- 5 biggest Linux and open-source stories of 2024: From AI arguments to security close calls
- Trump taps Sriram Krishnan for AI advisor role amid strategic shift in tech policy
- Interpol Identifies Over 140 Human Traffickers in New Initiative
- 5 network automation startups to watch
- The State of Security in 2024: The Fortra Experts Take a Look
VERT Threat Alert: May 2023 Patch Tuesday Analysis
Today’s VERT Alert addresses Microsoft’s May 2023 Security Updates, which include a new release notes format. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1055 on Wednesday, May 10th.
In-The-Wild & Disclosed CVEs
Up first this month is a vulnerability reported by Avast in Win32k. This vulnerability could allow an authenticated attacker to elevate their privileges to SYSTEM. This vulnerability has seen active exploitation.
This vulnerability allows an attacker with physical access or Administrative rights to install a boot policy that could allow the attacker to bypass Secure Boot. This vulnerability has been publicly disclosed as well as being actively exploited by the BlackLotus UEFI bootkit. It was reported to Microsoft by both ESET, who wrote about BlackLotus in March, and SentinelOne. After installing the security update, there are additional steps that must be undertaken to mitigate this vulnerability as detailed in KB5025885.
The final vulnerability in this category this month is CVE-2023-29325, a code execution vulnerability reported by Will Dormann. According to Dormann, a pair of CLSIDs referenced as a COM object in Rich Text email caused a denial of service in Outlook, which he reported to Microsoft for further investigation. According to Microsoft, the vulnerability has been publicly disclosed but not actively exploited. Microsoft has provided a recommended workaround of reading email messages in plain text until you can apply the patch.
CVE Breakdown by Tag
While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis. Vulnerabilities are also colour coded to aid with identifying key issues.
- Traditional Software
- Mobile Software
- Cloud or Cloud Adjacent
- Vulnerabilities that are being exploited or that have been disclosed will be highlighted.
Tag |
CVE Count |
CVEs |
Windows Installer |
1 |
CVE-2023-24904 |
Windows Secure Socket Tunneling Protocol (SSTP) |
1 |
CVE-2023-24903 |
Microsoft Office Word |
1 |
CVE-2023-29335 |
Windows iSCSI Target Service |
1 |
CVE-2023-24945 |
Remote Desktop Client |
1 |
CVE-2023-24905 |
SysInternals |
1 |
CVE-2023-29343 |
Windows Secure Boot |
2 |
CVE-2023-24932, CVE-2023-28251 |
Windows Network File System |
1 |
CVE-2023-24941 |
Microsoft Office SharePoint |
3 |
CVE-2023-24950, CVE-2023-24954, CVE-2023-24955 |
Windows PGM |
2 |
CVE-2023-24940, CVE-2023-24943 |
Microsoft Windows Codecs Library |
2 |
CVE-2023-29340, CVE-2023-29341 |
Visual Studio Code |
1 |
CVE-2023-29338 |
Microsoft Teams |
1 |
CVE-2023-24881 |
Microsoft Office Excel |
1 |
CVE-2023-24953 |
Microsoft Graphics Component |
1 |
CVE-2023-24899 |
Windows Kernel |
1 |
CVE-2023-24949 |
Microsoft Bluetooth Driver |
3 |
CVE-2023-24944, CVE-2023-24947, CVE-2023-24948 |
Windows RDP Client |
1 |
CVE-2023-28290 |
Windows NFS Portmapper |
2 |
CVE-2023-24939, CVE-2023-24901 |
Windows Remote Procedure Call Runtime |
1 |
CVE-2023-24942 |
Windows NTLM |
1 |
CVE-2023-24900 |
Windows MSHTML Platform |
1 |
CVE-2023-29324 |
Windows OLE |
1 |
CVE-2023-29325 |
Windows Backup Engine |
1 |
CVE-2023-24946 |
Windows Win32K |
2 |
CVE-2023-24902, CVE-2023-29336 |
Microsoft Office Access |
1 |
CVE-2023-29333 |
Microsoft Office |
1 |
CVE-2023-29344 |
Microsoft Edge (Chromium-based) |
11 |
CVE-2023-2459, CVE-2023-2460, CVE-2023-2462, CVE-2023-2463, CVE-2023-2464, CVE-2023-2465, CVE-2023-2466, CVE-2023-2467, CVE-2023-2468, CVE-2023-29350, CVE-2023-29354 |
Windows LDAP – Lightweight Directory Access Protocol |
1 |
CVE-2023-28283 |
Windows SMB |
1 |
CVE-2023-24898 |
Other Information
At the time of publication, there were no new advisories included with the May Security Guidance.