VERT Threat Alert: May 2023 Patch Tuesday Analysis


Today’s VERT Alert addresses Microsoft’s May 2023 Security Updates, which include a new release notes format. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1055 on Wednesday, May 10th.

In-The-Wild & Disclosed CVEs

CVE-2023-29336

Up first this month is a vulnerability reported by Avast in Win32k. This vulnerability could allow an authenticated attacker to elevate their privileges to SYSTEM. This vulnerability has seen active exploitation.

CVE-2023-24932

This vulnerability allows an attacker with physical access or Administrative rights to install a boot policy that could allow the attacker to bypass Secure Boot. This vulnerability has been publicly disclosed as well as being actively exploited by the BlackLotus UEFI bootkit. It was reported to Microsoft by both ESET, who wrote about BlackLotus in March, and SentinelOne. After installing the security update, there are additional steps that must be undertaken to mitigate this vulnerability as detailed in KB5025885.

CVE-2023-29325

The final vulnerability in this category this month is CVE-2023-29325, a code execution vulnerability reported by Will Dormann. According to Dormann, a pair of CLSIDs referenced as a COM object in Rich Text email caused a denial of service in Outlook, which he reported to Microsoft for further investigation. According to Microsoft, the vulnerability has been publicly disclosed but not actively exploited. Microsoft has provided a recommended workaround of reading email messages in plain text until you can apply the patch.

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis. Vulnerabilities are also colour coded to aid with identifying key issues.

  • Traditional Software
  • Mobile Software
  • Cloud or Cloud Adjacent
  • Vulnerabilities that are being exploited or that have been disclosed will be highlighted.

 

Tag

CVE Count

CVEs

Windows Installer

1

CVE-2023-24904

Windows Secure Socket Tunneling Protocol (SSTP)

1

CVE-2023-24903

Microsoft Office Word

1

CVE-2023-29335

Windows iSCSI Target Service

1

CVE-2023-24945

Remote Desktop Client

1

CVE-2023-24905

SysInternals

1

CVE-2023-29343

Windows Secure Boot

2

CVE-2023-24932, CVE-2023-28251

Windows Network File System

1

CVE-2023-24941

Microsoft Office SharePoint

3

CVE-2023-24950, CVE-2023-24954, CVE-2023-24955

Windows PGM

2

CVE-2023-24940, CVE-2023-24943

Microsoft Windows Codecs Library

2

CVE-2023-29340, CVE-2023-29341

Visual Studio Code

1

CVE-2023-29338

Microsoft Teams

1

CVE-2023-24881

Microsoft Office Excel

1

CVE-2023-24953

Microsoft Graphics Component

1

CVE-2023-24899

Windows Kernel

1

CVE-2023-24949

Microsoft Bluetooth Driver

3

CVE-2023-24944, CVE-2023-24947, CVE-2023-24948

Windows RDP Client

1

CVE-2023-28290

Windows NFS Portmapper

2

CVE-2023-24939, CVE-2023-24901

Windows Remote Procedure Call Runtime

1

CVE-2023-24942

Windows NTLM

1

CVE-2023-24900

Windows MSHTML Platform

1

CVE-2023-29324

Windows OLE

1

CVE-2023-29325

Windows Backup Engine

1

CVE-2023-24946

Windows Win32K

2

CVE-2023-24902, CVE-2023-29336

Microsoft Office Access

1

CVE-2023-29333

Microsoft Office

1

CVE-2023-29344

Microsoft Edge (Chromium-based)

11

CVE-2023-2459, CVE-2023-2460, CVE-2023-2462, CVE-2023-2463, CVE-2023-2464, CVE-2023-2465, CVE-2023-2466, CVE-2023-2467, CVE-2023-2468, CVE-2023-29350, CVE-2023-29354

Windows LDAP – Lightweight Directory Access Protocol

1

CVE-2023-28283

Windows SMB

1

CVE-2023-24898

Other Information

At the time of publication, there were no new advisories included with the May Security Guidance.

 

 

 





Source link