Patch Tuesday – 6 critical CVEs & 3 zero-day vulnerabilities
Microsoft has released patches for 38 vulnerabilities in the May Patch Tuesday rollout. Out of all patches released, 6 are rated as critical while the remaining are classified as Important. This Patch Tuesday fixes three zero-day vulnerabilities, two being exploited in the wild and another one being publicly disclosed. Microsoft classifies a vulnerability as a zero-day if it is publicly disclosed or actively exploited with no official fix available.
Let’s take a closer look at the most interesting updates for this month.
Zero-day Vulnerabilities Patched in May Patch Tuesday
Win32k Elevation of Privilege Vulnerability
- CVE-2023-29336 is a privilege elevation vulnerability that exists in Win32k, a Windows Core Library, and is known to be exploited in the wild. An attacker with local access may exploit this vulnerability in a low-complexity attack without needing any privileges and can elevate privileges to SYSTEM on the target. CISA has added this vulnerability to its Known Exploited Vulnerability Catalog and requests that users patch it before May 30, 2023.
Secure Boot Security Feature Bypass Vulnerability
- CVE-2023-24932 is a Secure boot bypass flaw - “To exploit the vulnerability, an attacker who has physical access or Administrative rights to a target device could install an affected boot policy” according to Microsoft’s advisory. Secure boot is a crucial security feature that helps prevent malicious software from loading while the computer boots. On successful exploitation, an attacker can bypass this feature.
Windows OLE Remote Code Execution Vulnerability
- CVE-2023-29325 is a vulnerability affecting OLE (Object Linking and Embedding), a mechanism to help users create and edit documents containing objects made by multiple applications such as sound clips, spreadsheets, bitmaps. For successful exploitation of this vulnerability an attacker should win a race condition and take additional actions before exploitation. An attacker could exploit this vulnerability in an email attacker by sending a specially crafted email. A user may be tricked into opening a specifically crafted email using an affected version of Outlook, for instance. As a result, an attacker may perform remote code execution on the target computer.
Runecast covers all the 28 vulnerabilities that affect Windows operating systems and details of these vulnerabilities are shown below.
Important | Windows Bluetooth Driver Remote Code Execution Vulnerability
CVE-2023-24947 Microsoft Bluetooth Driver RCE
Important | Windows Bluetooth Driver Elevation of Privilege Vulnerability
CVE-2023-24948 Microsoft Bluetooth Driver EoP
Important | Windows Bluetooth Driver Information Disclosure Vulnerability
CVE-2023-24944 Microsoft Bluetooth Driver ID
Important | Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2023-24899 Microsoft Graphics Component EoP
Important | AV1 Video Extension Remote Code Execution Vulnerability
CVE-2023-29340 Microsoft Windows Codecs Library RCE
Important | AV1 Video Extension Remote Code Execution Vulnerability
CVE-2023-29341 Microsoft Windows Codecs Library RCE
Important | Remote Desktop Client Remote Code Execution Vulnerability
CVE-2023-24905 Remote Desktop Client RCE
Important | Windows Backup Service Elevation of Privilege Vulnerability
CVE-2023-24946 Windows Backup Engine EoP
Important | Windows Installer Elevation of Privilege Vulnerability
CVE-2023-24904 Windows Installer EoP
Important | Windows iSCSI Target Service Information Disclosure Vulnerability
CVE-2023-24945 Windows iSCSI Target Service ID
Important | Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-24949 Windows Kernel EoP
⭕ Critical | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
CVE-2023-28283 Windows LDAP - Lightweight Directory Access Protocol RCE
Important | Windows MSHTML Platform Security Feature Bypass Vulnerability
CVE-2023-29324 Windows MSHTML Platform SFB
⭕ Critical | Windows Network File System Remote Code Execution Vulnerability
CVE-2023-24941 Windows Network File System ID
Important | Windows NFS Portmapper Information Disclosure Vulnerability
CVE-2023-24901 Windows NFS Portmapper ID
Important | Server for NFS Denial of Service Vulnerability
CVE-2023-24939 Windows NFS Portmapper DoS
Important | Windows NTLM Security Support Provider Information Disclosure Vulnerability
CVE-2023-24900 Windows NTLM ID
⭕ Critical | Windows OLE Remote Code Execution Vulnerability
CVE-2023-29325 Windows OLE RCE
Important | Windows Pragmatic General Multicast (PGM) Denial of Service Vulnerability
CVE-2023-24940 Windows PGM DoS
⭕ Critical | Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
CVE-2023-24943 Windows PGM RCE
Important | Microsoft Remote Desktop app for Windows Information Disclosure Vulnerability
CVE-2023-28290 Windows RDP Client ID
Important | Remote Procedure Call Runtime Denial of Service Vulnerability
CVE-2023-24942 Windows Remote Procedure Call Runtime DoS
Important | Windows Driver Revocation List Security Feature Bypass Vulnerability
CVE-2023-28251 Windows Secure Boot SFB
Important | Secure Boot Security Feature Bypass Vulnerability
CVE-2023-24932 Windows Secure Boot SFB
⭕ Critical | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
CVE-2023-24903 Windows Secure Socket Tunneling Protocol (SSTP) RCE
Important | Windows SMB Denial of Service Vulnerability
CVE-2023-24898 Windows SMB DoS
Important | Win32k Elevation of Privilege Vulnerability
CVE-2023-29336 Windows Win32K EoP
Important | Win32k Elevation of Privilege Vulnerability
CVE-2023-24902 Windows Win32K EoP
Meet other Runecasters here:
Run Secure and Compliant Workloads Anywhere
Detect and assess risks and be fully compliant in minutes.