Microsoft have released a security advisory on the 10th of May 2023 in line with their regular monthly patch schedule which includes a number of updates to address five (5) medium risk vulnerabilities
These updates address vulnerabilities that could be exploited by attackers to conduct denial of service, elevation of privilege, remote code execution, security restriction bypass, information disclosure and spoofing.
For more information please see: Microsoft Security Update
This release consists of security updates for the following products, features and roles:
- Microsoft Teams
- Windows SMB
- Microsoft Graphics Component
- Windows NTLM
- Windows NFS Portmapper
- Windows Win32K
- Windows Secure Socket Tunneling Protocol (SSTP)
- Windows Installer
- Remote Desktop Client
- Windows Secure Boot
- Reliable Multicast Transport Driver (RMCAST)
- Windows Network File System
- Windows Remote Procedure Call Runtime
- Microsoft Bluetooth Driver
- Windows iSCSI Target Service
- Windows Backup Engine
- Windows Kernel
- Microsoft Office SharePoint
- Microsoft Office Excel
- Windows LDAP - Lightweight Directory Access Protocol
- Windows RDP Client
- Windows MSHTML Platform
- Windows OLE
- Microsoft Office Access
- Microsoft Office Word
- Visual Studio Code
- Microsoft Windows Codecs Library
- SysInternals
- Microsoft Office
- Microsoft Edge (Chromium-based)
CVE-2023-29336 is being exploited in the wild.
The vulnerability can be exploited by using Win32k to trigger elevation of privilege.
CVE-2023-24932 is being exploited in the wild.
The vulnerability can be exploited by using Windows Secure Boot to trigger security restriction bypass.
Matsco recommends any affected systems are updated as soon as convenient.
Please contact the Matsco Solutions team on the below if you would like any further information or would like to schedule a maintenance.
support@matscosolutions.com
Beijing +86 400 120 2782
Hong Kong +852 8101 8418
London +44 (0)20 7821 4950
New York +1 866 446 9226
Singapore +65 6100 1090
Share this Post