Windows 11 Patch Tuesday (May 2023)

Taosd

Well-Known Member
Today is Microsoft's May 2023 Patch Tuesday, and security updates fix three zero-day vulnerabilities and a total of 38 flaws.

Six vulnerabilities are classified as 'Critical' as they allow remote code execution, the most severe type of vulnerability.

The number of bugs in each vulnerability category is listed below:

  • 8 Elevation of Privilege Vulnerabilities
  • 4 Security Feature Bypass Vulnerabilities
  • 12 Remote Code Execution Vulnerabilities
  • 8 Information Disclosure Vulnerabilities
  • 5 Denial of Service Vulnerabilities
  • 1 Spoofing Vulnerability
Today's Patch Tuesday is one of the smallest in terms of resolved vulnerabilities, with only thirty-eight vulnerabilities fixed, not including eleven Microsoft Edge vulnerabilities fixed last week, on May 5th.

To learn more about the non-security updates released today, you can review our dedicated articles on the new Windows 11 KB5026372 cumulative update and Windows 10 KB5026361 and KB5026362 updates.

Three zero-days fixed​

This month's Patch Tuesday fixes three zero-day vulnerabilities, with two exploited in attacks and another publicly disclosed.

Microsoft classifies a vulnerability as a zero-day if it is publicly disclosed or actively exploited with no official fix available.

The two actively exploited zero-day vulnerabilities in today's updates are:

CVE-2023-29336 - Win32k Elevation of Privilege Vulnerability
Microsoft has fixed a privilege elevation vulnerability in the Win32k Kernel driver that elevates privileges to SYSTEM, Windows' highest user privilege level.
"An attacker who successfully exploited this vulnerability could gain SYSTEM privileges," reads Microsoft's advisory.
While Microsoft reports that the bug is actively exploited, there are no details on how it was abused.
Microsoft says that Jan Vojtešek, Milánek, and Luigino Camastra with Avast discovered the vulnerability.
CVE-2023-24932 - Secure Boot Security Feature Bypass Vulnerability
Microsoft has fixed a Secure Boot bypass flaw used by a threat actor to install the BlackLotus UEFI bootkit.
"To exploit the vulnerability, an attacker who has physical access or Administrative rights to a target device could install an affected boot policy," reads Microsoft's advisory.
UEFI bootkits are malware planted in the system firmware and are invisible to security software running within the operating system because the malware loads in the initial stage of the booting sequence.
Since October 2022, a threat actor has been selling the BlackLotus bootkit on hacker forums and continues to evolve its features. For example, in March, ESET reported that the developed improved the malware to bypass Secure Boot even on fully patched Windows 11 operating systems.
Microsoft released guidance last month on how to detect BlackLotus UEFI bootkit attacks. With today's Patch Tuesday, Microsoft fixed the vulnerability used by the bootkit but has not enabled it by default.
"The security update addresses the vulnerability by updating the Windows Boot Manager, but is not enabled by default," explains Microsoft's advisory.
"Additional steps are required at this time to mitigate the vulnerability. Please refer to the following for steps to determine impact on your environment: KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932."
Microsoft says this vulnerability is a bypass for the previously fixed CVE-2022-21894 vulnerability.
Microsoft has also released security update for one publicly disclosed zero-day vulnerabilities that was not actively exploited.

CVE-2023-29325 - Windows OLE Remote Code Execution Vulnerability
Microsoft has fixed a Windows OLE flaw in Microsoft Outlook that can be exploited using specially crafted emails.
"In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted email to the victim," warns Microsoft's advisory.
"Exploitation of the vulnerability might involve either a victim opening a specially crafted email with an affected version of Microsoft Outlook software, or a victim's Outlook application displaying a preview of a specially crafted email."
"This could result in the attacker executing remote code on the victim's machine."
However, an attacker must win a 'race' condition and take additional actions to exploit the flaw successfully.
Microsoft says that users can mitigate this vulnerability by reading all messages in plain text format.
Will Dormann of Vuln Labs discovered the vulnerability.

Recent updates from other companies​

Other vendors who released updates or advisories in May 2023 include:

The May 2023 Patch Tuesday Security Updates​

Below is the complete list of resolved vulnerabilities in the May 2023 Patch Tuesday updates.

To access the full description of each vulnerability and the systems it affects, you can view the full report here.

