Table of Contents
  • Home
  • /
  • Blog
  • /
  • Breaking Down the Latest May 2023 Patch Tuesday Report
December 5, 2023

Breaking Down the Latest May 2023 Patch Tuesday Report

Breaking Down The Latest May 2023 Patch Tuesday Report

To ensure the security of computer systems and networks, Microsoft regularly releases security updates to address its software products’ vulnerabilities. It recently issued the May 2023 Patch Tuesday updates for Windows 10 and 11. This month’s updates address 38 security flaws present in Windows and other related components. The update includes six critical vulnerabilities, which must be immediately addressed to prevent potential security breaches. 

This blog will highlight the latest updates to gain a comprehensive understanding of the report, emphasizing the severity levels of the vulnerabilities addressed.

Microsoft Patch Tuesday May 2023 Report Summary

Microsoft released the May 2023 Patch Tuesday. Let’s see the summary of the report.

  • The security update addressed 38 vulnerabilities, of which six are critical, and 32 are important.

  • All 6 critical vulnerabilities are Remote Code Execution vulnerabilities.

  • The May 2023 update has fixes for three zero-day vulnerabilities, two of which are exploited in the wild. 

  • The two actively exploited zero-day vulnerabilities include Win32k elevation of privilege vulnerability and secure boot security feature Bypass Vulnerability.

  • The update from Microsoft has resolved an interoperability problem that existed between the latest Windows Local Administrator Password Solution (LAPS) and previous LAPS policies. Additionally, Windows 11 version 22H2 enables users to receive the latest non-security updates promptly by tweaking a new setting.

  • The May security update includes these products: Microsoft Bluetooth Driver, Microsoft Graphics Component, Microsoft Edge (Chromium-based), Microsoft Office, Microsoft Teams, Microsoft Windows, and other components.

Vulnerabilities by Category

The May 2023 vulnerabilities are distributed as follows by Microsoft: 

Vulnerability Quantity Severities
Elevation of Privilege Vulnerabilities8Important: 8
Spoofing Vulnerability1Important: 1
Denial of Service Vulnerabilities5Important: 5
Information Disclosure Vulnerabilities8Important: 8
Remote Code Execution Vulnerabilities12Important: 6Critical: 6
Security Feature Bypass Vulnerabilities4Important: 4
Microsoft Edge (Chromium-based)15Unknown 

The table provides information about the number of bugs in different categories of vulnerabilities. It shows that there are 8 Elevation of Privilege vulnerabilities, 1 Spoofing vulnerability, 5 Denial of Service vulnerabilities, 8 Information Disclosure vulnerabilities, 12 Remote Code Execution vulnerabilities, 4 Security Feature Bypass vulnerabilities, and 15 Edge-Chromium vulnerabilities.

List of Zero-Day Vulnerabilities Patched in May 2023 Patch Tuesday:

When developers can not address an issue before attackers can exploit it, it is called a “zero-day” vulnerability. These types of vulnerabilities are particularly perilous because they are prone to exploitation before patches or fixes can be released. Recently, Microsoft disclosed that it had remedied three zero-day vulnerabilities, out of which 2 have been exploited by attackers in the wild while 1 was publicly disclosed. 

The two vulnerabilities include the following: 

CVE IDVulnerable Product/ApplicationVulnerability Type
CVE-2023-29336Windows 32kElevation of Privilege 
CVE-2023-24932Windows Secure BootSecurity Feature Bypass

The publicly disclosed vulnerability is given below. 

CVE IDVulnerable Product/ApplicationVulnerability Type
CVE-2023-29325 Windows OLE Remote Code Execution

Windows 32k Elevation of Privileges Vulnerability – CVE-2023-29336

Microsoft has recently addressed a privilege elevation vulnerability in the Win32k Kernel driver, which can allow unauthorized access to SYSTEM, the highest user privilege level in Windows. An attacker who successfully exploits this vulnerability could gain complete control over the system.

Although Microsoft has confirmed that this bug has been actively exploited, no further details are available on the specific techniques attackers use.

Windows Secure Boot Security Feature Bypass Vulnerability – CVE-2023-24932

Microsoft has recently addressed a vulnerability that a threat actor exploited to install the BlackLotus UEFI bootkit. This Secure Boot bypass flaw allowed an attacker with administrative rights or physical access to install an impacted boot policy, thereby installing malware in the system. UEFI bootkits are malicious programs that can remain undetected since they load early in the booting sequence and operate outside the operating system.

Last month, Microsoft issued guidelines on how to detect BlackLotus UEFI bootkit attacks. With the latest Patch Tuesday update, Microsoft has fixed the vulnerability but has not enabled it by default. 

To address the vulnerability, further measures are necessary at present. To assess the impact on your environment, have a look at the following steps outlined in KB5025885 by Microsoft.

Windows OLE Remote Code Execution Vulnerability – CVE-2023-29325

Microsoft has remedied a Windows OLE flaw. Attackers can exploit this vulnerability through specially crafted emails. Microsoft’s advisory warns that if the victim uses an affected version of Microsoft Outlook software and either opens the email or previews it, the attacker could execute remote code on the victim’s machine.

Microsoft advises users to read all messages in plain text format to mitigate this vulnerability.

List of Critical Vulnerabilities Patched in May 2023 Patch Tuesday

Here are the 6 critical vulnerabilities patched by Microsoft in May 2023 Patch Tuesday.

CVE ID Vulnerable Product/ApplicationVulnerability Type
CVE-2023-24955Microsoft Office SharePoint ServerRemote Code Execution Vulnerability
CVE-2023-28283Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
CVE-2023-24941Windows Network File System Remote Code Execution Vulnerability
CVE-2023-29325Windows OLE Remote Code Execution Vulnerability
CVE-2023-24943Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
CVE-2023-24903Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

Complete List of Vulnerabilities Patched in May 2023 Patch Tuesday Are:

You can download the complete list of patched vulnerabilities from here.

