Microsoft releases 38 fixes this month including 7 Critical and 1 Weaponised Threat
There are 7 Critical and 31 Important fixes this month. Microsoft Windows, Windows Components, Office and Office Components, SharePoint Server, Visual Studio, SysInternals and Microsoft Teams have all received fixes this month. This is by far the smallest release from Microsoft for over 18 months.
Robert Brown, Head of Customer Success for Syxsense said, “We have 2 patches that resolve vulnerabilities which have a CVSS score of more than 9 (Critical) and if you count all the individual CVSS scores together, May has a combined CVSS score of 275.3 down from 722.4 last month. One may assume that updates have not passed internal QA assurances so all IT experts should be wary and expect OOB (Out of Band) updates before the next scheduled Patch Tuesday release.”
Based on the Vendor Severity & CVSS Score, we have made a few recommendations below. As usual we recommend our customers enter the CVE numbers below into your Patch Management solution and deploy as soon as testing is complete.
CVE-2023-29336 – Win32k Elevation of Privilege Vulnerability
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Note: The vulnerability is being Weaponised
Syxscore
- Vendor Severity: Important
- CVSS: 7.8
- Weaponised: Yes
- Public Aware: No
- Countermeasure: No
Syxscore Risk
- Attack Vector: Local
- Attack Complexity: Low
- Privileges: Low
- User Interaction: None
- Scope (Jump Point): Unchanged / No
CVE-2023-29325 – Windows OLE Remote Code Execution Vulnerability
In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted email to the victim. Exploitation of the vulnerability might involve either a victim opening a specially crafted email with an affected version of Microsoft Outlook software, or a victim’s Outlook application displaying a preview of a specially crafted email . This could result in the attacker executing remote code on the victim’s machine.
Note: The vulnerability is Publicly Aware
Syxscore
- Vendor Severity: Critical
- CVSS: 8.1
- Weaponised: No
- Public Aware: Yes
- Countermeasure: No
Syxscore Risk
- Attack Vector: Network
- Attack Complexity: High
- Privileges: None
- User Interaction: None
- Scope (Jump Point): Unchanged / No
CVE-2023-24941 – Windows Network File System Remote Code Execution Vulnerability
This vulnerability could be exploited over the network by making an unauthenticated, specially crafted call to a Network File System (NFS) service to trigger a Remote Code Execution (RCE).
Note: The vulnerability is More Likely to be Exploited
Syxscore
- Vendor Severity: Critical
- CVSS: 9.8
- Weaponised: No
- Public Aware: Yes
- Countermeasure: No
Syxscore Risk
- Attack Vector: Network
- Attack Complexity: High
- Privileges: None
- User Interaction: None
- Scope (Jump Point): Unchanged / No
| Reference | Description | Vendor Severity | CVSS Score | Weaponised | Publicly Aware | Impact | Countermeasure | Exploitability Assessment | Additional Details |
| CVE-2023-29336 | Win32k Elevation of Privilege Vulnerability | Important | 7.8 | Yes | No | Elevation of Privilege | Exploitation Detected | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | |
| CVE-2023-29325 | Windows OLE Remote Code Execution Vulnerability | Critical | 8.1 | No | Yes | Remote Code Execution | Exploitation More Likely | ||
| CVE-2023-24932 | Secure Boot Security Feature Bypass Vulnerability | Important | 6.7 | No | Yes | Security Feature Bypass | Exploitation Less Likely | An attacker who successfully exploited this vulnerability could bypass Secure Boot. | |
| CVE-2023-24941 | Windows Network File System Remote Code Execution Vulnerability | Critical | 9.8 | No | No | Remote Code Execution |
This vulnerability is not exploitable in NFSV2.0 or NFSV3.0. Prior to updating your version of Windows that protects against this vulnerability, you can mitigate an attack by disabling NFSV4.1. This could adversely affect your ecosystem and should only be used as a temporary mitigation. Warning You should NOT apply this mitigation unless you have installed the May 2022 Windows security updates. Those updates address CVE-2022-26937 which is a Critical vulnerability in NFSV2.0 and NFSV3.0. |
