Microsoft released Patch Tuesday updates in May 2023 to address 38 security flaws.
Trend Micro’s Zero Day Initiative (ZDI) said the volume was the lowest since August 2021, but noted that “this number is expected to increase in the coming months.”
Of the 38 vulnerabilities, 6 are rated critical and 32 are rated important. Eight of the flaws are tagged with a “highly exploitable” rating by Microsoft.
That’s what the Windows makers resolved in their Chromium-based Edge browser after the release of April’s Patch Tuesday Update, excluding 18 flaws, including 11 bugs since the beginning of May.
Topping the list is CVE-2023-29336 (CVSS score: 7.8), a privilege escalation flaw in Win32k that is being actively exploited. It’s not immediately clear how widespread the attack is.
“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” Microsoft said, noting that Avast researchers Jan Vojtěšek, Milánek, and Luigino Camastra reported the flaw. I admit it.
With this development, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this flaw to its Known Exploited Vulnerabilities (KEV) catalog with a vendor patch by May 30, 2023. urged the organization to
Also worth noting are two publicly known flaws. One of them is a critical remote code execution flaw (CVE-2023-29325, CVSS score: 8.1) affecting Windows OLE, which allows an attacker to send a specially crafted email to the victim. It can be weaponized. .
As a mitigation, Microsoft recommends that users read email messages in plain text format to protect against this vulnerability.
The second publicly disclosed vulnerability is CVE-2023-24932 (CVSS score: 6.7). This is a bypass of the Secure Boot security feature weaponized by the BlackLotus UEFI bootkit to exploit his CVE-2022-21894 (aka Baton Drop) which was resolved in January 2022. .
In separate guidance, Microsoft said, “This vulnerability allows an attacker to execute self-signed code at the UEFI (Unified Extensible Firmware Interface) level when Secure Boot is enabled.
“It is primarily used by attackers as a persistence and defense evasion mechanism. I have.”
Note that Microsoft-provided fixes are disabled by default and customers must manually apply the revocation, but not before updating every bootable media.
Learn how to stop ransomware with real-time protection
Join our webinar to learn how real-time MFA and service account protection can stop ransomware attacks.
Save my seat!
“Once a mitigation for this issue is enabled on a device, which means that revocation has been applied, continuing to use Secure Boot on that device is irreversible,” warns Microsoft. “Reformatting the disk will not remove revocations if they have already been applied.”
The tech giant said it is taking a step-by-step approach to completely plugging attack vectors to avoid the risk of unintentional disruption. This is expected to continue through the first quarter of 2024.
“Modern UEFI-based secure boot schemes are very complex to configure correctly and to significantly reduce the attack surface,” noted firmware security firm Binarly earlier this March. “That said, bootloader attacks are unlikely to go away anytime soon.”
Software patches from other vendors
In addition to Microsoft, other vendors have released security updates over the past few weeks to fix several vulnerabilities, including:
