Breaking Down the Latest May 2023 Patch Tuesday Report


To ensure the security of computer systems and networks, Microsoft regularly releases security updates to address its software products’ vulnerabilities. It recently issued the May 2023 Patch Tuesday updates for Windows 10 and 11. This month’s updates address 38 security flaws present in Windows and other related components. The update includes six critical vulnerabilities, which must be immediately addressed to prevent potential security breaches. 

 

This blog will highlight the latest updates to gain a comprehensive understanding of the report, emphasizing the severity levels of the vulnerabilities addressed.

Microsoft Patch Tuesday May 2023 Report Summary

Microsoft released the May 2023 Patch Tuesday. Let’s see the summary of the report.

  • The security update addressed 38 vulnerabilities, of which six are critical, and 32 are important.
  • All 6 critical vulnerabilities are Remote Code Execution vulnerabilities.
  • The May 2023 update has fixes for three zero-day vulnerabilities, two of which are exploited in the wild. 
  • The two actively exploited zero-day vulnerabilities include Win32k elevation of privilege vulnerability and secure boot security feature Bypass Vulnerability.
  • The update from Microsoft has resolved an interoperability problem that existed between the latest Windows Local Administrator Password Solution (LAPS) and previous LAPS policies. Additionally, Windows 11 version 22H2 enables users to receive the latest non-security updates promptly by tweaking a new setting.
  • The May security update includes these products: Microsoft Bluetooth Driver, Microsoft Graphics Component, Microsoft Edge (Chromium-based), Microsoft Office, Microsoft Teams, Microsoft Windows, and other components.

Vulnerabilities by Category

The May 2023 vulnerabilities are distributed as follows by Microsoft: 

Vulnerability  Quantity  Severities
Elevation of Privilege Vulnerabilities 8 Important: 8
Spoofing Vulnerability 1 Important: 1
Denial of Service Vulnerabilities 5 Important: 5
Information Disclosure Vulnerabilities 8 Important: 8
Remote Code Execution Vulnerabilities 12 Important: 6Critical: 6
Security Feature Bypass Vulnerabilities 4 Important: 4
Microsoft Edge (Chromium-based) 15 Unknown 

The table provides information about the number of bugs in different categories of vulnerabilities. It shows that there are 8 Elevation of Privilege vulnerabilities, 1 Spoofing vulnerability, 5 Denial of Service vulnerabilities, 8 Information Disclosure vulnerabilities, 12 Remote Code Execution vulnerabilities, 4 Security Feature Bypass vulnerabilities, and 15 Edge-Chromium vulnerabilities.

See also  Easiest Way to Create Certificates Using Web-Based GUI OpenSSL

List of Zero-Day Vulnerabilities Patched in May 2023 Patch Tuesday:

When developers can not address an issue before attackers can exploit it, it is called a “zero-day” vulnerability. These types of vulnerabilities are particularly perilous because they are prone to exploitation before patches or fixes can be released. Recently, Microsoft disclosed that it had remedied three zero-day vulnerabilities, out of which 2 have been exploited by attackers in the wild while 1 was publicly disclosed. 

The two vulnerabilities include the following: 

CVE ID Vulnerable Product/Application Vulnerability Type
CVE-2023-29336 Windows 32k Elevation of Privilege 
CVE-2023-24932 Windows Secure Boot Security Feature Bypass

The publicly disclosed vulnerability is given below. 

 

CVE ID Vulnerable Product/Application Vulnerability Type
CVE-2023-29325  Windows OLE  Remote Code Execution

Windows 32k Elevation of Privileges Vulnerability – CVE-2023-29336

Microsoft has recently addressed a privilege elevation vulnerability in the Win32k Kernel driver, which can allow unauthorized access to SYSTEM, the highest user privilege level in Windows. An attacker who successfully exploits this vulnerability could gain complete control over the system.

Although Microsoft has confirmed that this bug has been actively exploited, no further details are available on the specific techniques attackers use.

