019 | < 10.0.17763.4499 | 10.0.17763.4499 |
| microsoft | windows_server_2019 | >= 10.0.17763.0 < 10.0.17763.4499 | 10.0.17763.4499 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect exploitation attempts by monitoring for network traffic targeting TCP port 1801 (Windows Message Queuing) on systems running the PGM Server role, particularly for specially crafted inbound packets. ↗
- →Check for the presence of the 'Message Queuing' service running and TCP port 1801 in a LISTEN state as indicators of an exploitable attack surface. ↗
- ·The vulnerability is only exploitable if the Windows Message Queuing service is enabled. It is not enabled by default but can be added via Control Panel — verify this service is disabled on systems that do not require it. ↗
- ·Exploitation requires the target to be operating in a PGM Server environment with the Message Queuing service active, limiting the attack surface to specific configurations. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vendor_msrc9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qm83-v8m5-gp9p: Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
ghsa_unreviewed·2023-06-14
CVE-2023-32014 [CRITICAL] GHSA-qm83-v8m5-gp9p: Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
Microsoft
Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
vendor_msrc·2023-06-13·CVSS 9.8
CVE-2023-32014 [CRITICAL] CWE-191 Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
FAQ: How could an attacker exploit this vulnerability?
When Windows message queuing service is running in a PGM Server environment, an attacker could send a specially crafted file over the network to achieve remote code execution and attempt to trigger malicious code.
Windows PGM: Windows PGM
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Remote Code Execution
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027222
Reference: https://support.microsoft.com/help/5027222
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5027225
Reference: https://supp
No detection rules found.
No public exploits indexed.
Krebs
Microsoft Patch Tuesday, June 2023 Edition
blogs_krebs·2023-06-13·CVSS 9.8
[CRITICAL] Microsoft Patch Tuesday, June 2023 Edition
Microsoft Corp. today released software updates to fix dozens of security vulnerabilities in its Windows operating systems and other software. This month’s relatively light patch load has another added bonus for system administrators everywhere: It appears to be the first Patch Tuesday since March 2022 that isn’t marred by the active exploitation of a zero-day vulnerability in Microsoft’s products.
June’s Patch Tuesday features updates to plug at least 70 security holes, and while none of these are reported by Microsoft as exploited in-the-wild yet, Redmond has flagged several in particular as “more likely to be exploited.”
Top of the list on that front is CVE-2023-29357, which is a “critical” bug in Microsoft SharePoint Server that can be exploited by an unauthenticated attacker on the
Talos
Microsoft discloses 5 critical vulnerabilities in June's Patch Tuesday, no zero-days
blogs_talos·2023-06-13·CVSS 9.8
[CRITICAL] Microsoft discloses 5 critical vulnerabilities in June's Patch Tuesday, no zero-days
Microsoft released its monthly security update Tuesday, disclosing 69 vulnerabilities across its suite of products and software. Five of these vulnerabilities are considered to be critical, 45 of them are listed as being high severity, 17 of them are medium severity and two are of low severity.
For the first time in four months, none of the vulnerabilities Microsoft disclosed this Patch Tuesday have been exploited in the wild. June is also closer to an average month for Microsoft’s security update after only disclosing 40 vulnerabilities last month, which was nearly a three-year low.
Cisco Talos discovered two vulnerabilities in Microsoft Excel that the company patched Tuesday. These are important-severity remote code execution vulnerabilities that are triggered if the targeted user open
Qualys
Microsoft and Adobe Patch Tuesday, June 2023 Security Update Review | Qualys
blogs_qualys·2023-06-13
Microsoft and Adobe Patch Tuesday, June 2023 Security Update Review | Qualys
#### Table of Contents
- Microsoft Patch Tuesday for June 2023
- Adobe Patches for June 2023
- Other Critical Severity Vulnerabilities Patched in June Patch Tuesday Edition
- Other Microsoft Vulnerability Highlights
- Microsoft Release Summary
- Discover and Prioritize Vulnerabilities in Vulnerability Management, Detection & Response (VMDR)
- Rapid Response with Patch Management (PM)
- EVALUATE Vendor-Suggested Mitigation with Policy Compliance (PC)
- EXECUTE Mitigation Using Qualys Custom Assessment and Remediation (CAR)
- Qualys Monthly Webinar Series
Microsoft has released June’s edition of Patch Tuesday! This installment of security updates addressed 94 security vulnerabilities in various products, features, and roles.
