Microsoft May 2023 Patch Update is here!
Microsoft has unveiled its highly anticipated patch update for May 2023, addressing 38 flaws including three zero-day vulnerabilities.
Among the identified vulnerabilities, six are considered ‘Critical’ due to their ability to enable remote code execution, which is the most severe form of vulnerability.
“Three zero-day vulnerabilities are patched, alongside a further five critical Remote Code Execution (RCE) vulnerabilities,” noted a Rapid7 analysis of this month’s patches.
“None of the three zero-day vulnerabilities have a particularly high CVSSv3 base score, but timely patching is always indicated.”
Here is a quick summary of the Microsoft May 2023 patch update, including a list of all the vulnerabilities and easy mitigation strategies for Windows devices.
Microsoft May 2023 patch update: List of all the vulnerabilities and fixes
The Microsoft May 2023 patch update encompasses an extensive array of addressed vulnerabilities, including:
| Product | CVE | Base Score |
| Microsoft Teams | CVE-2023-24881 | 6.5 |
| Windows SMB | CVE-2023-24898 | 7.5 |
| Microsoft Graphics Component | CVE-2023-24899 | 7 |
| Windows NTLM | CVE-2023-24900 | 5.9 |
| Windows NFS Portmapper | CVE-2023-24901 | 7.5 |
| Windows Win32K | CVE-2023-24902 | 7.8 |
| Windows Secure Socket Tunneling Protocol (SSTP) | CVE-2023-24903 | 8.1 |
| Windows Installer | CVE-2023-24904 | 7.1 |
| Remote Desktop Client | CVE-2023-24905 | 7.8 |
| Windows Secure Boot | CVE-2023-24932 | 6.2 |
| Windows NFS Portmapper | CVE-2023-24939 | 7.5 |
| Reliable Multicast Transport Driver (RMCAST) | CVE-2023-24940 | 7.5 |
| Windows Network File System | CVE-2023-24941 | 9.8 |
| Windows Remote Procedure Call Runtime | CVE-2023-24942 | 7.5 |
| Reliable Multicast Transport Driver (RMCAST) | CVE-2023-24943 | 9.8 |
| Microsoft Bluetooth Driver | CVE-2023-24944 | 6.5 |
| Windows iSCSI Target Service | CVE-2023-24945 | 5.5 |
| Windows Backup Engine | CVE-2023-24946 | 7.8 |
| Microsoft Bluetooth Driver | CVE-2023-24947 | 8.8 |
| Microsoft Bluetooth Driver | CVE-2023-24948 | 7.4 |
| Windows Kernel | CVE-2023-24949 | 7.8 |
| Microsoft Office SharePoint | CVE-2023-24950 | 8.8 |
| Microsoft Office Excel | CVE-2023-24953 | 7.8 |
| Microsoft Office SharePoint | CVE-2023-24954 | 6.5 |
| Microsoft Office SharePoint | CVE-2023-24955 | 7.2 |
| Windows Secure Boot | CVE-2023-28251 | 5.5 |
| Windows LDAP – Lightweight Directory Access Protocol | CVE-2023-28283 | 8.1 |
| Windows RDP Client | CVE-2023-28290 | 5.5 |
| Windows MSHTML Platform | CVE-2023-29324 | 7.5 |
| Windows OLE | CVE-2023-29325 | 8.1 |
| Microsoft Office Access | CVE-2023-29333 | 3.3 |
| Microsoft Office Word | CVE-2023-29335 | 7.5 |
| Windows Win32K | CVE-2023-29336 | 7.8 |
| Visual Studio Code | CVE-2023-29338 | 5 |
| Microsoft Windows Codecs Library | CVE-2023-29340 | 7.8 |
| Microsoft Windows Codecs Library | CVE-2023-29341 | 7.8 |
| SysInternals | CVE-2023-29343 | 7.8 |
| Microsoft Office | CVE-2023-29344 | 7.8 |
| Microsoft Edge (Chromium-based) | CVE-2023-29350 | 7.5 |
| Microsoft Edge (Chromium-based) | CVE-2023-29354 | 4.7 |
For users utilizing the latest iteration of Windows 11 (version 22H2), this month’s Patch Tuesday Update introduces a new option on the Windows Update page, enabling the download of the latest optional non-security updates at the end of each month as soon as they become available.
Microsoft has also resolved the interoperability issue between the new Windows LAPS and legacy LAPS policies. This resolution extends to Windows 11 versions 22H2 and 21H2, as well as Windows 10 version 22H2.
The zero-day vulnerabilities include CVE-2023-29336 (Win32k Elevation of Privilege Vulnerability), CVE-2023-24932 (Secure Boot Security Bypass Vulnerability), and CVE-2023-29325 (Windows OLE Remote Code Execution Vulnerability).
“Administrators should be aware that additional actions are required for remediation of CVE-2023-24932 beyond simply applying the patches,” said the Rapid7 report.
“The patch enables the configuration options necessary for protection, but administrators must apply changes to UEFI config after patching.”
Furthermore, the KB5026372 update for Windows 11 version 22H2 presents new animated icons for widgets on the taskbar, adding an element of visual appeal.
Microsoft has also effectively rectified an issue causing minimized windows with protected content to be visible in taskbar live thumbnail previews.
The five RCE vulnerabilities patched this month include two bugs — CVE-2023-24941 and
CVE-2023-24943 — with high CVSSv3 base scores of 9.8.
“This vulnerability could be exploited over the network by making an unauthenticated, specially crafted call to a Network File System (NFS) service to trigger a Remote Code Execution (RCE),” said the Microsoft assessment.
Microsoft May 2023 patch update: The best practices for Windows updates
Organizations planning to deploy this month’s patches are advised to conduct thorough testing before widespread implementation on production systems.
To ensure smooth and successful Windows updates, it’s important to follow some best practices.
First, enable automatic updates on your Windows machine so that your system receives the latest patches and fixes as soon as they are available.
If automatic updates are disabled, make sure to check for updates manually to ensure timely installation.
Keeping your operating system up to date protects your system from threats and ensures compatibility with new software and hardware.
Another important practice is to regularly back up your data. Sometimes, a Windows update can cause unexpected issues or conflicts, and having a recent backup allows you to restore your system if needed.
Windows provides backup options like File History and System Image Backup. Regularly backing up your data helps you recover quickly and reduces the risk of data loss during the update process.
Lastly, it’s advisable to keep your device connected to a power source during the update installation.
Windows updates can take time to download and install, and a sudden power loss can lead to incomplete installations or system instability. By staying plugged in, you can avoid interruptions and minimize the chances of encountering issues during the update procedure.
