Microsoft May 2023 Patches 3 zero-day, 38 flaws Advisory (15th May 2023)

Ref# AL2023_34 | Date: May 15th 2023

Description  

Microsoft calls Tuesday Patch Tuesday where they accumulate security updates which are released on the second Tuesday of each month. This month`s patch fixes a problem of 3 zero-day vulnerabilities and 38 other flaws. It is recommended that you take the necessary precautions to ensure your products are always updated and protected. 

Details 

Six vulnerabilities are classified as critical where remote code execution is possible which is the most severe type of vulnerability. 

The list below depicts the number of bugs in each type of vulnerability: 

  • 8 Elevation of Privilege Vulnerabilities 

  • 4 Security Feature Bypass Vulnerabilities 

  • 12 Remote Code Execution Vulnerabilities 

  • 8 Information Disclosure Vulnerabilities 

  • 5 Denial of Service Vulnerabilities 

  • 1 Spoofing Vulnerability 

 

The list below depicts the list of zero-day vulnerabilities that are being patched and updated: 

Microsoft has fixed a privilege elevation vulnerability in the Win32k Kernel driver that elevates privileges to SYSTEM, Windows” highest user privilege level The attacker who successfully exploited this vulnerability could gain SYSTEM privileges. This bug was discovered by Avast employees where it is reported that that it is actively exploited. 

Microsoft has fixed a Secure Boot bypass flaw used by a threat actor to install theBlackLotus UEFI bootkit.  UEFI bootkits are malware planted in the system firmware and are invisible to security software running within the operating system because the malware loads in the initial stage of the booting sequence. Microsoft released guidance last month onhow to detect BlackLotus UEFI bootkit attacks. With today”s Patch the recent patch, Microsoft fixed the vulnerability used by the bootkit but has not enabled it by default. Additional steps are required at this time to mitigate the vulnerability.  

Please refer to the following for steps to determine impact on your environment:KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932. Microsoft says this vulnerability is a bypass for the previously fixedCVE-2022-21894vulnerability. 

Microsoft has also released security update for one publicly disclosed zero-day vulnerabilities that was not actively exploited. 

Microsoft has fixed a Windows OLE flaw in Microsoft Outlook that can be exploited using specially crafted emails where an attacker could exploit the vulnerability by sending specially crafted email to the victim. Exploitation of the vulnerability might involve either a victim opening a specially crafted email with an affected version of Microsoft Outlook software, or a victim”s Outlook application displaying a preview of a specially crafted email that can result in the attacker executing remote code on the target`s machine. 

Microsoft says that users can mitigate this vulnerability byreading all messages in plain text format. This vulnerability was discovered by Vuln Labs. 

For more information about the security updates and the various vulnerabilities affected from Microsoft, you can follow this URL: https://www.bleepingcomputer.com/microsoft-patch-tuesday-reports/May-2023.html  

Remediation 

It is strongly recommended to ensure all updates are downloaded and installed. If the update is not downloaded automatically, updates can be checked manually by going to the settings application > Windows Update > Check for updates and download. 

The Guyana National CIRT recommends that users and administrators review this alert and apply it where necessary. 

PDF Download: Microsoft Patch Tuesday.pdf

References