CVE ID Severity CVE Title Tag
CVE-2023-24947Important Windows Bluetooth Driver Remote Code Execution VulnerabilityMicrosoft Bluetooth Driver
CVE-2023-24948Important Windows Bluetooth Driver Elevation of Privilege VulnerabilityMicrosoft Bluetooth Driver
CVE-2023-24944Important Windows Bluetooth Driver Information Disclosure VulnerabilityMicrosoft Bluetooth Driver
CVE-2023-29354ModerateMicrosoft Edge (Chromium-based) Security Feature Bypass VulnerabilityMicrosoft Edge (Chromium-based)
CVE-2023-2468UnknownChromium: CVE-2023-2468 Inappropriate implementation in PictureInPictureMicrosoft Edge (Chromium-based)
CVE-2023-2459UnknownChromium: CVE-2023-2459 Inappropriate implementation in PromptsMicrosoft Edge (Chromium-based)
CVE-2023-29350ImportantMicrosoft Edge (Chromium-based) Elevation of Privilege VulnerabilityMicrosoft Edge (Chromium-based)
CVE-2023-2467UnknownChromium: CVE-2023-2467 Inappropriate implementation in PromptsMicrosoft Edge (Chromium-based)
CVE-2023-2463Unknown Chromium: CVE-2023-2463 Inappropriate implementation in Full Screen ModeMicrosoft Edge (Chromium-based)
CVE-2023-2462UnknownChromium: CVE-2023-2462 Inappropriate implementation in PromptsMicrosoft Edge (Chromium-based)
CVE-2023-2460UnknownChromium: CVE-2023-2460 Insufficient validation of untrusted input in ExtensionsMicrosoft Edge (Chromium-based)
CVE-2023-2465UnknownChromium: CVE-2023-2465 Inappropriate implementation in CORSMicrosoft Edge (Chromium-based)
CVE-2023-2466UnknownChromium: CVE-2023-2466 Inappropriate implementation in PromptsMicrosoft Edge (Chromium-based)
CVE-2023-2464UnknownChromium: CVE-2023-2464 Inappropriate implementation in PictureInPictureMicrosoft Edge (Chromium-based)
CVE-2023-24899ImportantWindows Graphics Component Elevation of Privilege VulnerabilityMicrosoft Graphics Component
CVE-2023-29344Important Microsoft Office Remote Code Execution VulnerabilityMicrosoft Office
CVE-2023-29333ImportantMicrosoft Access Denial of Service VulnerabilityMicrosoft Office Access
CVE-2023-24953ImportantMicrosoft Excel Remote Code Execution VulnerabilityMicrosoft Office Excel
CVE-2023-24955CriticalMicrosoft SharePoint Server Remote Code Execution VulnerabilityMicrosoft Office SharePoint 
CVE-2023-24954ImportantMicrosoft SharePoint Server Information Disclosure VulnerabilityMicrosoft Office SharePoint
CVE-2023-24950Important Microsoft SharePoint Server Spoofing VulnerabilityMicrosoft Office SharePoint
CVE-2023-29335Important Microsoft Word Security Feature Bypass VulnerabilityMicrosoft Office Word
CVE-2023-24881ImportantMicrosoft Teams Information Disclosure VulnerabilityMicrosoft Teams
CVE-2023-29340ImportantAV1 Video Extension Remote Code Execution VulnerabilityMicrosoft Windows Codecs Library
CVE-2023-29341ImportantAV1 Video Extension Remote Code Execution VulnerabilityMicrosoft Windows Codecs Library
CVE-2023-24905Important Remote Desktop Client Remote Code Execution VulnerabilityRemote Desktop Client
CVE-2023-29343Important SysInternals Sysmon for Windows Elevation of Privilege VulnerabilitySysInternals
CVE-2023-29338ImportantVisual Studio Code Information Disclosure VulnerabilityVisual Studio Code
CVE-2023-24946ImportantWindows Backup Service Elevation of Privilege VulnerabilityWindows Backup Engine
CVE-2023-24904ImportantWindows Installer Elevation of Privilege VulnerabilityWindows Installer
CVE-2023-24945ImportantWindows iSCSI Target Service Information Disclosure VulnerabilityWindows iSCSI Target Service
CVE-2023-24949ImportantWindows Kernel Elevation of Privilege VulnerabilityWindows Kernel
CVE-2023-28283CriticalWindows Lightweight Directory Access Protocol (LDAP) Remote Code Execution VulnerabilityWindows LDAP – Lightweight Directory Access Protocol
CVE-2023-29324ImportantWindows MSHTML Platform Security Feature Bypass VulnerabilityWindows MSHTML Platform
CVE-2023-24941CriticalWindows Network File System Remote Code Execution VulnerabilityWindows Network File System
CVE-2023-24901ImportantWindows NFS Portmapper Information Disclosure VulnerabilityWindows NFS Portmapper
CVE-2023-24939ImportantServer for NFS Denial of Service VulnerabilityWindows NFS Portmapper
CVE-2023-24900Important Windows NTLM Security Support Provider Information Disclosure VulnerabilityWindows NTLM 
CVE-2023-29325Critical Windows OLE Remote Code Execution VulnerabilityWindows OLE
CVE-2023-24940ImportantWindows Pragmatic General Multicast (PGM) Denial of Service VulnerabilityWindows PGM
CVE-2023-24943Critical Windows Pragmatic General Multicast (PGM) Remote Code Execution VulnerabilityWindows PGM
CVE-2023-28290ImportantMicrosoft Remote Desktop app for Windows Information Disclosure VulnerabilityWindows RDP Client
CVE-2023-24942Important Remote Procedure Call Runtime Denial of Service VulnerabilityWindows Remote Procedure Call Runtime
CVE-2023-28251Important Windows Driver Revocation List Security Feature Bypass VulnerabilityWindows Secure Boot
CVE-2023-24932ImportantSecure Boot Security Feature Bypass VulnerabilityWindows Secure Boot
CVE-2023-24903Critical Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution VulnerabilityWindows Secure Socket Tunneling Protocol (SSTP)
CVE-2023-24898Important Windows SMB Denial of Service VulnerabilityWindows SMB
CVE-2023-29336Important Win32k Elevation of Privilege VulnerabilityWindows Win32K
CVE-2023-24902Important Win32k Elevation of Privilege VulnerabilityWindows Win32K

Our aim is to inform you about the February 2023 Patch Tuesday report released by Microsoft on May 9th, 2023. We encourage you to share this post to help enhance digital security. You can also subscribe to our social media pages on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium & Instagram to receive similar updates.

Arun KL

Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.

Recently added

Application Security

View All

Learn More About Cyber Security Security & Technology

“Knowledge Arsenal: Empowering Your Security Journey through Continuous Learning”

Cybersecurity All-in-One For Dummies - 1st Edition

"Cybersecurity All-in-One For Dummies" offers a comprehensive guide to securing personal and business digital assets from cyber threats, with actionable insights from industry experts.



View All

Learn Something New with Free Email subscription