- One of the best mid-range sports watches I've tested is on sale for Black Friday
- This monster 240W charger has features I've never seen on other accessories (and get $60 off this Black Friday)
- This laptop power bank has served me well for years, and this Black Friday deal slashes the price in half
- This power bank is thinner than your iPhone and this Black Friday deal slashes 27% off the price
- New Levels, New Devils: The Multifaceted Extortion Tactics Keeping Ransomware Alive
VERT Threat Alert: May 2023 Patch Tuesday Analysis
Today’s VERT Alert addresses Microsoft’s May 2023 Security Updates, which include a new release notes format. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1055 on Wednesday, May 10th.
In-The-Wild & Disclosed CVEs
Up first this month is a vulnerability reported by Avast in Win32k. This vulnerability could allow an authenticated attacker to elevate their privileges to SYSTEM. This vulnerability has seen active exploitation.
This vulnerability allows an attacker with physical access or Administrative rights to install a boot policy that could allow the attacker to bypass Secure Boot. This vulnerability has been publicly disclosed as well as being actively exploited by the BlackLotus UEFI bootkit. It was reported to Microsoft by both ESET, who wrote about BlackLotus in March, and SentinelOne. After installing the security update, there are additional steps that must be undertaken to mitigate this vulnerability as detailed in KB5025885.
The final vulnerability in this category this month is CVE-2023-29325, a code execution vulnerability reported by Will Dormann. According to Dormann, a pair of CLSIDs referenced as a COM object in Rich Text email caused a denial of service in Outlook, which he reported to Microsoft for further investigation. According to Microsoft, the vulnerability has been publicly disclosed but not actively exploited. Microsoft has provided a recommended workaround of reading email messages in plain text until you can apply the patch.
CVE Breakdown by Tag
While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis. Vulnerabilities are also colour coded to aid with identifying key issues.
- Traditional Software
- Mobile Software
- Cloud or Cloud Adjacent
- Vulnerabilities that are being exploited or that have been disclosed will be highlighted.
Tag |
CVE Count |
CVEs |
Windows Installer |
1 |
CVE-2023-24904 |
Windows Secure Socket Tunneling Protocol (SSTP) |
1 |
CVE-2023-24903 |
Microsoft Office Word |
1 |
CVE-2023-29335 |
Windows iSCSI Target Service |
1 |
CVE-2023-24945 |
Remote Desktop Client |
1 |
CVE-2023-24905 |
SysInternals |
1 |
CVE-2023-29343 |
Windows Secure Boot |
2 |
CVE-2023-24932, CVE-2023-28251 |
Windows Network File System |
1 |
CVE-2023-24941 |
Microsoft Office SharePoint |
3 |
CVE-2023-24950, CVE-2023-24954, CVE-2023-24955 |
Windows PGM |
2 |
CVE-2023-24940, CVE-2023-24943 |
Microsoft Windows Codecs Library |
2 |
CVE-2023-29340, CVE-2023-29341 |
Visual Studio Code |
1 |
CVE-2023-29338 |
Microsoft Teams |
1 |
CVE-2023-24881 |
Microsoft Office Excel |
1 |
CVE-2023-24953 |
Microsoft Graphics Component |
1 |
CVE-2023-24899 |
Windows Kernel |
1 |
CVE-2023-24949 |
Microsoft Bluetooth Driver |
3 |
CVE-2023-24944, CVE-2023-24947, CVE-2023-24948 |
Windows RDP Client |
1 |
CVE-2023-28290 |
Windows NFS Portmapper |
2 |
CVE-2023-24939, CVE-2023-24901 |
Windows Remote Procedure Call Runtime |
1 |
CVE-2023-24942 |
Windows NTLM |
1 |
CVE-2023-24900 |
Windows MSHTML Platform |
1 |
CVE-2023-29324 |
Windows OLE |
1 |
CVE-2023-29325 |
Windows Backup Engine |
1 |
CVE-2023-24946 |
Windows Win32K |
2 |
CVE-2023-24902, CVE-2023-29336 |
Microsoft Office Access |
1 |
CVE-2023-29333 |
Microsoft Office |
1 |
CVE-2023-29344 |
Microsoft Edge (Chromium-based) |
11 |
CVE-2023-2459, CVE-2023-2460, CVE-2023-2462, CVE-2023-2463, CVE-2023-2464, CVE-2023-2465, CVE-2023-2466, CVE-2023-2467, CVE-2023-2468, CVE-2023-29350, CVE-2023-29354 |
Windows LDAP – Lightweight Directory Access Protocol |
1 |
CVE-2023-28283 |
Windows SMB |
1 |
CVE-2023-24898 |
Other Information
At the time of publication, there were no new advisories included with the May Security Guidance.