You are currently viewing Microsoft May 2023 Patch Tuesday Fixes 38 Vulnerabilities Including 3 Zero-day!

Microsoft May 2023 Patch Tuesday Fixes 38 Vulnerabilities Including 3 Zero-day!

  • Post author:
  • Reading time:12 mins read

Microsoft has released its May 2023 Patch Tuesday updates, including fixes for 38 vulnerabilities. This month’s patch is considered one of the smallest in the number of resolved vulnerabilities. However, it is still crucial as it includes a patch for a Windows bug and a Secure Boot bypass flaw, which have been exploited by attackers in the wild. The update also contains six Critical vulnerabilities allowing remote code execution.

Microsoft addresses three zero-day vulnerabilities, including two actively exploited in attacks and one publicly disclosed. The first zero-day vulnerability (CVE-2023-29336) is a privilege elevation vulnerability in the Win32k Kernel driver, allowing an attacker to gain SYSTEM privileges. The second zero-day (CVE-2023-24932) is a Secure Boot bypass flaw that allows an attacker with physical access or administrative rights to install an affected boot policy and install the BlackLotus UEFI bootkit. The third zero-day (CVE-2023-29325) is a Windows OLE flaw in Microsoft Outlook that can be exploited using specially crafted emails, which could result in the attacker executing remote code on the victim’s machine. Seeing that, Microsoft advises users to apply the updates and take additional measures to mitigate the vulnerabilities. Moreover, it is also important to use a fast vulnerability management software.

Zero-day Vulnerabilities

Microsoft’s Patch Tuesday for May 2023, has addressed three zero-day vulnerabilities, two of which have been actively exploited in attacks.

CVE-2023-29336Win32k Elevation of Privilege Vulnerability. This vulnerability involves a privilege elevation flaw in the Win32k Kernel driver that can give attackers SYSTEM privileges. Unknown actors actively exploited the bug, but Microsoft has not provided any details on the nature of these attacks.

CVE-2023-24932- Secure Boot Security Feature Bypass Vulnerability. This vulnerability fixes the Secure Boot bypass flaw that threat actors have exploited to install the BlackLotus UEFI bootkit. Above all, an attacker can install the malware with physical access or Administrative rights to a target device. UEFI bootkits are invisible to security software running within the operating system. The threat actor has been selling the BlackLotus bootkit on hacker forums since October 2022 and continues to update its features. Microsoft released guidance last month on how to detect BlackLotus UEFI bootkit attacks. This vulnerability is a bypass for the previously fixed CVE-2022-21894 vulnerability.

CVE-2023-29325- Windows OLE Remote Code Execution Vulnerability. This vulnerability is a Windows OLE flaw in Microsoft Outlook that can be exploited using specially crafted emails. The flaw can be triggered when a victim opens a malicious email or when Outlook previews such an email. In fact, an attacker could execute remote code on the victim’s machine if they successfully exploit the vulnerability. However, the attacker must win a ‘race’ condition and take additional actions to exploit the flaw successfully. With this in mind, users can mitigate this vulnerability by reading all messages in plain text format. Mitigating these vulnerabilities will be easier with a good vulnerability management software.

Critical Vulnerabilities

TagCVE NumberCVE TitleMax Severity
Windows Secure Socket Tunneling Protocol (SSTP)CVE-2023-24903Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution VulnerabilityCritical
Windows Network File SystemCVE-2023-24941Windows Network File System Remote Code Execution VulnerabilityCritical
Windows PGMCVE-2023-24943Windows Pragmatic General Multicast (PGM) Remote Code Execution VulnerabilityCritical
Microsoft Office SharePointCVE-2023-24955Microsoft SharePoint Server Remote Code Execution VulnerabilityCritical
Windows LDAP – Lightweight Directory Access ProtocolCVE-2023-28283Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution VulnerabilityCritical
Windows OLECVE-2023-29325Windows OLE Remote Code Execution VulnerabilityCritical

Microsoft May Patch Tuesday 2023 security bulletin summary

This release includes security updates for the following products, features, and roles.

  • Azure
  • Client Server Run-time Subsystem (CSRSS)
  • Internet Control Message Protocol (ICMP)
  • Microsoft Bluetooth Driver
  • Microsoft Dynamics
  • Microsoft Edge (Chromium-based)
  • Microsoft Graphics Component
  • Microsoft Office Excel
  • Microsoft Office Outlook
  • Microsoft Office SharePoint
  • Microsoft OneDrive
  • Microsoft PostScript Printer Driver
  • Microsoft Printer Drivers
  • Microsoft Windows Codecs Library
  • Office for Android
  • Remote Access Service Point-to-Point Tunneling Protocol
  • Role: DNS Server
  • Role: Windows Hyper-V
  • Service Fabric
  • Visual Studio
  • Windows Accounts Control
  • Windows Bluetooth Service
  • Windows Central Resource Manager
  • Windows Cryptographic Services
  • Windows Defender
  • Windows HTTP Protocol Stack
  • Windows HTTP.sys
  • Windows Internet Key Exchange (IKE) Protocol
  • Windows Kernel
  • Windows Partition Management Driver
  • Windows Point-to-Point Protocol over Ethernet (PPPoE)
  • Windows Remote Procedure Call
  • Windows Remote Procedure Call Runtime
  • Windows Resilient File System (ReFS)
  • Windows Secure Channel
  • Windows SmartScreen
  • Windows TPM
  • Windows Win32K

Product: Microsoft Windows.
CVEs/Advisory: CVE-2022-26928, CVE-2023-24898, CVE-2023-24900, CVE-2023-24901, CVE-2023-24902, CVE-2023-24903, CVE-2023-24904, CVE-2023-24932, CVE-2023-24939, CVE-2023-24940, CVE-2023-24941, CVE-2023-24942, CVE-2023-24943, CVE-2023-24945, CVE-2023-24946, CVE-2023-24949, CVE-2023-28251, CVE-2023-28283, CVE-2023-28290, CVE-2023-29324, CVE-2023-29325, CVE-2023-29336, CVE-2023-29340, CVE-2023-29341
Impact: Remote Code Execution, Elevation of Privilege, Security Feature Bypass, Information Disclosure, Denial of Service

Product: Microsoft Office.
CVE/Advisory: CVE-2021-28452, CVE-2022-41104, CVE-2023-21738, CVE-2023-23396, CVE-2023-23398, CVE-2023-24950, CVE-2023-24953, CVE-2023-24954, CVE-2023-24955, CVE-2023-29333, CVE-2023-29335, CVE-2023-29344
Impact: Denial of Service, Information Disclosure, Remote Code Execution, Security Feature Bypass, Spoofing

However, SanerNow VM and SanerNow PM can detect and automatically fix these vulnerabilities by applying security updates. Further, use SanerNow and keep your systems updated and secure.

Also, update previous Patch Tuesday updates to stay secure and safe.

Share this article