Microsoft has released its May 2023 Patch Tuesday updates to tackle 38 security issues, including one zero-day bug that is reportedly being exploited in the wild.
Microsoft’s May 2023 Patch Tuesday
According to Trend Micro’s Zero Day Initiative (ZDI), this is the lowest number of flaws since August 2021, though they suggested that the amount will rise in the upcoming months. Of the 38 flaws, six have been categorized as Critical and 32 as Important in regards to severity. Microsoft has алсо assigned the “Exploitation More Likely” assessment to eight of the vulnerabilities. Тhe company has addressed 18 flaws, including 11 since the start of May, in their Chromium-based Edge browser following their April Patch Tuesday updates.
The most severe vulnerability, CVE-2023-29336, is a privilege escalation flaw in Win32k. This flaw is currently being actively exploited, though it is uncertain how widespread the issue has become.
Significant attention should be also paid to two publicly revealed weaknesses, one of which is a major remote code execution vulnerability in Windows OLE (CVE-2023-29325, CVSS score: 8.1) that could be used to malicious ends by an attacker who sends a specially crafted email to the target.
As a preventive measure, Microsoft suggests that users read email messages in plain text format to avert this vulnerability. The other publicly known vulnerability is CVE-2023-24932 (CVSS score: 6.7), a bypass of the Secure Boot security feature exploited by the BlackLotus UEFI bootkit for CVE-2022-21894 (aka Baton Drop), which was solved in January 2022.
More about CVE-2023-29336
As explained by Tenable researchers, Microsoft patched CVE-2022-21882 in January 2022, which was reportedly a patch bypass for CVE-2021-1732, a Win32k EoP zero day vulnerability from February 2021. Then, in October 2021, Microsoft patched CVE-2021-40449, which was linked to a remote access trojan known as MysterySnail and was reportedly a patch bypass for CVE-2016-3309. CVE-2023-29336 is another EoP vulnerability in Microsoft’s Win32k, a core kernel-side driver used in Windows.
This vulnerability received a CVSSv3 score of 7.8 and was exploited in the wild as a zero-day. Exploitation of this vulnerability would allow an attacker to gain SYSTEM level privileges on an affected host. It is unclear if CVE-2023-29336 is also a patch bypass, as there have been multiple Win32k EoP zero days exploited in the wild over the last few years.