Windows Secure Boot Security Feature Bypass Vulnerability – CVE-2023-24932 

Microsoft has recently addressed a vulnerability that a threat actor exploited to install the BlackLotus UEFI bootkit. This Secure Boot bypass flaw allowed an attacker with administrative rights or physical access to install an impacted boot policy, thereby installing malware in the system. UEFI bootkits are malicious programs that can remain undetected since they load early in the booting sequence and operate outside the operating system.

See also  What is New in KB5028166, a Cumulative Update for Windows 10 Version 22H2 and 21H2?

Last month, Microsoft issued guidelines on how to detect BlackLotus UEFI bootkit attacks. With the latest Patch Tuesday update, Microsoft has fixed the vulnerability but has not enabled it by default. 

To address the vulnerability, further measures are necessary at present. To assess the impact on your environment, have a look at the following steps outlined in KB5025885 by Microsoft.

Windows OLE Remote Code Execution Vulnerability – CVE-2023-29325 

Microsoft has remedied a Windows OLE flaw. Attackers can exploit this vulnerability through specially crafted emails. Microsoft’s advisory warns that if the victim uses an affected version of Microsoft Outlook software and either opens the email or previews it, the attacker could execute remote code on the victim’s machine.

Microsoft advises users to read all messages in plain text format to mitigate this vulnerability.

List of Critical Vulnerabilities Patched in May 2023 Patch Tuesday

Here are the 6 critical vulnerabilities patched by Microsoft in May 2023 Patch Tuesday.

CVE ID  Vulnerable Product/Application Vulnerability Type
CVE-2023-24955 Microsoft Office SharePoint Server Remote Code Execution Vulnerability
CVE-2023-28283 Windows Lightweight Directory Access Protocol (LDAP)  Remote Code Execution Vulnerability
CVE-2023-24941 Windows Network File System  Remote Code Execution Vulnerability
CVE-2023-29325 Windows OLE  Remote Code Execution Vulnerability
CVE-2023-24943 Windows Pragmatic General Multicast (PGM)  Remote Code Execution Vulnerability
CVE-2023-24903 Windows Secure Socket Tunneling Protocol (SSTP)  Remote Code Execution Vulnerability

Complete List of Vulnerabilities Patched in May 2023 Patch Tuesday Are:

You can download the complete list of patched vulnerabilities from here.