TagCVE IDCVE TitleSeverity
Microsoft Bluetooth DriverCVE-2023-24947Windows Bluetooth Driver Remote Code Execution VulnerabilityImportant
Microsoft Bluetooth DriverCVE-2023-24948Windows Bluetooth Driver Elevation of Privilege VulnerabilityImportant
Microsoft Bluetooth DriverCVE-2023-24944Windows Bluetooth Driver Information Disclosure VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2023-29354Microsoft Edge (Chromium-based) Security Feature Bypass VulnerabilityModerate
Microsoft Edge (Chromium-based)CVE-2023-2468Chromium: CVE-2023-2468 Inappropriate implementation in PictureInPictureUnknown
Microsoft Edge (Chromium-based)CVE-2023-2459Chromium: CVE-2023-2459 Inappropriate implementation in PromptsUnknown
Microsoft Edge (Chromium-based)CVE-2023-29350Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2023-2467Chromium: CVE-2023-2467 Inappropriate implementation in PromptsUnknown
Microsoft Edge (Chromium-based)CVE-2023-2463Chromium: CVE-2023-2463 Inappropriate implementation in Full Screen ModeUnknown
Microsoft Edge (Chromium-based)CVE-2023-2462Chromium: CVE-2023-2462 Inappropriate implementation in PromptsUnknown
Microsoft Edge (Chromium-based)CVE-2023-2460Chromium: CVE-2023-2460 Insufficient validation of untrusted input in ExtensionsUnknown
Microsoft Edge (Chromium-based)CVE-2023-2465Chromium: CVE-2023-2465 Inappropriate implementation in CORSUnknown
Microsoft Edge (Chromium-based)CVE-2023-2466Chromium: CVE-2023-2466 Inappropriate implementation in PromptsUnknown
Microsoft Edge (Chromium-based)CVE-2023-2464Chromium: CVE-2023-2464 Inappropriate implementation in PictureInPictureUnknown
Microsoft Graphics ComponentCVE-2023-24899Windows Graphics Component Elevation of Privilege VulnerabilityImportant
Microsoft OfficeCVE-2023-29344Microsoft Office Remote Code Execution VulnerabilityImportant
Microsoft Office AccessCVE-2023-29333Microsoft Access Denial of Service VulnerabilityImportant
Microsoft Office ExcelCVE-2023-24953Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2023-24955Microsoft SharePoint Server Remote Code Execution VulnerabilityCritical
Microsoft Office SharePointCVE-2023-24954Microsoft SharePoint Server Information Disclosure VulnerabilityImportant
Microsoft Office SharePointCVE-2023-24950Microsoft SharePoint Server Spoofing VulnerabilityImportant
Microsoft Office WordCVE-2023-29335Microsoft Word Security Feature Bypass VulnerabilityImportant
Microsoft TeamsCVE-2023-24881Microsoft Teams Information Disclosure VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2023-29340AV1 Video Extension Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2023-29341AV1 Video Extension Remote Code Execution VulnerabilityImportant
Remote Desktop ClientCVE-2023-24905Remote Desktop Client Remote Code Execution VulnerabilityImportant
SysInternalsCVE-2023-29343SysInternals Sysmon for Windows Elevation of Privilege VulnerabilityImportant
Visual Studio CodeCVE-2023-29338Visual Studio Code Information Disclosure VulnerabilityImportant
Windows Backup EngineCVE-2023-24946Windows Backup Service Elevation of Privilege VulnerabilityImportant
Windows InstallerCVE-2023-24904Windows Installer Elevation of Privilege VulnerabilityImportant
Windows iSCSI Target ServiceCVE-2023-24945Windows iSCSI Target Service Information Disclosure VulnerabilityImportant
Windows KernelCVE-2023-24949Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows LDAP - Lightweight Directory Access ProtocolCVE-2023-28283Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution VulnerabilityCritical
Windows MSHTML PlatformCVE-2023-29324Windows MSHTML Platform Security Feature Bypass VulnerabilityImportant
Windows Network File SystemCVE-2023-24941Windows Network File System Remote Code Execution VulnerabilityCritical
Windows NFS PortmapperCVE-2023-24901Windows NFS Portmapper Information Disclosure VulnerabilityImportant
Windows NFS PortmapperCVE-2023-24939Server for NFS Denial of Service VulnerabilityImportant
Windows NTLMCVE-2023-24900Windows NTLM Security Support Provider Information Disclosure VulnerabilityImportant
Windows OLECVE-2023-29325Windows OLE Remote Code Execution VulnerabilityCritical
Windows PGMCVE-2023-24940Windows Pragmatic General Multicast (PGM) Denial of Service VulnerabilityImportant
Windows PGMCVE-2023-24943Windows Pragmatic General Multicast (PGM) Remote Code Execution VulnerabilityCritical
Windows RDP ClientCVE-2023-28290Microsoft Remote Desktop app for Windows Information Disclosure VulnerabilityImportant
Windows Remote Procedure Call RuntimeCVE-2023-24942Remote Procedure Call Runtime Denial of Service VulnerabilityImportant
Windows Secure BootCVE-2023-28251Windows Driver Revocation List Security Feature Bypass VulnerabilityImportant
Windows Secure BootCVE-2023-24932Secure Boot Security Feature Bypass VulnerabilityImportant
Windows Secure Socket Tunneling Protocol (SSTP)CVE-2023-24903Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution VulnerabilityCritical
Windows SMBCVE-2023-24898Windows SMB Denial of Service VulnerabilityImportant
Windows Win32KCVE-2023-29336Win32k Elevation of Privilege VulnerabilityImportant
Windows Win32KCVE-2023-24902Win32k Elevation of Privilege VulnerabilityImportant
 
Back
Top