To ensure the security of computer systems and networks, Microsoft regularly releases security updates to address its software products’ vulnerabilities. It recently issued the May 2023 Patch Tuesday updates for Windows 10 and 11. This month’s updates address 38 security flaws present in Windows and other related components. The update includes six critical vulnerabilities, which must be immediately addressed to prevent potential security breaches.
This blog will highlight the latest updates to gain a comprehensive understanding of the report, emphasizing the severity levels of the vulnerabilities addressed.
Table of Contents
Microsoft Patch Tuesday May 2023 Report Summary
Microsoft released the May 2023 Patch Tuesday. Let’s see the summary of the report.
- The security update addressed 38 vulnerabilities, of which six are critical, and 32 are important.
- All 6 critical vulnerabilities are Remote Code Execution vulnerabilities.
- The May 2023 update has fixes for three zero-day vulnerabilities, two of which are exploited in the wild.
- The two actively exploited zero-day vulnerabilities include Win32k elevation of privilege vulnerability and secure boot security feature Bypass Vulnerability.
- The update from Microsoft has resolved an interoperability problem that existed between the latest Windows Local Administrator Password Solution (LAPS) and previous LAPS policies. Additionally, Windows 11 version 22H2 enables users to receive the latest non-security updates promptly by tweaking a new setting.
- The May security update includes these products: Microsoft Bluetooth Driver, Microsoft Graphics Component, Microsoft Edge (Chromium-based), Microsoft Office, Microsoft Teams, Microsoft Windows, and other components.
Vulnerabilities by Category
The May 2023 vulnerabilities are distributed as follows by Microsoft:
|Elevation of Privilege Vulnerabilities||8||Important: 8|
|Spoofing Vulnerability||1||Important: 1|
|Denial of Service Vulnerabilities||5||Important: 5|
|Information Disclosure Vulnerabilities||8||Important: 8|
|Remote Code Execution Vulnerabilities||12||Important: 6Critical: 6|
|Security Feature Bypass Vulnerabilities||4||Important: 4|
|Microsoft Edge (Chromium-based)||15||Unknown|
The table provides information about the number of bugs in different categories of vulnerabilities. It shows that there are 8 Elevation of Privilege vulnerabilities, 1 Spoofing vulnerability, 5 Denial of Service vulnerabilities, 8 Information Disclosure vulnerabilities, 12 Remote Code Execution vulnerabilities, 4 Security Feature Bypass vulnerabilities, and 15 Edge-Chromium vulnerabilities.
List of Zero-Day Vulnerabilities Patched in May 2023 Patch Tuesday:
When developers can not address an issue before attackers can exploit it, it is called a “zero-day” vulnerability. These types of vulnerabilities are particularly perilous because they are prone to exploitation before patches or fixes can be released. Recently, Microsoft disclosed that it had remedied three zero-day vulnerabilities, out of which 2 have been exploited by attackers in the wild while 1 was publicly disclosed.
The two vulnerabilities include the following:
|CVE ID||Vulnerable Product/Application||Vulnerability Type|
|CVE-2023-29336||Windows 32k||Elevation of Privilege|
|CVE-2023-24932||Windows Secure Boot||Security Feature Bypass|
The publicly disclosed vulnerability is given below.
|CVE ID||Vulnerable Product/Application||Vulnerability Type|
|CVE-2023-29325||Windows OLE||Remote Code Execution|
Windows 32k Elevation of Privileges Vulnerability – CVE-2023-29336
Microsoft has recently addressed a privilege elevation vulnerability in the Win32k Kernel driver, which can allow unauthorized access to SYSTEM, the highest user privilege level in Windows. An attacker who successfully exploits this vulnerability could gain complete control over the system.
Although Microsoft has confirmed that this bug has been actively exploited, no further details are available on the specific techniques attackers use.
Windows Secure Boot Security Feature Bypass Vulnerability – CVE-2023-24932
Microsoft has recently addressed a vulnerability that a threat actor exploited to install the BlackLotus UEFI bootkit. This Secure Boot bypass flaw allowed an attacker with administrative rights or physical access to install an impacted boot policy, thereby installing malware in the system. UEFI bootkits are malicious programs that can remain undetected since they load early in the booting sequence and operate outside the operating system.
