Patch Tuesday Review – May 2023

Patch Tuesday Image blog

Welcome to our summary of the May 2023 Microsoft Patch Tuesday. We have tabulated the vulnerabilities that the latest patches from Microsoft fix, so that you can easily export them for use in your vulnerability management program.

Prism users have already benefited from the platform’s Active Exploit Detection, which automatically alerts you to active exploits affecting issues within your estate.

Microsoft Patch Tuesday May 2023

Microsoft’s May 2023 Patch Tuesday announces fixes for 38 issues, including fixes for 3 zero day vulnerability.

6 of the 38 vulnerabilities are Critical as they allow remote code execution.

This update contains 8 Elevation of Privilege Vulnerabilities, 4 Security Feature Bypass Vulnerabilities, 12 Remote Code Execution Vulnerabilities, 8 Information Disclosure Vulnerabilities, 5 Denial of Service Vulnerabilities, and 1 Spoofing Vulnerabilities.

Want to be instantly alerted to high risk vulnerabilities in your estate?

Three Zero-Day Vulnerabilities Fixed

The zero-day vulnerabilities fixed in May’s Patch Tuesday update are:

  • CVE-2023-29336 – Win32k Elevation of Privilege Vulnerability

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

  • CVE-2023-24932 – Secure Boot Security Feature Bypass Vulnerability

To exploit the vulnerability, an attacker who has physical access or Administrative rights to a target device could install an affected boot policy.

  • CVE-2023-29325 – Windows OLE Remote Code Execution Vulnerability

In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted email to the victim.

Generated by wpDataTables


source https://www.rootshellsecurity.net/patch-tuesday-review-may-2023/

Comments