Pierluigi Paganini May 10, 2023

Microsoft Patch Tuesday Security updates for May 2023 address a total of 40 vulnerabilities, including two zero-day actively exploited in attacks.

Microsoft’s May 2023 security updates address 40 vulnerabilities, including two zero-day flaws actively exploited in attacks. The flaws affect Microsoft Windows and Windows Components; Office and Office Components; Microsoft Edge (Chromium-based); SharePoint Server; Visual Studio; SysInternals; and Microsoft Teams.

Seven of the addressed vulnerabilities are rated Critical and 31 are rated Important in severity.

The two actively exploited zero-day vulnerabilities addressed with the relaese of Patch Tuesday Security updates for May 2023 are:

CVE-2023-29336 (CVSS 7.8) – Win32k Elevation of Privilege Vulnerability. This vulnerability is actively exploited in attacks. The flaw can be chained with a code execution bug to spread malware. The vulnerability was reported by researchers Jan Vojtěšek, Milánek, and Luigino Camastra from Avast Antivirus firm, a circumstance that suggests it was used as part of an exploit chain to deliver malware.

“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.” reads the advisory.

CVE-2023-24932 (CVSS 6.7) – Secure Boot Security Feature Bypass Vulnerability. An attacker with physical access or Administrative rights to a target device could install an affected boot policy and bypass Secure Boot. The flaw was reported by Martin Smolar from ESET and Tomer Sne-or from SentinelOne.

Threat actors were spotted exploiting this flaw to install the BlackLotus UEFI bootkit.

“To exploit the vulnerability, an attacker who has physical access or Administrative rights to a target device could install an affected boot policy,” reads Microsoft’s advisory.

The most severe vulnerabilities addressed by Microsoft are:

• CVE-2023-24941 (CVSS 9.8) – Windows Network File System Remote Code Execution Vulnerability.
• CVE-2023-24943 (CVSS 9.8) – Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability.

Microsoft also addressed a remote code execution flaw in SharePoint Server, tracked as CVE-2023-24955, that was demonstrated by the Star Labs team at the Pwn2Own Vancouver 2023 exploit contest. The flaw was part of an exploit chain used to obtain code execution on the target server.

We are in the final!

Please vote for Security Affairs (https://securityaffairs.com/) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections where is reported Securityaffairs or my name Pierluigi Paganini

Please nominate Security Affairs as your favorite blog.

Nominate Pierluigi Paganini and Security Affairs here here: https://docs.google.com/forms/d/e/1FAIpQLSepvnj8b7QzMdLh7vWEDQDqohjBUsHyn3x3xRdYGCetwVy2DA/viewform

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Microsoft)