September 27, 2023

Microsoft patched 38 CVEs in its May 2023 Patch Tuesday Release, with six rated as critical and 32 rated as important.

This month’s update includes patches for:

  • Microsoft Bluetooth Driver
  • Microsoft Graphics Component
  • Microsoft Office
  • Microsoft Office Access
  • Microsoft Office Excel
  • Microsoft Office SharePoint
  • Microsoft Office Word
  • Microsoft Teams
  • Microsoft Windows Codecs Library
  • Reliable Multicast Transport Driver (RMCAST)
  • Remote Desktop Client
  • SysInternals
  • Visual Studio Code
  • Windows Backup Engine
  • Windows Installer
  • Windows iSCSI Target Service
  • Windows Kernel
  • Windows LDAP – Lightweight Directory Access Protocol
  • Windows MSHTML Platform
  • Windows Network File System
  • Windows NFS Portmapper
  • Windows NTLM
  • Windows OLE
  • Windows RDP Client
  • Windows Remote Procedure Call Runtime
  • Windows Secure Boot
  • Windows Secure Socket Tunneling Protocol (SSTP)
  • Windows SMB
  • Windows Win32K

Win32k Elevation of Privilege Vulnerability – Zeroday Exploited in Wild

CVE-2023-29336 is an EoP vulnerability in Microsoft’s Win32k, a core kernel-side driver used in Windows with a CVSSv3 score of 7.8 and was exploited in the wild as a zero-day. Exploitation of this vulnerability would allow an attacker to gain SYSTEM level privileges on an affected host.

Over the last few years, we have seen multiple Win32k EoP zero days exploited in the wild. In the January 2022, Microsoft patched CVE-2022-21882. CVE-2022-21882 was reportedly a patch bypass for CVE-2021-1732, another Win32k EoP zero-day vulnerability from February 2021. In October 2021, Microsoft patched CVE-2021-40449, another Win32k EoP zero day linked to a remote access trojan known as Mystery Snail and was reportedly a patch bypass for CVE-2016-3309

Advertisements

Secure Boot Security Feature Bypass Vulnerability – Zeroday Exploited in Wild

CVE-2023-24932 is a security feature bypass vulnerability in Secure Boot in Windows operating systems, with a CVSSv3 score of 6.7, which allows for running of untrusted software during the boot up process. It was publicly disclosed and exploited in the wild as a zero-day prior to a patch being available. Exploitation of this vulnerability requires an attacker to have administrative rights or physical access to the vulnerable device, so Microsoft has rated this as Exploitation Less Likely

As a part of mitigation additional steps must be taken. These steps are outlined in KB5025885 which specifies that the May 9, 2023, Windows security updates must be installed first. The KB article notes that this update and the associated mitigation steps are necessary due to the publicly disclosed bypass being used by the BlackLotus UEFI bootkit.

CVE-2023-24932 is the fourth security feature bypass vulnerability disclosed in 2023 in either Windows Boot Manager or Secure, Microsoft addressed CVE-2023-28269 and CVE-2023-28249 in April 2023, and CVE-2023-21560.in January 2023

Windows OLE Remote Code Execution Vulnerability -Zero Day Not Exploited in Wild

CVE-2023-29325 is a RCE in the Windows Object Linking and Embedding (OLE) mechanism of Windows operating systems that was publicly disclosed and with a CVSSv3 score of 8.1. Windows OLE is a technology that allows the creation of documents that contain objects from several applications. The vulnerability lies in the processing of RTF documents and emails. Microsoft said that the Preview Pane feature in Microsoft Outlook and Office is a vector for exploitation.

An unauthenticated, remote attacker can exploit this vulnerability by sending a specially crafted document to a vulnerable system. However, the vulnerability has been given a high complexity as successful exploitation requires the attacker to win a race condition and the target to be prepared for exploitation.

Microsoft has provided mitigation advice to prevent users from opening RTF documents or emails in Outlook and Office to reduce the risk of exploitation where immediate patching is not possible.

Windows Network File System Remote Code Execution Vulnerability

CVE-2023-24941 is a critical RCE vulnerability affecting supported versions of Windows Server with a CVSSv3 score of 9.8. The affected component is the Network File System (NFS) service, which is used for file sharing between Unix and Windows Server systems. The vulnerability affects NFSV4.1, but not NFSV2.0 or NFSV3.0. CVE-2023-24941 can be exploited by a remote, unauthenticated attacker sending a malicious call to a vulnerable server.

