Service Notices

All Notices > Security Notices > Microsoft Releases May 2023 Security Updates

Microsoft Releases May 2023 Security Updates

May 11, 2023 GMT+08:00

I. Overview

Microsoft has released its May 2023 Security Updates. A total of 38 security vulnerabilities have been disclosed, among which 6 are marked as important vulnerabilities. Attackers can exploit these vulnerabilities to implement remote code execution, privilege escalation, and security feature bypass. The affected applications include components such as Microsoft Windows, Microsoft Office, Visual Studio Code, and AV1 Video Extension.

For details, visit the Microsoft official website:

https://msrc.microsoft.com/update-guide/en-us/releaseNote/2023-May

The following vulnerabilities have been exploited by attackers:

Secure Boot Security Feature Bypass Vulnerability (CVE-2023-24932): 0-day vulnerability. A security feature bypass vulnerability exists in the Secure Boot of the Windows operating system. An attacker who has physical access or Administrative rights to a target device could exploit this vulnerability to bypass Secure Boot and install an affected boot policy. Currently, the vulnerability details have been disclosed, and the vulnerability has been exploited by wild attacks. The risk is high.

Win32k Elevation of Privilege Vulnerability (CVE-2023-29336): 0-day vulnerability. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. This vulnerability has been exploited in the wild, and the risk is high.

Windows OLE Remote Code Execution Vulnerability (CVE-2023-29325): An attacker could exploit the vulnerability by sending the specially crafted email to the victim. Exploitation of the vulnerability might involve either a victim opening a specially crafted email with an affected version of Microsoft Outlook software, or a victim's email application displaying a preview of a specially crafted email. This could result in the attacker executing remote code on the victim's machine. The details of this vulnerability have been disclosed and the risk is high.

8 vulnerabilities (such as CVE-2023-24941, CVE-2023-29325, and CVE-2023-24949) are marked as Exploitation More Likely. For details, see the official announcement. Please perform security self-check and security hardening in a timely manner to reduce attack risks.

II. Severity

Severity: important

(Severity: low, moderate, important, and critical)

III. Affected Products

Microsoft Windows, Microsoft Office, Visual Studio Code, and AV1 Video Extension.

IV. Vulnerability Details

CVE ID

Vulnerability

Severity

Description

CVE-2023-24903

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

Important

An unauthenticated attacker could send a specially crafted malicious SSTP packet to an SSTP server. This could result in remote code execution on the server side.

CVE-2023-29325

Windows OLE Remote Code Execution Vulnerability

Important

An attacker could exploit the vulnerability by sending the specially crafted email to the victim. Exploitation of the vulnerability might involve either a victim opening a specially crafted email with an affected version of Microsoft Outlook software, or a victim's email application displaying a preview of a specially crafted email. This could result in the attacker executing remote code on the victim's machine.

CVE-2023-24955

Microsoft SharePoint Server Remote Code Execution Vulnerability

Important

A remote attacker can exploit this vulnerability to execute remote code on the target server.

CVE-2023-24943

Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability

Important

When the Windows Message Queuing service runs in the PGM Server environment, a remote attacker can send specially crafted files over the network to exploit the vulnerability. Successful exploitation of the vulnerability will cause remote code execution.

CVE-2023-24941

Windows Network File System Remote Code Execution Vulnerability

Important

An unauthenticated remote attacker could send a specially crafted call request to the target server to exploit the vulnerability. Successful exploitation of the vulnerability can cause remote code execution on the target system.

CVE-2023-28283

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

Important

An unauthenticated attacker who successfully exploited this vulnerability could gain code execution through a specially crafted set of LDAP calls to execute arbitrary code within the context of the LDAP service.

 (Note: Vulnerabilities listed above are important ones. For more information, refer to the official website of Microsoft.)

V. Security Recommendations

1. Use Windows Update or download patches from the following address to fix the vulnerabilities:

https://msrc.microsoft.com/update-guide

2. Back up data remotely to protect your data.

Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.