## Microsoft Patch Tuesday for June 2023
No zero-day vulnerabil
Talos
Microsoft discloses 5 critical vulnerabilities in June's Patch Tuesday, no zero-days
blogs_talos·2023-06-13·CVSS 9.8
[CRITICAL] Microsoft discloses 5 critical vulnerabilities in June's Patch Tuesday, no zero-days
## Microsoft discloses 5 critical vulnerabilities in June's Patch Tuesday, no zero-days
Microsoft released its monthly security update Tuesday, disclosing 69 vulnerabilities across its suite of products and software. Five of these vulnerabilities are considered to be critical, 45 of them are listed as being high severity, 17 of them are medium severity and two are of low severity.
For the first time in four months, none of the vulnerabilities Microsoft disclosed this Patch Tuesday have been exploited in the wild. June is also closer to an average month for Microsoft’s security update after only disclosing 40 vulnerabilities last month, which was nearly a three-year low .
Cisco Talos discovered two vulnerabilities in Microsoft Excel that the company patched Tuesday. These are important-s
Tenable
Microsoft’s June 2023 Patch Tuesday Addresses 70 CVEs (CVE-2023-29357)
blogs_tenable·2023-06-13·CVSS 9.8
[CRITICAL] Microsoft’s June 2023 Patch Tuesday Addresses 70 CVEs (CVE-2023-29357)
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Qualys
Microsoft and Adobe Patch Tuesday, June 2023 Security Update Review
blogs_qualys·2023-06-13
Microsoft and Adobe Patch Tuesday, June 2023 Security Update Review
## Table of Contents
Microsoft Patch Tuesday for June 2023
Adobe Patches for June 2023
Other Critical Severity Vulnerabilities Patched in June Patch Tuesday Edition
Other Microsoft Vulnerability Highlights
Microsoft Release Summary
Discover and Prioritize Vulnerabilities in Vulnerability Management, Detection & Response (VMDR)
Rapid Response with Patch Management (PM)
EVALUATE Vendor-Suggested Mitigation with Policy Compliance (PC)
EXECUTE Mitigation Using Qualys Custom Assessment and Remediation (CAR)
Qualys Monthly Webinar Series
Microsoft has released June’s edition of Patch Tuesday! This installment of security updates addressed 94 security vulnerabilities in various products, features, and roles.
## Microsoft Patch Tuesday for June 2023
No zero-day vulnerabilities known t
Krebs
Microsoft Patch Tuesday, June 2023 Edition
blogs_krebs·2023-06-13·CVSS 9.8
[CRITICAL] Microsoft Patch Tuesday, June 2023 Edition
Microsoft Corp. today released software updates to fix dozens of security vulnerabilities in its Windows operating systems and other software. This month’s relatively light patch load has another added bonus for system administrators everywhere: It appears to be the first Patch Tuesday since March 2022 that isn’t marred by the active exploitation of a zero-day vulnerability in Microsoft’s products.
June’s Patch Tuesday features updates to plug at least 70 security holes, and while none of these are reported by Microsoft as exploited in-the-wild yet, Redmond has flagged several in particular as “more likely to be exploited.”
Top of the list on that front is CVE-2023-29357 , which is a “critical” bug in Microsoft SharePoint Server that can be exploited by an unauthenticated attacker on the
Crowdstrike
June Patch Tuesday 2023: Updates and Analysis
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] June Patch Tuesday 2023: Updates and Analysis
How CrowdStrike is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 06, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How CrowdStrike is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 06, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand AT
2023-06-14
Published