Microsoft Releases May 2023 Security Updates

Scheduled updates for Microsoft products, including security updates for three zero-day vulnerabilities

Threat ID:: CC-4317
Threat Severity:: Medium
Published:: 10 May 2023 4:30 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Scheduled updates for Microsoft products, including security updates for three zero-day vulnerabilities

Affected platforms

The following platforms are known to be affected:

Microsoft Edge

Microsoft Office

Microsoft Access

Microsoft Office Excel

Microsoft Office Sharepoint

Microsoft Word

Microsoft Teams

The following platforms are also known to be affected:

Microsoft Bluetooth Driver
Microsoft Graphics Component
Microsoft Windows Codecs Library
Remote Desktop Client
SysInternals
Visual Studio Code
Windows Backup Engine
Windows Installer
Windows iSCSI Target Service
Windows Kernel
Windows LDAP - Lightweight Directory Access Protocol
Windows MSHTML Platform
Windows Network File System
Windows NFS Portmapper
Windows NTLM
Windows OLE
Windows PGM
Windows RDP Client
Windows Remote Procedure Call Runtime
Windows Secure Boot
Windows Secure Socket Tunneling Protocol (SSTP)
Windows SMB
Windows Win32K

Threat details

Introduction

Microsoft has released security updates to address 41 vulnerabilities across their products, with 6 of them rated as critical and 3 reported as zero-day vulnerabilities. An unauthenticated, remote attacker could exploit some of these vulnerabilities to take control of an affected system.

Known exploitation of CVE-2023-29336 and CVE-2023-24932

Microsoft has released updates for a zero-day vulnerability that has been added to CISA's Known Exploited Vulnerabilities Catalog. The vulnerability referred to as CVE-2023-29336 is a privilege escalation vulnerability in the Win32k Kernel driver.

The vulnerability known as CVE-2023-24932 is a secure boot security feature bypass vulnerability, which has also been observed being actively exploited to install a malicious bootkit.

Exploitation of CVE-2023-29325 and CVE-2023-24955 more likely

Microsoft have reported that CVE-2023-29325 is more likely to be exploited. This vulnerability in Microsoft Outlook could lead to remote code execution (RCE). A remote attacker could exploit this vulnerability by sending a specially crafted email to an affected system.

A proof-of-concept has been published for the privilege escalation vulnerability CVE-2023-29357. If it was chained together with RCE vulnerability CVE-2023-24955, an attacker could combine the vulnerabilities to achieve unauthenticated remote code execution in SharePoint.

Threat updates

Date	Update
3 Oct 2023	CVE-2023-24955 could be used in exploit chain with CVE-2023-29357 to achieve RCE This cyber alert has been updated to reflect the possibility of CVE-2023-24955 being used in an exploit chain with CVE-2023-29357 to achieve unauthenticated RCE.

Remediation advice

Affected organisations are encouraged to review Microsoft’s May 2023 Security Update Summary and Deployment Information and apply the relevant updates.