Date 11 May 2023

Threat Actor

N/A

Description

Microsoft addresses 38 CVEs including three zero-day vulnerabilities, two of which were exploited in the wild.

Highlighted Vulnerabilities

CVE-2023-29336 | Win32k Elevation of Privilege Vulnerability

• CVE-2023-29336 is an EoP vulnerability in Microsoft’s Win32k, a core kernel-side driver used in Windows. This vulnerability received a CVSSv3 score of 7.8 and was exploited in the wild as a zero-day. The exploitation of this vulnerability would allow an attacker to gain SYSTEM-level privileges on an affected host.

CVE-2023-24932 | Secure Boot Security Feature Bypass Vulnerability

• CVE-2023-24932 is a security feature bypass vulnerability in Secure Boot in Windows operating systems, which allows for the running of untrusted software during the boot-up process. It was publicly disclosed and exploited in the wild as a zero-day prior to a patch being available. The flaw was given a CVSSv3 score of 6.7. The exploitation of this vulnerability requires an attacker to have administrative rights or physical access to the vulnerable device, so Microsoft has rated this as “Exploitation Less Likely”

CVE-2023-29325 | Windows OLE Remote Code Execution Vulnerability

• CVE-2023-29325 is an RCE in the Windows Object Linking and Embedding (OLE) mechanism of Windows operating systems that was publicly disclosed and given a CVSSv3 score of 8.1. Windows OLE is a technology that allows the creation of documents that contain objects from several applications. The vulnerability lies in the processing of RTF documents and emails. Microsoft said that the Preview Pane feature in Microsoft Outlook and Office is a vector for exploitation. An unauthenticated, remote attacker can exploit this vulnerability by sending a specially crafted document to a vulnerable system. However, the vulnerability has been given a high complexity as successful exploitation requires the attacker to win a race condition and the target to be prepared for exploitation.

CVE-2023-24941 | Windows Network File System Remote Code Execution Vulnerability

CVE-2023-24941 is a critical RCE vulnerability affecting supported versions of Windows Server that were given a CVSSv3 score of 9.8. The affected component is the Network File System (NFS) service, which is used for file sharing between Unix and Windows Server systems. Specifically, the vulnerability affects NFSV4.1, but not NFSV2.0 or NFSV3.0. CVE-2023-24941 can be exploited by a remote, unauthenticated attacker sending a malicious call to a vulnerable server.

Reference

https://www.tenable.com/blog/microsofts-may-2023-patch-tuesday-addresses-38-cves-cve-2023-29336