Microsoft Patch Tuesday for May 2023 fixed 2 actively exploited zero-day flaws

Microsoft Patch Tuesday Security updates for May 2023 address a total of 40 vulnerabilities, including two zero-day actively exploited in attacks.

Microsoft’s May 2023 security updates address 40 vulnerabilities, including two zero-day flaws actively exploited in attacks. The flaws affect Microsoft Windows and Windows Components; Office and Office Components; Microsoft Edge (Chromium-based); SharePoint Server; Visual Studio; SysInternals; and Microsoft Teams.

Seven of the addressed vulnerabilities are rated Critical and 31 are rated Important in severity.

The two actively exploited zero-day vulnerabilities addressed with the relaese of Patch Tuesday Security updates for May 2023 are:

CVE-2023-29336 (CVSS 7.8) – Win32k Elevation of Privilege Vulnerability. This vulnerability is actively exploited in attacks. The flaw can be chained with a code execution bug to spread malware. The vulnerability was reported by researchers Jan Vojtěšek, Milánek, and Luigino Camastra from Avast Antivirus firm, a circumstance that suggests it was used as part of an exploit chain to deliver malware.

“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.” reads the advisory.

CVE-2023-24932 (CVSS 6.7) – Secure Boot Security Feature Bypass Vulnerability. An attacker with physical access or Administrative rights to a target device could install an affected boot policy and bypass Secure Boot. The flaw was reported by Martin Smolar from ESET and Tomer Sne-or from SentinelOne.

Threat actors were spotted exploiting this flaw to install the BlackLotus UEFI bootkit.

“To exploit the vulnerability, an attacker who has physical access or Administrative rights to a target device could install an affected boot policy,” reads Microsoft’s advisory.

The most severe vulnerabilities addressed by Microsoft are:

CVE-2023-24941 (CVSS 9.8) – Windows Network File System Remote Code Execution Vulnerability.
CVE-2023-24943 (CVSS 9.8) – Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability.

Microsoft also addressed a remote code execution flaw in SharePoint Server, tracked as CVE-2023-24955, that was demonstrated by the Star Labs team at the Pwn2Own Vancouver 2023 exploit contest. The flaw was part of an exploit chain used to obtain code execution on the target server.

We are in the final!

Please vote for Security Affairs (https://securityaffairs.com/) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections where is reported Securityaffairs or my name Pierluigi Paganini

Please nominate Security Affairs as your favorite blog.

Nominate Pierluigi Paganini and Security Affairs here here: https://docs.google.com/forms/d/e/1FAIpQLSepvnj8b7QzMdLh7vWEDQDqohjBUsHyn3x3xRdYGCetwVy2DA/viewform

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Microsoft)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.