Last month, Microsoft issued guidelines on how to detect BlackLotus UEFI bootkit attacks. With the latest Patch Tuesday update, Microsoft has fixed the vulnerability but has not enabled it by default.
To address the vulnerability, further measures are necessary at present. To assess the impact on your environment, have a look at the following steps outlined in KB5025885 by Microsoft.
Windows OLE Remote Code Execution Vulnerability – CVE-2023-29325
Microsoft has remedied a Windows OLE flaw. Attackers can exploit this vulnerability through specially crafted emails. Microsoft’s advisory warns that if the victim uses an affected version of Microsoft Outlook software and either opens the email or previews it, the attacker could execute remote code on the victim’s machine.
Microsoft advises users to read all messages in plain text format to mitigate this vulnerability.
List of Critical Vulnerabilities Patched in May 2023 Patch Tuesday
Here are the 6 critical vulnerabilities patched by Microsoft in May 2023 Patch Tuesday.
|CVE ID||Vulnerable Product/Application||Vulnerability Type|
|CVE-2023-24955||Microsoft Office SharePoint Server||Remote Code Execution Vulnerability|
|CVE-2023-28283||Windows Lightweight Directory Access Protocol (LDAP)||Remote Code Execution Vulnerability|
|CVE-2023-24941||Windows Network File System||Remote Code Execution Vulnerability|
|CVE-2023-29325||Windows OLE||Remote Code Execution Vulnerability|
|CVE-2023-24943||Windows Pragmatic General Multicast (PGM)||Remote Code Execution Vulnerability|
|CVE-2023-24903||Windows Secure Socket Tunneling Protocol (SSTP)||Remote Code Execution Vulnerability|
Complete List of Vulnerabilities Patched in May 2023 Patch Tuesday Are:
You can download the complete list of patched vulnerabilities from here.
|CVE ID||Severity||CVE Title||Tag|
|CVE-2023-24947||Important||Windows Bluetooth Driver Remote Code Execution Vulnerability||Microsoft Bluetooth Driver|
|CVE-2023-24948||Important||Windows Bluetooth Driver Elevation of Privilege Vulnerability||Microsoft Bluetooth Driver|
|CVE-2023-24944||Important||Windows Bluetooth Driver Information Disclosure Vulnerability||Microsoft Bluetooth Driver|
|CVE-2023-29354||Moderate||Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability||Microsoft Edge (Chromium-based)|
|CVE-2023-2468||Unknown||Chromium: CVE-2023-2468 Inappropriate implementation in PictureInPicture||Microsoft Edge (Chromium-based)|
|CVE-2023-2459||Unknown||Chromium: CVE-2023-2459 Inappropriate implementation in Prompts||Microsoft Edge (Chromium-based)|
|CVE-2023-29350||Important||Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability||Microsoft Edge (Chromium-based)|
|CVE-2023-2467||Unknown||Chromium: CVE-2023-2467 Inappropriate implementation in Prompts||Microsoft Edge (Chromium-based)|
|CVE-2023-2463||Unknown||Chromium: CVE-2023-2463 Inappropriate implementation in Full Screen Mode||Microsoft Edge (Chromium-based)|
|CVE-2023-2462||Unknown||Chromium: CVE-2023-2462 Inappropriate implementation in Prompts||Microsoft Edge (Chromium-based)|
|CVE-2023-2460||Unknown||Chromium: CVE-2023-2460 Insufficient validation of untrusted input in Extensions||Microsoft Edge (Chromium-based)|
|CVE-2023-2465||Unknown||Chromium: CVE-2023-2465 Inappropriate implementation in CORS||Microsoft Edge (Chromium-based)|
|CVE-2023-2466||Unknown||Chromium: CVE-2023-2466 Inappropriate implementation in Prompts||Microsoft Edge (Chromium-based)|
|CVE-2023-2464||Unknown||Chromium: CVE-2023-2464 Inappropriate implementation in PictureInPicture||Microsoft Edge (Chromium-based)|
|CVE-2023-24899||Important||Windows Graphics Component Elevation of Privilege Vulnerability||Microsoft Graphics Component|
|CVE-2023-29344||Important||Microsoft Office Remote Code Execution Vulnerability||Microsoft Office|
|CVE-2023-29333||Important||Microsoft Access Denial of Service Vulnerability||Microsoft Office Access|
