Microsoft Monthly Security Update (May 2023)

Last Update Date: 28 Mar 2024 Release Date: 10 May 2023 10459 Views

RISK: High Risk

High Risk

TYPE: Operating Systems - Windows OS

TYPE: Windows OS

[Updated on 2024-03-28]

Updated Source and Related Links.

CVE-2023-24955 vulnerability is exploited in the wild. In a network-based attack, an authenticated attacker as a Site Owner could execute code remotely on the SharePoint Server. Hence, the risk level is rated from Medium Risk to High Risk.

 

Microsoft has released monthly security update for their products:

 

Vulnerable ProductRisk LevelImpactsNotes
BrowserMedium Risk Medium RiskElevation of Privilege
Security Restriction Bypass		 
Microsoft OfficeHigh Risk High RiskInformation Disclosure
Spoofing
Remote Code Execution
Security Restriction Bypass
Denial of Service

CVE-2023-24955 

vulnerability is exploited in the wild. In a network-based attack, an authenticated attacker as a Site Owner could execute code remotely on the SharePoint Server. Hence, the risk level is rated from Medium Risk to High Risk.

WindowsMedium Risk Medium RiskRemote Code Execution
Denial of Service
Elevation of Privilege
Information Disclosure
Security Restriction Bypass

CVE-2023-29336

is being exploited in the wild.

The vulnerability can be exploited by using Win32k to trigger elevation of privilege, but this CVE is required local access and it is rated as risk medium.

 

CVE-2023-24932

is being exploited in the wild.

The vulnerability can be exploited by using Windows Secure Boot to trigger security restriction bypass, but this CVE is required local access and it is rated as risk medium.

Extended Security Updates (ESU)Medium Risk Medium RiskRemote Code Execution
Information Disclosure
Denial of Service
Elevation of Privilege
Security Restriction Bypass

CVE-2023-29336

is being exploited in the wild.

The vulnerability can be exploited by using Win32k to trigger elevation of privilege, but this CVE is required local access and it is rated as risk medium.

 

CVE-2023-24932

is being exploited in the wild.

The vulnerability can be exploited by using Windows Secure Boot to trigger security restriction bypass, but this CVE is required local access and it is rated as risk medium.

Developer ToolsMedium Risk Medium RiskInformation Disclosure
Elevation of Privilege		 

 

Number of 'Extremely High Risk' product(s): 0

Number of 'High Risk' product(s): 1

Number of 'Medium Risk' product(s): 4

Number of 'Low Risk' product(s): 0

Evaluation of overall 'Risk Level': High Risk

Impact

  • Denial of Service
  • Elevation of Privilege
  • Information Disclosure
  • Remote Code Execution
  • Spoofing
  • Security Restriction Bypass

System / Technologies affected

  • Browser
  • Microsoft Office
  • Windows
  • Extended Security Updates (ESU)
  • Developer Tools

Solutions

Before installation of the software, please visit the vendor web-site for more details.

  •  Apply fixes issued by the vendor.

Vulnerability Identifier

Source

Related Link

Related Tags

MicrosoftDenial of ServiceElevation of PrivilegeRemote Code ExecutionSecurity Restriction BypassInformation DisclosureSpoofingExploit In The Wild

Share with

Previous

Apple Product Remote Code Execution Vulnerability

26 Mar 2024 3191 Views

Next

Google Chrome Multiple Vulnerabilities

27 Mar 2024 8208 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY