Today is the second Tuesday of May 2023 and it’s time to check out the latest security updates from Microsoft. As part of this month’s patch update, Microsoft Fixes 38 vulnerabilities that impact several products in its portfolio. Where six of them are classified as ‘Critical’ as they allow Elevation of Privilege (EoP), Remote Code Execution (RCE), and Spoofing, and four of them are rated Moderate in severity, and the remaining 32 are Important. Today’s security updates fix three actively exploited zero-day vulnerabilities CVE-2023-29325, CVE-2023-24932, and CVE-2023-29336 that allow attackers to gain SYSTEM privileges on target machines.
Microsoft patched 38 CVEs in its May 2023 Patch Tuesday Release, including Three actively exploited zero-day, with six rated as critical and 32 rated as important.
Contents
Microsoft May 2023 Patch Tuesday
With today’s update, Microsoft patched several flaws in its software, including Denial of Service (DoS), Elevation of Privilege, Information Disclosure, Microsoft Edge (Chromium-based), Remote Code Execution (RCE), Security Feature Bypass, Spoofing and Tampering.
The number of bugs in each vulnerability category is listed below:
| Vulnerability Category | Quantity | Severities |
|---|---|---|
| Spoofing Vulnerability6 | 1 | Important: 1 |
| Denial of Service Vulnerability | 5 | Important: 5 |
| Elevation of Privilege Vulnerability | 8 | Important: 8 |
| Information Disclosure Vulnerability | 8 | Important: 8 |
| Remote Code Execution Vulnerability | 12 | Important: 6 Critical: 6 |
| Security Feature Bypass Vulnerability | 4 | Important: 4 |
in addition, 11 flaws the tech giant fixed in its Chromium-based Edge browser in recent weeks.
A crucial part of this month’s security updates consists of patches for three actively exploited zero-day vulnerability, which was publicly disclosed.
- CVE-2023-29336 – Win32k Elevation of Privilege Vulnerability
- CVE-2023-24932 – Secure Boot Security Feature Bypass Vulnerability
- CVE-2023-29325 – Windows OLE Remote Code Execution Vulnerability
Successful exploitation would elevate an attacker’s privileges SYSTEM. According to Microsoft.
Other vulnerabilities of May 2023
CVE-2023-24941: This vulnerability could be exploited over the network by making an unauthenticated, specially crafted call to a Network File System (NFS) service to trigger a Remote Code Execution (RCE).”
CVE-2023-24943 is a Critical vulnerability affecting Windows Pragmatic General Multicast (PGM).
When Windows Message Queuing service is running in a PGM Server environment, an attacker could send a specially crafted file over the network to achieve remote code execution and attempt to trigger malicious code.
CVE-2023-24903 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability. an attacker may send a specially crafted malicious SSTP packet to an SSTP server. On successful exploitation, the attacker may perform remote code execution on the server side.
CVE-2023-24955 is a Critical vulnerability affecting Microsoft SharePoint Servers that could allow an authenticated user, as a Site Owner, to execute code remotely on the SharePoint Server.
An attacker is required to authenticate as a Site Owner to exploit this vulnerability. The vulnerability will allow an attacker to perform remote code execution on the SharePoint Server.
CVE-2023-29324 is a Critical vulnerability affecting the Windows MSHTML Platform security feature. An attacker can craft a malicious URL that would evade zone checks, resulting in a limited loss of integrity and availability of the victim machine.
Today’s Patch Tuesday updates also include some minor new features for the latest version of windows 11 and windows 10
Recent updates from other companies
Other vendors who released updates in May 2023 include:
- Apple released a security update for Beats headphones.
- Cisco released security updates for Cisco iOS and disclosed an RCE bug for the unsupported Cisco SPA112 2-Port Phone Adapters.
- CISA warned of critical bugs in Illumina DNA sequencing systems
- Google released the Android May 2023 updates to fix a bug used to install Spyware on phones.
- SAP has released its May 2023 Patch Day updates.
Windows security updates
In addition to Microsoft security updates, this May 2023 Patch Tuesday update also brought Windows 11 and Windows 10 cumulative updates. That includes KB5026372 and KB5026368 for Windows 11 and KB5026361 for Windows 10 version 22H2. So if you are running any of these Windows versions make sure you update them as you install the new patches.
Windows 7 and Windows 8.1 reached the End of support from Microsoft, which means the company no longer provides frequent updates or security patches for these operating systems. For more information please visit the Microsoft lifecycle page at https://learn.microsoft.com/en-us/lifecycle/end-of-support/end-of-support-2023
Windows 11 KB5026372 and KB5026368
For client OS Windows 11 version 22H2 and 21H1 fix 20 vulnerabilities, 4 critical and 16 important
- Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability — CVE-2023-24903
- Windows OLE Remote Code Execution Vulnerability — CVE-2023-29325
- Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability — CVE-2023-24943
- Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability — CVE-2023-28283
Today’s cumulative update Windows 11 KB5026372 Enhance build number 22621.1702 and bring the following fixes.
