Deployed by Microsoft Tuesday patch update To address 38 security flaws in May 2023, including one zero-day bug that it said was being actively exploited in the wild.
Trend Micro Zero Day Initiative (ZDI) Said Although the volume is the lowest since August 2021, “this number is expected to increase in the coming months,” he said.
Of the 38 vulnerabilities, 6 are rated critical and 32 are rated important. Eight of the flaws are tagged with a “highly exploitable” rating by Microsoft.
apart from this 18 flaws โ Including 11 bugs from early May โ Windows makers resolved it in Chromium-based Edge browser after releasing Patch Tuesday Update in April.
top of the list CVE-2023-29336 (CVSS score: 7.8), a Win32k privilege escalation flaw that is being actively exploited. It’s not immediately clear how widespread the attack is.
“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” Microsoft said, noting that Avast researchers Jan Vojtฤลกek, Milรกnek, and Luigino Camastra reported the flaw. I admit it.
With this development, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified a known exploited vulnerability (KEV) catalogs and encourages organizations to apply the vendor remediation by May 30, 2023.
Also worth noting are two publicly known flaws. One of them is Windows OLE (CVE-2023-29325CVSS Score: 8.1) An attacker could weaponize by sending a specially crafted email to a victim.
As a mitigation, Microsoft recommends that users read email messages in plain text format to protect against this vulnerability.
A second known vulnerability is CVE-2023-24932 (CVSS Score: 6.7), Secure Boot security feature bypass weaponized by the exploiting BlackLotus UEFI bootkit CVE-2022-21894 (aka Baton Drop), resolved in January 2022.
“This vulnerability allows an attacker to use the Unified Extensible Firmware Interface (UEFI) level when secure boot is enabledโ, Microsoft Said Separate guidance.
โIt is primarily used by attackers as a persistence and defense evasion mechanism. I have.โ
Note that Microsoft-provided fixes are disabled by default and customers must manually apply the revocation, but not before updating every bootable media.
Learn how to stop ransomware with real-time protection
Join our webinar to learn how real-time MFA and service account protection can stop ransomware attacks.
“Once a mitigation for this issue is enabled on a device, which means that revocation is applied, continuing to use Secure Boot on that device is irreversible,” Microsoft said. warned“Reformatting the disk will not remove revocations if they have already been applied.”
The tech giant said it is taking a step-by-step approach to completely plugging attack vectors to avoid the risk of unintentional disruption. This is expected to continue through the first quarter of 2024.
โModern UEFI-based secure boot schemes are very complex to configure correctly and to significantly reduce the attack surface,โ said firmware security firm Binarly. I got it Early March of this year. “That said, bootloader attacks are unlikely to go away anytime soon.”
Software patches from other vendors
In addition to Microsoft, other vendors have released security updates over the past few weeks to fix several vulnerabilities, including:
