Randy Franklin Smith's Ultimate Windows Security

Upcoming Webinars

BlackLotus and the Untold Story of how UEFI Secure Boot Became a Gateway for Cyber Attacks on Millions of Servers

Webinar Library

Latest Blogs

How to Detect Pass-the-Hash Attacks Blog Series

Come meet Randy in Orlando at Microsoft Ignite at Quest's Booth #1818

Detecting Pass-the-Hash with Honeypots

Catch Malware Hiding in WMI with Sysmon

For of all sad words of tongue or pen, the saddest are these: 'We weren’t logging’

Experimenting with Windows Security: Controls for Enforcing Policies

Sysmon Event IDs 1, 6, 7 Report All the Binary Code Executing on Your Network

Yet Another Ransomware Can That Can be Immediately Detected with Process Tracking on Workstations

Cracking AD Passwords with NTDSXtract, Dsusers.py and John the Ripper

Cracking local windows passwords with Mimikatz, LSA dump and Hashcat

Top Resources

Security Log

Additional Resources

May, 2023: Patch Tuesday - 3 Zero Days but a pretty light month

This month Microsoft released updates for only 57 vulnerabilties so we are under the average triple digits for patches. Of the 57 vulnerabilities only 7 are critical this month. We do have three zero days to deal with though. CVE-2023-24932 is exploited and public. This vulnerability allows and attacker to bypass Secure Boot and install the BlackLotus UEFI bootkit. CVE-2023-29325 is public but not currently being reported as exploited by Microsoft. CVE-2023-29336 is currently being exploited and a successful exploit results in the attacker gaining SYSTEM privileges. You will want to make sure all three of these are updated ASAP. I'm really surprised that we have so few vulnerabilities this month. I guess we'll see if next month makes up for it. Happy patching!

So, without further ado, here’s the chart of MS patches that affect Windows platforms in the past month.

Patch data provided by:
Technology	Products Affected	Severity	Reference	Workaround/ Exploited / Publicly Disclosed	Vulnerability Info
Windows	Windows 10, 11 Server 2008 SP2, 2008R2 SP1, 2012, 2012 R2, 2016, 2019, 2022 including Server Core Installations AV1 Video Extension Remote Desktop	Critical	CVE-2023-24898 CVE-2023-24899 CVE-2023-24900 CVE-2023-24901 CVE-2023-24902 CVE-2023-24903 CVE-2023-24904 CVE-2023-24905 CVE-2023-24932 CVE-2023-24939 CVE-2023-24940 CVE-2023-24941 CVE-2023-24942 CVE-2023-24943 CVE-2023-24944 CVE-2023-24945 CVE-2023-24946 CVE-2023-24947 CVE-2023-24948 CVE-2023-24949 CVE-2023-28251 CVE-2023-28283 CVE-2023-28290 CVE-2023-29324 CVE-2023-29325 CVE-2023-29336 CVE-2023-29340 CVE-2023-29341	Workaround: No Exploited: Yes Public: Yes**	Denial of Service Elevation of Privilege Information Disclosure Remote Code Execution Security Feature Bypass
Edge	Chromium-based Edge for Android	Critical	CVE-2023-2033 CVE-2023-2133 CVE-2023-2134 CVE-2023-2135 CVE-2023-2136 CVE-2023-2137 CVE-2023-2459 CVE-2023-2460 CVE-2023-2462 CVE-2023-2463 CVE-2023-2464 CVE-2023-2465 CVE-2023-2466 CVE-2023-2467 CVE-2023-2468 CVE-2023-29334 CVE-2023-29350 CVE-2023-29354	Workaround: No Exploited: No Public: No	Elevation of Privilege Security Feature Bypass Spoofing
Office	365 Apps for Enterprise Office 2019, LTSC 2021 2019 for Mac, LTSC Mac 2021 Excel/Word 2013 RT SP1, 2013 SP1, 2016 Teams Online Server	Critical	CVE-2023-24881 CVE-2023-24953 CVE-2023-29333 CVE-2023-29335 CVE-2023-29344	Workaround: No Exploited: No Public: No	Denial of Service Information Disclosure Remote Code Execution Security Feature Bypass Spoofing
SharePoint	Enterprise Server 2016 Server 2019 Server Subscription Edition	Important	CVE-2023-24950 CVE-2023-24954 CVE-2023-24955	Workaround: No Exploited: No Public: No	Information Disclosure Remote Code Execution Spoofing
Visual Studio	VS Code	Important	CVE-2023-29338	Workaround: No Exploited: No Public: No	Information Disclosure
Sysmon	N/A	Important	CVE-2023-29343	Workaround: No Exploited: No Public: No	Elevation of Privilege
System Center	Malware Protection Platform	Important	CVE-2023-24934	Workaround: No Exploited: No Public: No	Security Feature Bypass

Send me this chart next Patch Tuesday.

User name:
Password:
	/ Forgot?
	Register

May 2023 Patch Monday	"Patch Tuesday - 3 Zero Days but a pretty light month "

Home

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2023 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.