Microsoft provided mitigation guidance for organizations where immediate patching is not possible, which involves disabling NFSV4.1. However, this mitigation should not be applied if the server has not applied the May 2022 patch, as that release addressed a similar vulnerability, CVE-2022-26937, in NFSV2 and NFSV3.

Advertisements

Windows 10  EOL

Microsoft announced that Windows 10 20H2 has reached its end of life for Enterprise, Education, IoT Enterprise, and Enterprise multi-session editions. This means that users of these versions of Windows 10 20H2 will no longer receive security updates and should upgrade as soon as possible. Plugin ID 161921 can be used to identify hosts that have unsupported installations of Windows 10 version 20H2.

Windows 10 21H2 will reach end of life for Home, Pro, Pro Education and Pro for Workstations editions during June month patch Tuesday.

Patch Summary

Sl.NOVulnerability TitleCVE IDSeverity
1Microsoft Office SharePointCVE-2023-24955Critical
2Windows LDAP – Lightweight Directory Access ProtocolCVE-2023-28283Critical
3Windows Network File SystemCVE-2023-24941Critical
4Windows OLECVE-2023-29325Critical
5Windows PGMCVE-2023-24943Critical
6Windows Secure Socket Tunneling Protocol (SSTP)CVE-2023-24903Critical
7Microsoft Bluetooth DriverCVE-2023-24947Important
8Microsoft Bluetooth DriverCVE-2023-24948Important
9Microsoft Bluetooth DriverCVE-2023-24944Important
10Microsoft Edge (Chromium-based)CVE-2023-29350Important
11Microsoft Graphics ComponentCVE-2023-24899Important
12Microsoft OfficeCVE-2023-29344Important
13Microsoft Office AccessCVE-2023-29333Important
14Microsoft Office ExcelCVE-2023-24953Important
15Microsoft Office SharePointCVE-2023-24954Important
16Microsoft Office SharePointCVE-2023-24950Important
17Microsoft Office WordCVE-2023-29335Important
18Microsoft TeamsCVE-2023-24881Important
19Microsoft Windows Codecs LibraryCVE-2023-29340Important
20Microsoft Windows Codecs LibraryCVE-2023-29341Important
21Remote Desktop ClientCVE-2023-24905Important
22SysInternalsCVE-2023-29343Important
23Visual Studio CodeCVE-2023-29338Important
24Windows Backup EngineCVE-2023-24946Important
25Windows InstallerCVE-2023-24904Important
26Windows iSCSI Target ServiceCVE-2023-24945Important
27Windows KernelCVE-2023-24949Important
28Windows MSHTML PlatformCVE-2023-29324Important
29Windows NFS PortmapperCVE-2023-24901Important
30Windows NFS PortmapperCVE-2023-24939Important
31Windows NTLMCVE-2023-24900Important
32Windows PGMCVE-2023-24940Important
33Windows RDP ClientCVE-2023-28290Important
34Windows Remote Procedure Call RuntimeCVE-2023-24942Important
35Windows Secure BootCVE-2023-28251Important
36Windows Secure BootCVE-2023-24932Important
37Windows SMBCVE-2023-24898Important
38Windows Win32KCVE-2023-29336Important
39Windows Win32KCVE-2023-24902Important
40Microsoft Edge (Chromium-based)CVE-2023-29354Moderate
41Microsoft Edge (Chromium-based)CVE-2023-2468Unknown
42Microsoft Edge (Chromium-based)CVE-2023-2459Unknown
43Microsoft Edge (Chromium-based)CVE-2023-2467Unknown
44Microsoft Edge (Chromium-based)CVE-2023-2463Unknown
45Microsoft Edge (Chromium-based)CVE-2023-2462Unknown
46Microsoft Edge (Chromium-based)CVE-2023-2460Unknown
47Microsoft Edge (Chromium-based)CVE-2023-2465Unknown
48Microsoft Edge (Chromium-based)CVE-2023-2466Unknown
49Microsoft Edge (Chromium-based)CVE-2023-2464Unknown

Leave a Reply

%d bloggers like this: