Microsoft May 2023 Patch Tuesday Fixes 3 Zero-Days
May 2023 Patch Tuesday Addresses 3 0-Day Vulnerabilities, 38 Others
As part of its May 2023 Patch Tuesday Update, Microsoft has released numerous security updates in response to various vulnerabilities; three among which had already been identified as zero day threats due to ongoing exploitation by bad actors: CVE-2023-29336, CVE-2023-29325, and CVE-2023-24932.
CVE-2023-29336 – Win32k Kernel driver
CVE-2023-29336 exists within the Windows 10 operating system and permits privilege escalation where an attacker may achieve unauthorized access upon exploiting this flaw successfully; thus gaining elevated SYSTEM privileges beyond those authorized.
CVE-2023-29325 – OLE Flaw
CVE-2023-29325 relates specifically to customers making use of Microsoft Outlook and involves public disclosure of arbitrary code execution techniques by attackers who may prompt users into opening corrupt Office documents on a compromised system.
CVE-2023-24932 – Secure Boot Bypass
CVE-2023-24932 builds off recently resolved vulnerabilities from earlier versions. Reports indicate that hackers have been utilizing it for one very specific reason – – installing BlackLotus UEFI bootkits on targeted devices or systems! This invasion facilitates individual administrative rights’ acquisition following the deployment of malicious software as command-and-control nodes in subsequent attacks against other endpoints. These bootkits are potentially only accessible when physical access or administrative rights are already available in proximity/system; exacerbating ransomware threats.
To help system administrators avoid such vulnerabilities, Microsoft offers patches specifically for all vulnerabilities mentioned; it is strongly encouraged that users and organizations employing Windows apply these patches in a timely manner.
The following CVEs were all addressed by Microsoft on this Patch Tuesday:
CVE Number | CVE Title | Impact | Severity | Tag |
CVE-2023-29344 | Microsoft Office Remote Code Execution Vulnerability | Remote Code Execution | Important | Microsoft Office |
CVE-2023-29333 | Microsoft Access Denial of Service Vulnerability | Denial of Service | Important | Microsoft Office Access |
CVE-2023-29325 | Windows OLE Remote Code Execution Vulnerability | Remote Code Execution | Critical | Windows OLE |
CVE-2023-24904 | Windows Installer Elevation of Privilege Vulnerability | Elevation of Privilege | Important | Windows Installer |
CVE-2023-28290 | Microsoft Remote Desktop app for Windows Information Disclosure Vulnerability | Information Disclosure | Important | Windows RDP Client |
CVE-2023-28251 | Windows Driver Revocation List Security Feature Bypass Vulnerability | Security Feature Bypass | Important | Windows Secure Boot |
CVE-2023-24932 | Secure Boot Security Feature Bypass Vulnerability | Security Feature Bypass | Important | Windows Secure Boot |
CVE-2023-29343 | SysInternals Sysmon for Windows Elevation of Privilege Vulnerability | Elevation of Privilege | Important | SysInternals |
CVE-2023-29341 | AV1 Video Extension Remote Code Execution Vulnerability | Remote Code Execution | Important | Microsoft Windows Codecs Library |
CVE-2023-29340 | AV1 Video Extension Remote Code Execution Vulnerability | Remote Code Execution | Important | Microsoft Windows Codecs Library |
CVE-2023-29338 | Visual Studio Code Information Disclosure Vulnerability | Information Disclosure | Important | Visual Studio Code |
CVE-2023-29336 | Win32k Elevation of Privilege Vulnerability | Elevation of Privilege | Important | Windows Win32K |
CVE-2023-29335 | Microsoft Word Security Feature Bypass Vulnerability | Security Feature Bypass | Important | Microsoft Office Word |
CVE-2023-29324 | Windows MSHTML Platform Security Feature Bypass Vulnerability | Security Feature Bypass | Important | Windows MSHTML Platform |
CVE-2023-24955 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Remote Code Execution | Critical | Microsoft Office SharePoint |
CVE-2023-24954 | Microsoft SharePoint Server Information Disclosure Vulnerability | Information Disclosure | Important | Microsoft Office SharePoint |
CVE-2023-24953 | Microsoft Excel Remote Code Execution Vulnerability | Remote Code Execution | Important | Microsoft Office Excel |
CVE-2023-24950 | Microsoft SharePoint Server Spoofing Vulnerability | Spoofing | Important | Microsoft Office SharePoint |
CVE-2023-24949 | Windows Kernel Elevation of Privilege Vulnerability | Elevation of Privilege | Important | Windows Kernel |
CVE-2023-24948 | Windows Bluetooth Driver Elevation of Privilege Vulnerability | Elevation of Privilege | Important | Microsoft Bluetooth Driver |
CVE-2023-24947 | Windows Bluetooth Driver Remote Code Execution Vulnerability | Remote Code Execution | Important | Microsoft Bluetooth Driver |
CVE-2023-24946 | Windows Backup Service Elevation of Privilege Vulnerability | Elevation of Privilege | Important | Windows Backup Engine |
CVE-2023-24945 | Windows iSCSI Target Service Information Disclosure Vulnerability | Information Disclosure | Important | Windows iSCSI Target Service |
CVE-2023-24944 | Windows Bluetooth Driver Information Disclosure Vulnerability | Information Disclosure | Important | Microsoft Bluetooth Driver |
CVE-2023-24905 | Remote Desktop Client Remote Code Execution Vulnerability | Remote Code Execution | Important | Remote Desktop Client |
CVE-2023-24943 | Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | Remote Code Execution | Critical | Windows PGM |
CVE-2023-24903 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Remote Code Execution | Critical | Windows Secure Socket Tunneling Protocol (SSTP) |
CVE-2023-24942 | Remote Procedure Call Runtime Denial of Service Vulnerability | Denial of Service | Important | Windows Remote Procedure Call Runtime |
CVE-2023-24902 | Win32k Elevation of Privilege Vulnerability | Elevation of Privilege | Important | Windows Win32K |
CVE-2023-24941 | Windows Network File System Remote Code Execution Vulnerability | Remote Code Execution | Critical | Windows Network File System |
CVE-2023-24901 | Windows NFS Portmapper Information Disclosure Vulnerability | Information Disclosure | Important | Windows NFS Portmapper |
CVE-2023-24940 | Windows Pragmatic General Multicast (PGM) Denial of Service Vulnerability | Denial of Service | Important | Windows PGM |
CVE-2023-24900 | Windows NTLM Security Support Provider Information Disclosure Vulnerability | Information Disclosure | Important | Windows NTLM |
CVE-2023-24939 | Server for NFS Denial of Service Vulnerability | Denial of Service | Important | Windows NFS Portmapper |
CVE-2023-24899 | Windows Graphics Component Elevation of Privilege Vulnerability | Elevation of Privilege | Important | Microsoft Graphics Component |
CVE-2023-24898 | Windows SMB Denial of Service Vulnerability | Denial of Service | Important | Windows SMB |
CVE-2023-28283 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | Remote Code Execution | Critical | Windows LDAP – Lightweight Directory Access Protocol |
CVE-2023-24881 | Microsoft Teams Information Disclosure Vulnerability | Information Disclosure | Important | Microsoft Teams |