- 105/2023
- Critical
Microsoft has released its monthly patch of security updates, known as Patch Tuesday. The mentioned patch contains a fix for three zero-day vulnerabilities.
Microsoft has fixed (38) vulnerabilities, with (6) classified as critical as they could allow the attacker to perform remote code execution on the affected products.
May’s Patch Tuesday was released to fix security flaws in some products such as Microsoft Teams, Visual Studio Code, Microsoft Office Online Server, Windows 10 Version 1809 for ARM64-based Systems, Windows Server 2019, Windows Server 2016, Microsoft SharePoint Server 2019, and Microsoft Office 2019.
The zero-day vulnerabilities fixed in May’s patch are:
- Microsoft Windows Win32K Elevation of Privilege Vulnerability in the Win32k Kernel driver that could allow the local authenticated attacker to obtain SYSTEM privileges – CVE-2023-29336.
- Microsoft Secure Boot Security Feature Bypass Vulnerability that could allow the local authenticated attacker to install an affected boot policy, Microsoft highlighted that this vulnerability was used by threat actors to install the BlackLotus UEFI bootkit – CVE-2023-24932.
- Microsoft Windows OLE Remote Code Execution Vulnerability that could allow the attacker to execute remote code on the victim’s machine by sending a specially crafted email to the victim – CVE-2023-29325.
Sample of the addressed vulnerabilities:
1. Microsoft Windows Pragmatic General Multicast (PGM) Code Execution (CVE-2023-24943):
- CVSS: 9.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
2. Microsoft Windows Network File System Code Execution (CVE-2023-24941)
- CVSS: 9.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.