May 10, 2023

Microsoft Patches Actively-Exploited 3 Zero-Days & 12 RCE Vulnerabilities

As part of May monthly security rollup updates, Microsoft has patched 3 Zero-Day and 12 Remote Code Execution (RCE) vulnerabilities.

Overall, Microsoft has patched 40 vulnerabilities across Windows, VS, Edge, Office, RDP and others.

The Zero-Day Vulnerabilities

• CVE-2023-29336, (CVSS 3.1: 7.8, High-Severity) – Privilege elevation vulnerability in the Win32k Kernel driver, an attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
• CVE-2023-24932, (CVSS 3.1: 6.7, High-Severity)  – Secure Boot bypass vulnerability used by a threat actor to install the “BlackLotus” UEFI bootkit.
  an attacker who has physical access or Administrative rights to a target device could install an affected boot policy to exploit the vulnerability.
• CVE-2023-29336, (CVSS 3.1: 8.1, High-Severity) – Remote Code Execution (RCE) vulnerability in Windows OLE  that can be exploited using specially crafted emails opened in Microsoft Outlook.
  an attacker could exploit the vulnerability by sending the specially crafted email to the victim.

For the full patched vulnerabilities list, including the 12 RCEs, visit Microsoft May 2023 Security Updates.

Affected Systems

The Vulnerability affects all Windows versions under support, including the latest client and server releases, Windows 11 and Windows Server 2022.

Mitigation

CYREBRO recommends to implement the latest available Microsoft security/monthly rollup updates in all relevant systems as soon as possible.

References: Microsoft May 2023 Security Updates.