Breaking Down the Latest May 2023 Patch Tuesday Report
To ensure the security of computer systems and networks, Microsoft regularly releases security updates to address its software products’ vulnerabilities. It recently issued the May 2023 Patch Tuesday updates for Windows 10 and 11. This month’s updates address 38 security flaws present in Windows and other related components. The update includes six critical vulnerabilities, which must be immediately addressed to prevent potential security breaches.
This blog will highlight the latest updates to gain a comprehensive understanding of the report, emphasizing the severity levels of the vulnerabilities addressed.
Table of Contents
· Microsoft Patch Tuesday May 2023 Report Summary
∘ Vulnerabilities by Category
· List of Zero-Day Vulnerabilities Patched in May 2023 Patch Tuesday:
∘ Windows 32k Elevation of Privileges Vulnerability — CVE-2023–29336
∘ Windows Secure Boot Security Feature Bypass Vulnerability — CVE-2023–24932
∘ Windows OLE Remote Code Execution Vulnerability — CVE-2023–29325
· List of Critical Vulnerabilities Patched in May 2023 Patch Tuesday
· Complete List of Vulnerabilities Patched in May 2023 Patch Tuesday Are:
Microsoft Patch Tuesday May 2023 Report Summary
Microsoft released the May 2023 Patch Tuesday. Let’s see the summary of the report.
- The security update addressed 38 vulnerabilities, of which six are critical, and 32 are important.
- All 6 critical vulnerabilities are Remote Code Execution vulnerabilities.
- The May 2023 update has fixes for three zero-day vulnerabilities, two of which are exploited in the wild.
- The two actively exploited zero-day vulnerabilities include Win32k elevation of privilege vulnerability and secure boot security feature Bypass Vulnerability.
- The update from Microsoft has resolved an interoperability problem that existed between the latest Windows Local Administrator Password Solution (LAPS) and previous LAPS policies. Additionally, Windows 11 version 22H2 enables users to receive the latest non-security updates promptly by tweaking a new setting.
- The May security update includes these products: Microsoft Bluetooth Driver, Microsoft Graphics Component, Microsoft Edge (Chromium-based), Microsoft Office, Microsoft Teams, Microsoft Windows, and other components.
Vulnerabilities by Category
The May 2023 vulnerabilities are distributed as follows by Microsoft:
The table provides information about the number of bugs in different categories of vulnerabilities. It shows that there is 8 Elevation of Privilege vulnerabilities, 1 Spoofing vulnerability, 5 Denial of Service vulnerabilities, 8 Information Disclosure vulnerabilities, 12 Remote Code Execution vulnerabilities, 4 Security Feature Bypass vulnerabilities, and 15 Edge-Chromium vulnerabilities.
List of Zero-Day Vulnerabilities Patched in May 2023 Patch Tuesday:
When developers can not address an issue before attackers can exploit it, it is called a “zero-day” vulnerability. These types of vulnerabilities are particularly perilous because they are prone to exploitation before patches or fixes can be released. Recently, Microsoft disclosed that it had remedied three zero-day vulnerabilities, out of which 2 have been exploited by attackers in the wild while 1 was publicly disclosed.
The two vulnerabilities include the following:
The publicly disclosed vulnerability is given below.
Windows 32k Elevation of Privileges Vulnerability — CVE-2023–29336
Microsoft has recently addressed a privilege elevation vulnerability in the Win32k Kernel driver, which can allow unauthorized access to SYSTEM, the highest user privilege level in Windows. An attacker who successfully exploits this vulnerability could gain complete control over the system.
Although Microsoft has confirmed that this bug has been actively exploited, no further details are available on the specific techniques attackers use.
Windows Secure Boot Security Feature Bypass Vulnerability — CVE-2023–24932
Microsoft has recently addressed a vulnerability that a threat actor exploited to install the BlackLotus UEFI bootkit. This Secure Boot bypass flaw allowed an attacker with administrative rights or physical access to install an impacted boot policy, thereby installing malware in the system. UEFI bootkits are malicious programs that can remain undetected since they load early in the booting sequence and operate outside the operating system.
Last month, Microsoft issued guidelines on how to detect BlackLotus UEFI bootkit attacks. With the latest Patch Tuesday update, Microsoft has fixed the vulnerability but has not enabled it by default.
To address the vulnerability, further measures are necessary at present. To assess the impact on your environment, have a look at the following steps outlined in KB5025885 by Microsoft.
Windows OLE Remote Code Execution Vulnerability — CVE-2023–29325
Microsoft has remedied a Windows OLE flaw. Attackers can exploit this vulnerability through specially crafted emails. Microsoft’s advisory warns that if the victim uses an affected version of Microsoft Outlook software and either opens the email or previews it, the attacker could execute remote code on the victim’s machine.
Microsoft advises users to read all messages in plain text format to mitigate this vulnerability.
List of Critical Vulnerabilities Patched in May 2023 Patch Tuesday
Here are the 6 critical vulnerabilities patched by Microsoft in May 2023 Patch Tuesday.
Complete List of Vulnerabilities Patched in May 2023 Patch Tuesday Are:
You can download the complete list of patched vulnerabilities from here.
Our aim is to inform you about the February 2023 Patch Tuesday report released by Microsoft on May 9th, 2023. We encourage you to share this post to help enhance digital security. You can also subscribe to our social media pages on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium & Instagram to receive similar updates.
This post is originally published at thesecmaster.com
We thank everybody who has been supporting our work and request you check out thesecmaster.com for more such articles.
