May 10, 2023Rabbi LakshmananZero-day / Vulnerability

Deployed by Microsoft Tuesday patch update To address 38 security flaws in May 2023, including one zero-day bug that it said was being actively exploited in the wild.

Trend Micro Zero Day Initiative (ZDI) Said Although the volume is the lowest since August 2021, “this number is expected to increase in the coming months,” he said.

Of the 38 vulnerabilities, 6 are rated critical and 32 are rated important. Eight of the flaws are tagged with a “highly exploitable” rating by Microsoft.

apart from this 18 flaws – Including 11 bugs from early May – Windows makers resolved it in Chromium-based Edge browser after releasing Patch Tuesday Update in April.

top of the list CVE-2023-29336 (CVSS score: 7.8), a Win32k privilege escalation flaw that is being actively exploited. It’s not immediately clear how widespread the attack is.

cyber security

“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” Microsoft said, noting that Avast researchers Jan Vojtěšek, Milánek, and Luigino Camastra reported the flaw. I admit it.

With this development, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified a known exploited vulnerability (KEV) catalogs and encourages organizations to apply the vendor remediation by May 30, 2023.

Also worth noting are two publicly known flaws. One of them is Windows OLE (CVE-2023-29325CVSS Score: 8.1) An attacker could weaponize by sending a specially crafted email to a victim.

As a mitigation, Microsoft recommends that users read email messages in plain text format to protect against this vulnerability.

A second known vulnerability is CVE-2023-24932 (CVSS Score: 6.7), Secure Boot security feature bypass weaponized by the exploiting BlackLotus UEFI bootkit CVE-2022-21894 (aka Baton Drop), resolved in January 2022.

“This vulnerability allows an attacker to use the Unified Extensible Firmware Interface (UEFI) level when secure boot is enabled”, Microsoft Said Separate guidance.

“It is primarily used by attackers as a persistence and defense evasion mechanism. I have.”

Note that Microsoft-provided fixes are disabled by default and customers must manually apply the revocation, but not before updating every bootable media.

upcoming webinars

Learn how to stop ransomware with real-time protection

Join our webinar to learn how real-time MFA and service account protection can stop ransomware attacks.

Save my seat!

“Once a mitigation for this issue is enabled on a device, which means that revocation is applied, continuing to use Secure Boot on that device is irreversible,” Microsoft said. warned“Reformatting the disk will not remove revocations if they have already been applied.”

The tech giant said it is taking a step-by-step approach to completely plugging attack vectors to avoid the risk of unintentional disruption. This is expected to continue through the first quarter of 2024.

“Modern UEFI-based secure boot schemes are very complex to configure correctly and to significantly reduce the attack surface,” said firmware security firm Binarly. I got it Early March of this year. “That said, bootloader attacks are unlikely to go away anytime soon.”

Software patches from other vendors

In addition to Microsoft, other vendors have released security updates over the past few weeks to fix several vulnerabilities, including:

Did you find this article interesting?Please follow us twitter and LinkedIn To read more exclusive content that we post.



Register now for our membership to gain access to our elite training program and fast forward your career today!


Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

Security Blog

Blue Training Academy

Blue Training Academy was developed in 2018 as a educational and training facility for continuing education and certification courses. Blue Training Academy is an educational institution that allows for all sectors of the public and Criminal Justice field to gain ongoing training and education.

Copyright ©️ All rights reserved. | Blue Training Academy Blog