Virtual Administrator’s May 2023 Patch Recommendations

Patch Recommendations

This month Microsoft released patches for 49 vulnerabilities with 6 rated “Critical” in severity.

All patches will be approved in our patch policy.

There are, thankfully, fewer patches this month with few known issues.

The top priority this month are CVE-2023-24932, CVE-2023-29325 and CVE-2023-29336. CVE-2023-24932 is an actively exploited Zero-Day Vulnerability affecting Windows Secure Boot Feature. The CVSS score is low (6.7) as an attacker needs physical access or Administrative rights to the target device. The patch updates the Windows Boot Manager, but is not enabled by default. Additional steps are required at this time to mitigate the vulnerability – see FYI below.

CVE-2023-29325 is a publicly disclosed vulnerability affecting Windows OLE (Object Linking and Embedding). Microsoft warns the Preview Pane feature in Microsoft Outlook and Office is a vector for exploitation. CVE-2023-29336 is an actively exploited Zero-Day Vulnerability affecting Microsoft’s Win32k Kernel driver. The highest CVSS scores of 9.8 go to CVE-2023-24941 and CVE-2023-24943. CVE-2023-24941 affects the Windows Network File System, and can be exploited over the network by making an unauthenticated, specially crafted request. CVE-2023-24943 is a Remote Code Execution (RCE) vulnerability affecting Windows Pragmatic General Multicast (PGM).

Disclosed: CVE-2023-24932, CVE-2023-29325
Exploited: CVE-2023-24932, CVE-2023-29336

FYI CVE-2023-24932 Secure Boot Security Feature Bypass Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24932
Are there additional steps I need to take to be protected from this vulnerability?

The security update addresses the vulnerability by updating the Windows Boot Manager, but is not enabled by default. Additional steps are required at this time to mitigate the vulnerability. Please refer to the following for steps to determine impact on your environment: KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932 (https://support.microsoft.com/help/5025885).

Per the KB this is the “Initial Deployment” and with a “Second Deployment” on July 11, 2023 and “Enforcement” tentatively scheduled for the first quarter of 2024.

Heads Up!

Windows 10, version 21H2 will reach end of service on June 13, 2023. We will continue to service the following editions of Windows 10, version 21H2: Windows 10 Enterprise and Education, Windows 10 IoT Enterprise, and Windows 10 Enterprise multi-session.
Windows 10, version 21H2 end of servicing (Home & Pro)
https://learn.microsoft.com/en-us/lifecycle/announcements/windows-10-21h2-end-of-servicing

All editions of Windows 10, version 22H2 will continue to receive security and optional releases.

Security Update Guide

https://portal.msrc.microsoft.com/en-us/security-guidance

Morphus Labs patch dashboard here: https://patchtuesdaydashboard.com

Microsoft Security Advisories
None

Known Issues
No new issues reported by Microsoft.

Microsoft continues to list unresolved older problems under the Known Issues for new patches. So if you have not yet experienced one of these issues it is unlikely it will occur now.

Good resource for known issues with Windows 10/11 patches. Find the version and click on “Known issues”.
Windows release health
https://docs.microsoft.com/en-us/windows/release-health/

Monthly Rollup/Security Only/Windows 10,11/Server 2016,2019,2022 KBs

Links are https://support.microsoft.com/en-us/help/####### with the KB number only.

Security and Quality Rollup

  • KB5026413 – Windows Server 2008 R2 (ESU)
  • KB5026415 – Windows Server 2012 R2
  • KB5026419 – Windows Server 2012
  • KB5026408 – Windows Server 2008 (ESU)

Security Only Update

  • KB5026426 – Windows Server 2008 R2 (ESU)
  • KB5026409 – Windows Server 2012 R2
  • KB5026411 – Windows Server 2012
  • KB5026427 – Windows Server 2008 (ESU)

Cumulative Updates

Windows 10

  • KB5026382 – Original release version 1507 (OS Build 10240)
  • KB5026363 – Version 1607 “Anniversary Update” (OS Build 14393)
  • KB5026362 – Version 1809 “October 2018 Update” (OS Build 17763)
  • KB5026361 – Version 20H2 “October 2020 Update” (OS Build 19042)
  • KB5026361 – Version 21H2 “November 2021 Update” (OS Build 19044)
  • KB5026361 – Version 22H2 “November 2022 Update” (OS Build 19045)
    (Versions 1511,1703,1709,1803,1903,2004 are no longer under support)

Windows 11

  • KB5026368 – 21H2 (OS Build 22000) Original release
  • KB5026372 – 22H2 (OS Build 22621)

Windows Server

  • KB5026363 – Server 2016 (same KB as Windows 10 Version 1607)
  • KB5026362 – Server 2019 (same KB as Windows 10 Version 1809)\
  • KB5026370 – Server 2022 (OS Build 20348)

May 2023 updates for Microsoft Office

https://support.microsoft.com/en-us/topic/may-2023-updates-for-microsoft-office-ae1f273c-e093-4482-bc83-f6b48d3244ac

Notable CVEs

CVE-2023-24932 | Secure Boot Security Feature Bypass Vulnerability (Cumulative Update/Monthly Rollup)
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24932
“An attacker who successfully exploited this vulnerability could bypass Secure Boot.”

CVE-2023-24941 | Windows Network File System Remote Code Execution Vulnerability (Cumulative Update/Monthly Rollup)
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24941
“This vulnerability could be exploited over the network by making an unauthenticated, specially crafted call to a Network File System (NFS) service to trigger a Remote Code Execution (RCE).”

CVE-2023-24943 | Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability (Cumulative Update/Monthly Rollup)
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24943
“When Windows message queuing service is running in a PGM Server environment, an attacker could send a specially crafted file over the network to achieve remote code execution and attempt to trigger malicious code.”

CVE-2023-28283 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability (Cumulative Update/Monthly Rollup)
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28283
“An unauthenticated attacker who successfully exploited this vulnerability could gain code execution through a specially crafted set of LDAP calls to execute arbitrary code within the context of the LDAP service.”

CVE-2023-29325 | Windows OLE Remote Code Execution Vulnerability (Cumulative Update/Monthly Rollup)
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29325
“In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted email to the victim. Exploitation of the vulnerability might involve either a victim opening a specially crafted email with an affected version of Microsoft Outlook software, or a victim’s Outlook application displaying a preview of a specially crafted email . This could result in the attacker executing remote code on the victim’s machine.”

CVE-2023-29336 | Win32k Elevation of Privilege Vulnerability (Cumulative Update/Monthly Rollup)
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29336
“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.