- This update fixes a race condition in the Windows Local Administrator Password Solution (LAPS), which causes the Local Security Authority Subsystem Service (LSASS) to become unresponsive. The LSASS stops responding due to the simultaneous processing of multiple local account operations, resulting in an access violation error code of 0xc0000005.
- Microsoft animated some of the icons for Widgets in the taskbar. For example, you will notice a new animation when a new announcement appears.
- Microsoft added a new toggle control on the Windows Update settings page. When turned on, Microsoft will prioritize the devices to get the latest non-security updates and enhancements when they are available.
- Microsoft Edge will now correctly display pop-up windows in the foreground rather than the background when using IE Mode.
- Fixed a Chinese input method issue that prevented Windows users from seeing suggested items.
- Protected content will no longer be visible in taskbar live thumbnail previews.
Microsoft noted two known issues with these updates, the first of them impact provisioning packages, while the second third-party user interface customizations may not start up after installing this update or future updates.
In addition, a bug prevents Windows devices with some third-party UI customization apps might not start up.
You can read the complete changelog Microsoft support blog here.
Windows 10 KB5026361 and KB5026362
For client OS Windows 10 version 22H2 and 21H1, Today’s patch update brings fixes for 19 vulnerabilities, 4 critical and 15 important
- Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability — CVE-2023-24903
- Windows OLE Remote Code Execution Vulnerability — CVE-2023-29325
- Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability — CVE-2023-24943
- Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability — CVE-2023-28283
Today’s cumulative update Windows 10 KB5026361 Enhance build number 19045.2965 and bring the following fixes
- Fixes a race condition in Windows Local Administrator Password Solution (LAPS), where a bug caused the Local Security Authority Subsystem Service (LSASS) to stop responding.
This occurs when the system processes multiple local account operations simultaneously. The access violation error code is 0xc0000005.
- The company has resolved an issue that previously affected Microsoft Edge IE mode. Pop-up windows will now open in the foreground instead of in the background.
- Another issue impacting Edge IE mode was also fixed, as the Tab Window Manager should no longer stop responding.
- Today’s update resolved an issue with the Chinese input method where the first suggested item was not entirely visible.
You can read the complete changelog Microsoft support blog here.
Download the Windows 10 Cumulative update
All these Security updates Automatically download and get installed on your device via Windows update. If your device has not received it yet open Settings, Update & Security and Check for updates. Once done restart your Device to apply the updates.
- Windows 11 KB5026372 (Version 22H2) offline installer Direct Download Link 64-bit.
- Windows 11 KB5026368 (Version 21H2) offline installer Direct Download Link 64-bit.
- Windows 10 KB5026361 (For versions 21H2 and 21H1) Direct Download Links: 64-bit and 32-bit (x86).
- Windows 10 KB5025229 (version 1809) 64-bit | Download and 32-bit | Download
The above link directly opens the Microsoft Update Catalog which is the library of Windows Update offline installers. You need to click on the ‘Download’ button next to the version of the OS installed on your machine and run the .msu files to begin the installation of the update.
If you are Looking for Windows 10 22H2 Update ISO image click here Or check How to Upgrade to Windows 10 version 22H2 Using the media creation tool.
If you face any difficulty while installing these updates, Check Windows 10 Update troubleshooting guide to fix the Windows 10 Cumulative update stuck downloading, failed to install with different errors, etc.
- What time do Patch Tuesday patches come out?
Microsoft schedules the release of security updates on “Patch Tuesday,” the second Tuesday of each month at 10:00 AM PST.
Is Patch Tuesday weekly or monthly?
Patch Tuesday falls on the second Tuesday of each month. The upcoming Patch Tuesday is on June 13, 2023.
- Why did the second Tuesday of every month call Patch Tuesday?
The second Tuesday of the month is referred to as “Patch Tuesday” because Microsoft attempts to combine the largest updates into this maintenance window.
- What is the latest update for Windows 10 May 2023?
The latest windows 10 KB5023696 for version 22H2 and 21H2 and KB5023702 for windows 10 version 1809
- What is the zero-day patch?
The term “Zero-Day” is used when security teams are unaware of their software vulnerability, and they’ve had “0” days to work on a security patch or an update to fix the issue.
Also read:
- WiFi disconnects automatically after the Windows 10 update? Try these solutions
- How To Flush and Reset the DNS Cache in Windows 10
- How To Uninstall Windows 10 Built-in apps with PowerShell
- Automatically Disable the touchpad when the mouse is connected to Windows 10
- Download the Latest Windows 10 ISO (Direct from the Microsoft server)
