Patch Tuesday Review – May 2023

Welcome to our summary of the May 2023 Microsoft Patch Tuesday. We have tabulated the vulnerabilities that the latest patches from Microsoft fix, so that you can easily export them for use in your vulnerability management program.

Prism users have already benefited from the platform’s Active Exploit Detection, which automatically alerts you to active exploits affecting issues within your estate.

Microsoft Patch Tuesday May 2023

Microsoft’s May 2023 Patch Tuesday announces fixes for 38 issues, including fixes for 3 zero day vulnerability.

6 of the 38 vulnerabilities are Critical as they allow remote code execution.

This update contains 8 Elevation of Privilege Vulnerabilities, 4 Security Feature Bypass Vulnerabilities, 12 Remote Code Execution Vulnerabilities, 8 Information Disclosure Vulnerabilities, 5 Denial of Service Vulnerabilities, and 1 Spoofing Vulnerabilities.

Want to be instantly alerted to high risk vulnerabilities in your estate?

Book Your Prism Demo

Three Zero-Day Vulnerabilities Fixed

The zero-day vulnerabilities fixed in May’s Patch Tuesday update are:

• CVE-2023-29336 – Win32k Elevation of Privilege Vulnerability

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

• CVE-2023-24932 – Secure Boot Security Feature Bypass Vulnerability

To exploit the vulnerability, an attacker who has physical access or Administrative rights to a target device could install an affected boot policy.

• CVE-2023-29325 – Windows OLE Remote Code Execution Vulnerability

In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted email to the victim.

CVE Number	CVE Title	Impact	Max Severity
CVE-2023-29325	Windows OLE Remote Code Execution Vulnerability	Remote Code Execution	Critical
CVE-2023-28283	Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability	Remote Code Execution	Critical
CVE-2023-24955	Microsoft SharePoint Server Remote Code Execution Vulnerability	Remote Code Execution	Critical
CVE-2023-24943	Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability	Remote Code Execution	Critical
CVE-2023-24941	Windows Network File System Remote Code Execution Vulnerability	Remote Code Execution	Critical
CVE-2023-24903	Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability	Remote Code Execution	Critical
CVE-2023-29344	Microsoft Office Remote Code Execution Vulnerability	Remote Code Execution	Important
CVE-2023-29343	SysInternals Sysmon for Windows Elevation of Privilege Vulnerability	Elevation of Privilege	Important
CVE-2023-29341	AV1 Video Extension Remote Code Execution Vulnerability	Remote Code Execution	Important
CVE-2023-29340	AV1 Video Extension Remote Code Execution Vulnerability	Remote Code Execution	Important
CVE-2023-29338	Visual Studio Code Information Disclosure Vulnerability	Information Disclosure	Important
CVE-2023-29336	Win32k Elevation of Privilege Vulnerability	Elevation of Privilege	Important
CVE-2023-29335	Microsoft Word Security Feature Bypass Vulnerability	Security Feature Bypass	Important
CVE-2023-29333	Microsoft Access Denial of Service Vulnerability	Denial of Service	Important
CVE-2023-29324	Windows MSHTML Platform Security Feature Bypass Vulnerability	Security Feature Bypass	Important
CVE-2023-28290	Microsoft Remote Desktop app for Windows Information Disclosure Vulnerability	Information Disclosure	Important
CVE-2023-28251	Windows Driver Revocation List Security Feature Bypass Vulnerability	Security Feature Bypass	Important
CVE-2023-24954	Microsoft SharePoint Server Information Disclosure Vulnerability	Information Disclosure	Important
CVE-2023-24953	Microsoft Excel Remote Code Execution Vulnerability	Remote Code Execution	Important
CVE-2023-24950	Microsoft SharePoint Server Spoofing Vulnerability	Spoofing	Important
CVE-2023-24949	Windows Kernel Elevation of Privilege Vulnerability	Elevation of Privilege	Important
CVE-2023-24948	Windows Bluetooth Driver Elevation of Privilege Vulnerability	Elevation of Privilege	Important
CVE-2023-24947	Windows Bluetooth Driver Remote Code Execution Vulnerability	Remote Code Execution	Important
CVE-2023-24946	Windows Backup Service Elevation of Privilege Vulnerability	Elevation of Privilege	Important
CVE-2023-24945	Windows iSCSI Target Service Information Disclosure Vulnerability	Information Disclosure	Important
CVE-2023-24944	Windows Bluetooth Driver Information Disclosure Vulnerability	Information Disclosure	Important
CVE-2023-24942	Remote Procedure Call Runtime Denial of Service Vulnerability	Denial of Service	Important
CVE-2023-24940	Windows Pragmatic General Multicast (PGM) Denial of Service Vulnerability	Denial of Service	Important
CVE-2023-24939	Server for NFS Denial of Service Vulnerability	Denial of Service	Important
CVE-2023-24932	Secure Boot Security Feature Bypass Vulnerability	Security Feature Bypass	Important
CVE-2023-24905	Remote Desktop Client Remote Code Execution Vulnerability	Remote Code Execution	Important
CVE-2023-24904	Windows Installer Elevation of Privilege Vulnerability	Elevation of Privilege	Important
CVE-2023-24902	Win32k Elevation of Privilege Vulnerability	Elevation of Privilege	Important
CVE-2023-24901	Windows NFS Portmapper Information Disclosure Vulnerability	Information Disclosure	Important
CVE-2023-24900	Windows NTLM Security Support Provider Information Disclosure Vulnerability	Information Disclosure	Important
CVE-2023-24899	Windows Graphics Component Elevation of Privilege Vulnerability	Elevation of Privilege	Important
CVE-2023-24898	Windows SMB Denial of Service Vulnerability	Denial of Service	Important
CVE-2023-24881	Microsoft Teams Information Disclosure Vulnerability	Information Disclosure	Important

Generated by wpDataTables

source https://www.rootshellsecurity.net/patch-tuesday-review-may-2023/