|CVE-2023-24953||Important||Microsoft Excel Remote Code Execution Vulnerability||Microsoft Office Excel|
|CVE-2023-24955||Critical||Microsoft SharePoint Server Remote Code Execution Vulnerability||Microsoft Office SharePoint|
|CVE-2023-24954||Important||Microsoft SharePoint Server Information Disclosure Vulnerability||Microsoft Office SharePoint|
|CVE-2023-24950||Important||Microsoft SharePoint Server Spoofing Vulnerability||Microsoft Office SharePoint|
|CVE-2023-29335||Important||Microsoft Word Security Feature Bypass Vulnerability||Microsoft Office Word|
|CVE-2023-24881||Important||Microsoft Teams Information Disclosure Vulnerability||Microsoft Teams|
|CVE-2023-29340||Important||AV1 Video Extension Remote Code Execution Vulnerability||Microsoft Windows Codecs Library|
|CVE-2023-29341||Important||AV1 Video Extension Remote Code Execution Vulnerability||Microsoft Windows Codecs Library|
|CVE-2023-24905||Important||Remote Desktop Client Remote Code Execution Vulnerability||Remote Desktop Client|
|CVE-2023-29343||Important||SysInternals Sysmon for Windows Elevation of Privilege Vulnerability||SysInternals|
|CVE-2023-29338||Important||Visual Studio Code Information Disclosure Vulnerability||Visual Studio Code|
|CVE-2023-24946||Important||Windows Backup Service Elevation of Privilege Vulnerability||Windows Backup Engine|
|CVE-2023-24904||Important||Windows Installer Elevation of Privilege Vulnerability||Windows Installer|
|CVE-2023-24945||Important||Windows iSCSI Target Service Information Disclosure Vulnerability||Windows iSCSI Target Service|
|CVE-2023-24949||Important||Windows Kernel Elevation of Privilege Vulnerability||Windows Kernel|
|CVE-2023-28283||Critical||Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability||Windows LDAP – Lightweight Directory Access Protocol|
|CVE-2023-29324||Important||Windows MSHTML Platform Security Feature Bypass Vulnerability||Windows MSHTML Platform|
|CVE-2023-24941||Critical||Windows Network File System Remote Code Execution Vulnerability||Windows Network File System|
|CVE-2023-24901||Important||Windows NFS Portmapper Information Disclosure Vulnerability||Windows NFS Portmapper|
|CVE-2023-24939||Important||Server for NFS Denial of Service Vulnerability||Windows NFS Portmapper|
|CVE-2023-24900||Important||Windows NTLM Security Support Provider Information Disclosure Vulnerability||Windows NTLM|
|CVE-2023-29325||Critical||Windows OLE Remote Code Execution Vulnerability||Windows OLE|
|CVE-2023-24940||Important||Windows Pragmatic General Multicast (PGM) Denial of Service Vulnerability||Windows PGM|
|CVE-2023-24943||Critical||Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability||Windows PGM|
|CVE-2023-28290||Important||Microsoft Remote Desktop app for Windows Information Disclosure Vulnerability||Windows RDP Client|
|CVE-2023-24942||Important||Remote Procedure Call Runtime Denial of Service Vulnerability||Windows Remote Procedure Call Runtime|
|CVE-2023-28251||Important||Windows Driver Revocation List Security Feature Bypass Vulnerability||Windows Secure Boot|
|CVE-2023-24932||Important||Secure Boot Security Feature Bypass Vulnerability||Windows Secure Boot|
|CVE-2023-24903||Critical||Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability||Windows Secure Socket Tunneling Protocol (SSTP)|
|CVE-2023-24898||Important||Windows SMB Denial of Service Vulnerability||Windows SMB|
|CVE-2023-29336||Important||Win32k Elevation of Privilege Vulnerability||Windows Win32K|
|CVE-2023-24902||Important||Win32k Elevation of Privilege Vulnerability||Windows Win32K|
Our aim is to inform you about the February 2023 Patch Tuesday report released by Microsoft on May 9th, 2023. We encourage you to share this post to help enhance digital security. You can also subscribe to our social media pages on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium & Instagram to receive similar updates.