Microsoft has issued patches to repair over 40 vulnerabilities in its Windows operating systems in May. The upgrades contain fixes for two zero-day vulnerabilities that are already being targeted in active attacks. The security weaknesses found in Windows include vulnerabilities in Network File System and Lightweight Directory Access Protocol, along with two remote code execution flaws and an elevation of privilege weakness. It also includes fixes for Microsoft Outlook and Explorer, which could be exploited by cybercriminals to remotely install malware by using a specially-crafted email in the Outlook Preview Pane.
The first of the zero-day vulnerabilities is CVE-2023-29336, which is an “elevation of privilege” weakness. The vulnerability has a low attack complexity and requires low privileges and no user interaction. The attack vector for this bug is local. Kevin Breen, director of cyber threat research at Immersive Labs, stated that this is a crucial part of attackers’ objectives. He added that “once they gain initial access, they will seek administrative or SYSTEM-level permissions. This can allow the attacker to disable security tooling and deploy more attacker tools like Mimikatz that lets them move across the network and gain persistence.”
The other zero-day patch that has been seen actively used in attacks is CVE-2023-24932, which is a Secure Boot Security Feature Bypass flaw. It paves the way for “bootkit” malware, commonly known as BlackLotus. This type of vulnerability is dangerous because it allows the attacker to load malicious software before the operating system even starts up. The attacker would need physical access or administrative rights to a target device to install an affected boot policy.
Adam Barnett, lead software engineer at Rapid7, reported that CVE-2023-24932 deserves a much higher threat score. Microsoft also patched five remote code execution (RCE) flaws in Windows, two of which have high CVSS scores. CVE-2023-24941 has the highest CVSS score of 9.8 among all the flaws addressed this month. This flaw affects the Windows Network File System and can be exploited over the network by making an unauthenticated, specially crafted request, and Microsoft’s advisory also includes important mitigation advice.
Meanwhile, CVE-2023-28283 is a critical bug in the Windows Lightweight Directory Access Protocol (LDAP) that enables an unauthenticated attacker to execute malicious code on the vulnerable device. However, Microsoft says exploiting the flaw may be difficult and unreliable for attackers.
Another noteworthy weakness fixed this month is CVE-2023-29325, a weakness in Microsoft Outlook and Explorer that can be exploited by attackers to remotely install malware. This vulnerability can be exploited merely by viewing a specially-crafted email in the Outlook Preview Pane. Immersive Labs’ Breen said that “if an attacker were able to exploit this vulnerability, they would gain remote access to the victim’s account, where they could deploy additional malware.”
To ensure that your Windows system is secure, it is vital to update your operating system regularly. Please read email messages in plain text format, and consider backing up your data and imaging your system before applying any updates. If today’s updates cause any stability or usability problems in Windows, you can check AskWoody.com for further information.