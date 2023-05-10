



Today’s VERT alert addresses Microsoft’s May 2023 security updates. This includes a new release notes format. VERT is actively working to cover these vulnerabilities and plans to ship ASPL-1055 on Wednesday, May 10th.

In-The-Wild and Disclosed CVEs

CVE-2023-29336

First up this month is the Win32k vulnerability reported by Avast. This vulnerability could allow an authenticated attacker to elevate his privileges to her SYSTEM. This vulnerability is being actively exploited.

CVE-2023-24932

This vulnerability could allow an attacker with physical access or administrative privileges to install a boot policy that allows the attacker to bypass Secure Boot. Not only is this vulnerability publicly disclosed, it is being actively exploited by the BlackLotus UEFI bootkit. The issue was reported to Microsoft by both ESET and SentinelOne, where he wrote about BlackLotus in March. As detailed in KB5025885, there are additional steps that must be taken after installing the security update to mitigate this vulnerability.

CVE-2023-29325

The last vulnerability in this category this month is CVE-2023-29325, a code execution vulnerability reported by Will Dormann. Dormann said in a Rich Text email that his CLSID pair referenced as a COM object caused a denial of service in Outlook, and he reported it to Microsoft for further investigation. According to Microsoft, this vulnerability has been disclosed but is not being actively exploited. Microsoft has provided a workaround that recommends reading email messages in plain text until a patch can be applied.

CVE Breakdown by Tags

The groupings of past Microsoft Security Bulletins are gone, but Microsoft vulnerabilities are tagged with identifiers. This list provides a breakdown of CVEs by tag. Vulnerabilities are also color-coded to help you identify important issues.

Traditional Software Mobile Software Cloud or Cloud-Adjacent Vulnerabilities Exploited or publicly disclosed vulnerabilities are highlighted.

tag

Number of CVEs

CVEs

windows installer

1

CVE-2023-24904

Windows Secure Socket Tunneling Protocol (SSTP)

1

CVE-2023-24903

microsoft office word

1

CVE-2023-29335

Windows iSCSI Target Service

1

CVE-2023-24945

remote desktop client

1

CVE-2023-24905

inside the system

1

CVE-2023-29343

Windows Secure Boot

2

CVE-2023-24932, CVE-2023-28251

Windows network file system

1

CVE-2023-24941

Microsoft Office SharePoint

3

CVE-2023-24950, CVE-2023-24954, CVE-2023-24955

Windows PGM

2

CVE-2023-24940, CVE-2023-24943

Microsoft Windows Codec Library

2

CVE-2023-29340, CVE-2023-29341

visual studio code

1

CVE-2023-29338

microsoft team

1

CVE-2023-24881

microsoft office excel

1

CVE-2023-24953

Microsoft Graphics Component

1

CVE-2023-24899

windows kernel

1

CVE-2023-24949

Microsoft Bluetooth Driver

3

CVE-2023-24944, CVE-2023-24947, CVE-2023-24948

Windows RDP client

1

CVE-2023-28290

Windows NFS portmapper

2

CVE-2023-24939, CVE-2023-24901

Windows Remote Procedure Call Runtime

1

CVE-2023-24942

Windows NTLM

1

CVE-2023-24900

Windows MSHTML platform

1

CVE-2023-29324

Windows OLE

1

CVE-2023-29325

Windows backup engine

1

CVE-2023-24946

Windows Win32K

2

CVE-2023-24902, CVE-2023-29336

microsoft office access

1

CVE-2023-29333

microsoft office

1

CVE-2023-29344

Microsoft Edge (Chromium-based)

11

CVE-2023-2459, CVE-2023-2460, CVE-2023-2462, CVE-2023-2463, CVE-2023-2464, CVE-2023-2465, CVE-2023-2466, CVE-2023-2467, CVE- 2023-2468, CVE-2023-29350, CVE-2023-29354

Windows LDAP – Lightweight Directory Access Protocol

1

CVE-2023-28283

Windows SMB

1

CVE-2023-24898

Other information

At the time of publication, there were no new advisories in the May Security Guidance.