Exploitation More Likely | This vulnerability could be exploited over the network by making an unauthenticated, specially crafted call to a Network File System (NFS) service to trigger a Remote Code Execution (RCE). |
| CVE-2023-24943 | Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | Critical | 9.8 | No | No | Remote Code Execution | Only PGM Server is vulnerable to this vulnerability. To mitigate risk, Microsoft recommends customers deploy newer technologies such as Unicast or Multicast server. | Exploitation Less Likely | When Windows Message Queuing service is running in a PGM Server environment, a specially crafted file over the network to achieve remote code execution and attempt to trigger malicious code. |
| CVE-2023-24947 | Windows Bluetooth Driver Remote Code Execution Vulnerability | Important | 8.8 | No | No | Remote Code Execution | Exploitation Less Likely | An unauthorized attacker could exploit the Windows Bluetooth driver vulnerability by programmatically running certain functions that could lead to remote code execution on the Bluetooth component. | |
| CVE-2023-24903 | Windows Secure Socket Tunnelling Protocol (SSTP) Remote Code Execution Vulnerability | Critical | 8.1 | No | No | Remote Code Execution | Exploitation Less Likely | ||
| CVE-2023-28283 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | Critical | 8.1 | No | No | Remote Code Execution | Exploitation Less Likely | ||
| CVE-2023-24902 | Win32k Elevation of Privilege Vulnerability | Important | 7.8 | No | No | Elevation of Privilege | Exploitation More Likely | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | |
| CVE-2023-24905 | Remote Desktop Client Remote Code Execution Vulnerability | Important | 7.8 | No | No | Remote Code Execution | Exploitation Less Likely | An attacker could host the malicious .rdp file on a file share, a user accessing the .rdp file from the share would be vulnerable to remote code execution. | |
| CVE-2023-24946 | Windows Backup Service Elevation of Privilege Vulnerability | Important | 7.8 | No | No | Elevation of Privilege | Exploitation Less Likely | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | |
| CVE-2023-24949 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No | Elevation of Privilege | Exploitation More Likely | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | |
| CVE-2023-24953 | Microsoft Excel Remote Code Execution Vulnerability | Important | 7.8 | No | No | Remote Code Execution | Exploitation Less Likely | ||
| CVE-2023-29340 | AV1 Video Extension Remote Code Execution Vulnerability | Important | 7.8 | No | No | Remote Code Execution | Exploitation Less Likely | ||
| CVE-2023-29341 | AV1 Video Extension Remote Code Execution Vulnerability | Important | 7.8 | No | No | Remote Code Execution | Exploitation Less Likely | ||
| CVE-2023-29343 | SysInternals Sysmon for Windows Elevation of Privilege Vulnerability | Important | 7.8 | No | No | Elevation of Privilege | Exploitation Less Likely | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | |
| CVE-2023-29344 | Microsoft Office Remote Code Execution Vulnerability | Important | 7.8 | No | No | Remote Code Execution | Exploitation Less Likely | ||
| CVE-2023-29324 | Windows MSHTML Platform Elevation of Privilege Vulnerability | Critical | 7.5 | No | No | Security Feature Bypass | Exploitation More Likely | An attacker who successfully exploited this vulnerability could gain administrator privileges. | |
| CVE-2023-24898 | Windows SMB Denial of Service Vulnerability | Important | 7.5 | No | No | Denial of Service | Exploitation Less Likely | ||
| CVE-2023-24901 | Windows NFS Portmapper Information Disclosure Vulnerability | Important | 7.5 | No | No | Information Disclosure | Exploitation Less Likely | ||
| CVE-2023-24939 | Server for NFS Denial of Service Vulnerability | Important | 7.5 | No | No | Denial of Service | Exploitation Less Likely | ||
| CVE-2023-24940 | Windows Pragmatic General Multicast (PGM) Denial of Service Vulnerability | Important | 7.5 | No | No | Denial of Service | Exploitation Less Likely | ||
| CVE-2023-24942 | Remote Procedure Call Runtime Denial of Service Vulnerability | Important | 7.5 | No | No | Denial of Service | Exploitation Less Likely |
