- ITDM 2025 전망 | “비전을 품은 기술 투자, 모두가 주춤한 시기에 진가 발휘할 것” 컬리 박성철 본부장
- 최형광 칼럼 | 2025 CES @혁신기술 리터러시
- The Model Context Protocol: Simplifying Building AI apps with Anthropic Claude Desktop and Docker | Docker
- This robot vacuum and mop performs as well as some flagship models - but at half the price
- Finally, a ThinkPad model that checks all the boxes for me as a working professional
VERT Threat Alert: May 2023 Patch Tuesday Analysis
Today’s VERT Alert addresses Microsoft’s May 2023 Security Updates, which include a new release notes format. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1055 on Wednesday, May 10th.
In-The-Wild & Disclosed CVEs
Up first this month is a vulnerability reported by Avast in Win32k. This vulnerability could allow an authenticated attacker to elevate their privileges to SYSTEM. This vulnerability has seen active exploitation.
This vulnerability allows an attacker with physical access or Administrative rights to install a boot policy that could allow the attacker to bypass Secure Boot. This vulnerability has been publicly disclosed as well as being actively exploited by the BlackLotus UEFI bootkit. It was reported to Microsoft by both ESET, who wrote about BlackLotus in March, and SentinelOne. After installing the security update, there are additional steps that must be undertaken to mitigate this vulnerability as detailed in KB5025885.
The final vulnerability in this category this month is CVE-2023-29325, a code execution vulnerability reported by Will Dormann. According to Dormann, a pair of CLSIDs referenced as a COM object in Rich Text email caused a denial of service in Outlook, which he reported to Microsoft for further investigation. According to Microsoft, the vulnerability has been publicly disclosed but not actively exploited. Microsoft has provided a recommended workaround of reading email messages in plain text until you can apply the patch.
CVE Breakdown by Tag
While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis. Vulnerabilities are also colour coded to aid with identifying key issues.
- Traditional Software
- Mobile Software
- Cloud or Cloud Adjacent
- Vulnerabilities that are being exploited or that have been disclosed will be highlighted.
Tag |
CVE Count |
CVEs |
Windows Installer |
1 |
CVE-2023-24904 |
Windows Secure Socket Tunneling Protocol (SSTP) |
1 |
CVE-2023-24903 |
Microsoft Office Word |
1 |
CVE-2023-29335 |
Windows iSCSI Target Service |
1 |
CVE-2023-24945 |
Remote Desktop Client |
1 |
CVE-2023-24905 |
SysInternals |
1 |
CVE-2023-29343 |
Windows Secure Boot |
2 |
CVE-2023-24932, CVE-2023-28251 |
Windows Network File System |
1 |
CVE-2023-24941 |
Microsoft Office SharePoint |
3 |
CVE-2023-24950, CVE-2023-24954, CVE-2023-24955 |
Windows PGM |
2 |
CVE-2023-24940, CVE-2023-24943 |
Microsoft Windows Codecs Library |
2 |
CVE-2023-29340, CVE-2023-29341 |
Visual Studio Code |
1 |
CVE-2023-29338 |
Microsoft Teams |
1 |
CVE-2023-24881 |
Microsoft Office Excel |
1 |
CVE-2023-24953 |
Microsoft Graphics Component |
1 |
CVE-2023-24899 |
Windows Kernel |
1 |
CVE-2023-24949 |
Microsoft Bluetooth Driver |
3 |
CVE-2023-24944, CVE-2023-24947, CVE-2023-24948 |
Windows RDP Client |
1 |
CVE-2023-28290 |
Windows NFS Portmapper |
2 |
CVE-2023-24939, CVE-2023-24901 |
Windows Remote Procedure Call Runtime |
1 |
CVE-2023-24942 |
Windows NTLM |
1 |
CVE-2023-24900 |
Windows MSHTML Platform |
1 |
CVE-2023-29324 |
Windows OLE |
1 |
CVE-2023-29325 |
Windows Backup Engine |
1 |
CVE-2023-24946 |
Windows Win32K |
2 |
CVE-2023-24902, CVE-2023-29336 |
Microsoft Office Access |
1 |
CVE-2023-29333 |
Microsoft Office |
1 |
CVE-2023-29344 |
Microsoft Edge (Chromium-based) |
11 |
CVE-2023-2459, CVE-2023-2460, CVE-2023-2462, CVE-2023-2463, CVE-2023-2464, CVE-2023-2465, CVE-2023-2466, CVE-2023-2467, CVE-2023-2468, CVE-2023-29350, CVE-2023-29354 |
Windows LDAP – Lightweight Directory Access Protocol |
1 |
CVE-2023-28283 |
Windows SMB |
1 |
CVE-2023-24898 |
Other Information
At the time of publication, there were no new advisories included with the May Security Guidance.