CVE ID  Severity  CVE Title  Tag
CVE-2023-24947 Important  Windows Bluetooth Driver Remote Code Execution Vulnerability Microsoft Bluetooth Driver
CVE-2023-24948 Important  Windows Bluetooth Driver Elevation of Privilege Vulnerability Microsoft Bluetooth Driver
CVE-2023-24944 Important  Windows Bluetooth Driver Information Disclosure Vulnerability Microsoft Bluetooth Driver
CVE-2023-29354 Moderate Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability Microsoft Edge (Chromium-based)
CVE-2023-2468 Unknown Chromium: CVE-2023-2468 Inappropriate implementation in PictureInPicture Microsoft Edge (Chromium-based)
CVE-2023-2459 Unknown Chromium: CVE-2023-2459 Inappropriate implementation in Prompts Microsoft Edge (Chromium-based)
CVE-2023-29350 Important Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Microsoft Edge (Chromium-based)
CVE-2023-2467 Unknown Chromium: CVE-2023-2467 Inappropriate implementation in Prompts Microsoft Edge (Chromium-based)
CVE-2023-2463 Unknown  Chromium: CVE-2023-2463 Inappropriate implementation in Full Screen Mode Microsoft Edge (Chromium-based)
CVE-2023-2462 Unknown Chromium: CVE-2023-2462 Inappropriate implementation in Prompts Microsoft Edge (Chromium-based)
CVE-2023-2460 Unknown Chromium: CVE-2023-2460 Insufficient validation of untrusted input in Extensions Microsoft Edge (Chromium-based)
CVE-2023-2465 Unknown Chromium: CVE-2023-2465 Inappropriate implementation in  CORS Microsoft Edge (Chromium-based)
CVE-2023-2466 Unknown Chromium: CVE-2023-2466 Inappropriate implementation in Prompts Microsoft Edge (Chromium-based)
CVE-2023-2464 Unknown Chromium: CVE-2023-2464 Inappropriate implementation in PictureInPicture Microsoft Edge (Chromium-based)
CVE-2023-24899 Important Windows Graphics Component Elevation of Privilege Vulnerability Microsoft Graphics Component
CVE-2023-29344 Important  Microsoft Office Remote Code Execution Vulnerability Microsoft Office
CVE-2023-29333 Important Microsoft Access Denial of Service Vulnerability Microsoft Office Access
CVE-2023-24953 Important Microsoft Excel Remote Code Execution Vulnerability Microsoft Office Excel
CVE-2023-24955 Critical Microsoft SharePoint Server Remote Code Execution Vulnerability Microsoft Office SharePoint 
CVE-2023-24954 Important Microsoft SharePoint Server Information Disclosure Vulnerability Microsoft Office SharePoint
CVE-2023-24950 Important  Microsoft SharePoint Server Spoofing Vulnerability Microsoft Office SharePoint
CVE-2023-29335 Important  Microsoft Word Security Feature Bypass Vulnerability Microsoft Office Word
CVE-2023-24881 Important Microsoft Teams Information Disclosure Vulnerability Microsoft Teams
CVE-2023-29340 Important AV1 Video Extension Remote Code Execution Vulnerability Microsoft Windows Codecs Library
CVE-2023-29341 Important AV1 Video Extension Remote Code Execution Vulnerability Microsoft Windows Codecs Library
CVE-2023-24905 Important  Remote Desktop Client Remote Code Execution Vulnerability Remote Desktop Client
CVE-2023-29343 Important  SysInternals Sysmon for Windows Elevation of Privilege Vulnerability SysInternals
CVE-2023-29338 Important Visual Studio Code Information Disclosure Vulnerability Visual Studio Code
CVE-2023-24946 Important Windows Backup Service Elevation of Privilege Vulnerability Windows Backup Engine
CVE-2023-24904 Important Windows Installer Elevation of Privilege Vulnerability Windows Installer
CVE-2023-24945 Important Windows iSCSI Target Service Information Disclosure Vulnerability Windows iSCSI Target Service
CVE-2023-24949 Important Windows Kernel Elevation of Privilege Vulnerability Windows Kernel
CVE-2023-28283 Critical Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability Windows LDAP – Lightweight Directory Access Protocol
CVE-2023-29324 Important Windows MSHTML Platform Security Feature Bypass Vulnerability Windows MSHTML Platform
CVE-2023-24941 Critical Windows Network File System Remote Code Execution Vulnerability Windows Network File System
CVE-2023-24901 Important Windows NFS Portmapper Information Disclosure Vulnerability Windows NFS Portmapper
CVE-2023-24939 Important Server for NFS Denial of Service Vulnerability Windows NFS Portmapper
CVE-2023-24900 Important  Windows NTLM Security Support Provider Information Disclosure Vulnerability Windows NTLM 
CVE-2023-29325 Critical  Windows OLE Remote Code Execution Vulnerability Windows OLE
CVE-2023-24940 Important Windows Pragmatic General Multicast (PGM) Denial of Service Vulnerability Windows PGM
CVE-2023-24943 Critical  Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability Windows PGM
CVE-2023-28290 Important Microsoft Remote Desktop app for Windows Information Disclosure Vulnerability Windows RDP Client
CVE-2023-24942 Important  Remote Procedure Call Runtime Denial of Service Vulnerability Windows Remote Procedure Call Runtime
CVE-2023-28251 Important  Windows Driver Revocation List Security Feature Bypass Vulnerability Windows Secure Boot
CVE-2023-24932 Important Secure Boot Security Feature Bypass Vulnerability Windows Secure Boot
CVE-2023-24903 Critical  Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability Windows Secure Socket Tunneling Protocol (SSTP)
CVE-2023-24898 Important  Windows SMB Denial of Service Vulnerability Windows SMB
CVE-2023-29336 Important  Win32k Elevation of Privilege Vulnerability Windows Win32K
CVE-2023-24902 Important  Win32k Elevation of Privilege Vulnerability Windows Win32K

 

Leave a Reply

Your email address will not be published. Required fields are marked *