Patch Tuesday is once again upon us. As always, our team has put together the monthly Patch Tuesday Report to help you manage your update progress. The audit report gives you a quick and clear overview of your Windows machines and their patching status. The May 2023 edition of Patch Tuesday brings us 38 new fixes, with 6 rated as critical, and 13 previously fixed vulnerabilities were updated. We've listed the most important changes below.
⚡ TL;DR | Go Straight to the May 2023 Patch Tuesday Audit Report
Microsoft SharePoint Server Remote Code Execution Vulnerability
One most critical vulnerabilities this month is in Microsoft SharePoint. CVE-2023-24955 only has a CVSS base score of 7.2 but the fact that this is a vulnerability in a popular Microsoft product and the fact that Microsoft lists that exploitation is "more likely" brings this to the top of the list.
To exploit this vulnerability an authenticated attacker as a Site Owner could execute code remotely on the SharePoint Server.
Windows Network File System Remote Code Execution Vulnerability
The second critical vulnerability is one which has seen multiple vulnerabilities in the past. The Network File System (NFS) contains the RCE vulnerability CVE-2023-24941. With a CVSS base score of 9.8 its obvious why this is one of the to-watch vulnerabilities.
Attackers can exploit this vulnerability by making an unauthenticated, specially crafted call to a Network File System service to trigger a Remote Code Execution. If you have NFS servers and you can't wait for the update, Microsoft does have mitigation steps in the advisory.
If you want a quick overview of your NFS servers, you can run our Windows Server NFS Role Audit.
Windows OLE Remote Code Execution Vulnerability
The last vulnerability I will cover is a vulnerability in the Windows Object Linking & Embedding component. CVE-2023-29325 has a CVSS base score of 8.1. Microsoft has quite some information on this vulnerability and does also list that exploitation is likely.
The vulnerability can be exploited through the Window's preview panes. They also provide an example of exploitation:
In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted email to the victim. Exploitation of the vulnerability might involve either a victim opening a specially crafted email with an affected version of Microsoft Outlook software, or a victim's Outlook application displaying a preview of a specially crafted email . This could result in the attacker executing remote code on the victim's machine.
Run the Patch Tuesday May 2023 Audit
To help manage your update progress, we've created the Patch Tuesday Audit that checks if the assets in your network are on the latest patch updates. The report has been color-coded to see which machines are up-to-date and which ones still need to be updated. As always, system administrators are urged to update their environment as soon as possible to ensure all endpoints are secured.
The Lansweeper Patch Tuesday report is automatically added to Lansweeper Cloud sites. Lansweeper Cloud is included in all our licenses without any additional cost and allows you to federate all your installations into one single view so all you need to do is look at one report, automatically added every patch Tuesday!
Patch Tuesday May 2023 CVE Codes & Titles
|CVE-2023-29344||Microsoft Office Remote Code Execution Vulnerability|
|CVE-2023-29343||SysInternals Sysmon for Windows Elevation of Privilege Vulnerability|
|CVE-2023-29341||AV1 Video Extension Remote Code Execution Vulnerability|
|CVE-2023-29340||AV1 Video Extension Remote Code Execution Vulnerability|
|CVE-2023-29338||Visual Studio Code Information Disclosure Vulnerability|
|CVE-2023-29336||Win32k Elevation of Privilege Vulnerability|
|CVE-2023-29335||Microsoft Word Security Feature Bypass Vulnerability|
|CVE-2023-29333||Microsoft Access Denial of Service Vulnerability|
|CVE-2023-29325||Windows OLE Remote Code Execution Vulnerability|
|CVE-2023-29324||Windows MSHTML Platform Security Feature Bypass Vulnerability|
|CVE-2023-28290||Microsoft Remote Desktop app for Windows Information Disclosure Vulnerability|
|CVE-2023-28283||Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability|
|CVE-2023-28251||Windows Driver Revocation List Security Feature Bypass Vulnerability|
|CVE-2023-24955||Microsoft SharePoint Server Remote Code Execution Vulnerability|
|CVE-2023-24954||Microsoft SharePoint Server Information Disclosure Vulnerability|
|CVE-2023-24953||Microsoft Excel Remote Code Execution Vulnerability|
|CVE-2023-24950||Microsoft SharePoint Server Spoofing Vulnerability|
|CVE-2023-24949||Windows Kernel Elevation of Privilege Vulnerability|
|CVE-2023-24948||Windows Bluetooth Driver Elevation of Privilege Vulnerability|
|CVE-2023-24947||Windows Bluetooth Driver Remote Code Execution Vulnerability|
|CVE-2023-24946||Windows Backup Service Elevation of Privilege Vulnerability|
|CVE-2023-24945||Windows iSCSI Target Service Information Disclosure Vulnerability|
|CVE-2023-24944||Windows Bluetooth Driver Information Disclosure Vulnerability|
|CVE-2023-24943||Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability|
|CVE-2023-24942||Remote Procedure Call Runtime Denial of Service Vulnerability|
|CVE-2023-24941||Windows Network File System Remote Code Execution Vulnerability|
|CVE-2023-24940||Windows Pragmatic General Multicast (PGM) Denial of Service Vulnerability|
|CVE-2023-24939||Server for NFS Denial of Service Vulnerability|
|CVE-2023-24932||Secure Boot Security Feature Bypass Vulnerability|
|CVE-2023-24911||Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability|
|CVE-2023-24905||Remote Desktop Client Remote Code Execution Vulnerability|
|CVE-2023-24904||Windows Installer Elevation of Privilege Vulnerability|
|CVE-2023-24903||Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability|
|CVE-2023-24902||Win32k Elevation of Privilege Vulnerability|
|CVE-2023-24901||Windows NFS Portmapper Information Disclosure Vulnerability|
|CVE-2023-24900||Windows NTLM Security Support Provider Information Disclosure Vulnerability|
|CVE-2023-24899||Windows Graphics Component Elevation of Privilege Vulnerability|
|CVE-2023-24898||Windows SMB Denial of Service Vulnerability|
|CVE-2023-24892||Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability|
|CVE-2023-24881||Microsoft Teams Information Disclosure Vulnerability|
|CVE-2023-24858||Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability|
|CVE-2023-23398||Microsoft Excel Spoofing Vulnerability|
|CVE-2023-23396||Microsoft Excel Denial of Service Vulnerability|
|CVE-2023-23383||Service Fabric Explorer Spoofing Vulnerability|
|CVE-2023-21779||Visual Studio Code Remote Code Execution Vulnerability|
|CVE-2023-21738||Microsoft Office Visio Remote Code Execution Vulnerability|
|CVE-2022-41104||Microsoft Excel Security Feature Bypass Vulnerability|
|CVE-2022-29900||AMD: CVE-2022-29900 AMD CPU Branch Type Confusion|
|CVE-2022-26928||Windows Photo Import API Elevation of Privilege Vulnerability|
|CVE-2021-28452||Microsoft Outlook Memory Corruption Vulnerability|
|CVE-2013-3900||WinVerifyTrust Signature Validation Vulnerability|