Microsoft reveals small but vital security upgrade - so patch your devices now

News
By published

May's Microsoft Patch Tuesday is upon us, with some crucial fixes

Hand increasing the protection level by turning a knob
(Image credit: Shutterstock)

Microsoft has released this month’s cumulative cybersecurity update known as Patch Tuesday. It’s one of the smallest updates in terms of the number of flaws addressed, but it has still fixed some important vulnerabilities, so make sure to apply the patch as soon as possible.

In a follow-up security advisory, Microsoft said that it fixed a total of 38 vulnerabilities this month (not including the 11 Microsoft Edge browser flaws fixed a week ago). 

Among them are three zero-days, and six “critical” flaws allowing for remote code execution (RCE). 

Fixing zero-days

Here’s a full breakdown of the update:

  • 8 Elevation of Privilege Vulnerabilities
  • 4 Security Feature Bypass Vulnerabilities
  • 12 Remote Code Execution Vulnerabilities
  • 8 Information Disclosure Vulnerabilities
  • 5 Denial of Service Vulnerabilities
  • 1 Spoofing Vulnerability

Of the three zero-days, two were being actively used in the wild, to attack vulnerable endpoints. Those two are CVE-2023-29336, and CVE-2023-24932. The former is a Win32k Elevation of Privilege Vulnerability, a flaw in the Kernel driver that elevates privileges to the highest level - SYSTEM.

"An attacker who successfully exploited this vulnerability could gain SYSTEM privileges," Microsoft said in its advisory.

Read more

> The first Microsoft Patch Tuesday of 2023 includes some rather important fixes

> Microsoft's latest Patch Tuesday broke some VMs, but there's a fix

> These are the best malware removal tools at the moment

The latter is a Secure Boot Security Feature Bypass Vulnerability, which was being used in the wild to install the BlackLotus UEFI bootkit, it was said.

"To exploit the vulnerability, an attacker who has physical access or Administrative rights to a target device could install an affected boot policy," Microsoft further explained.

UEFI bootkits are highly disruptive malware that gets installed on the system firmware, and as such remains on the target endpoint even if the operating system gets reinstalled, or the hard drive replaced. According to BleepingComputer, someone has been selling the BlackLotus bootkit on underground forums since October 2022, and has been actively working on adding new features. Since March, the bootkit was able to bypass Secure Boot on fully patched Windows 11 devices. 

Via: BleepingComputer

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
A hacker wearing a hoodie sitting at a computer, his face hidden.
Microsoft patches three worrying security flaws in its latest critical update, so update now
Representational image of a cybercriminal
Microsoft just patched a host of worrying security issues, so update now
Flag of the People's Republic of China overlaid with a technological network of wires and circuits.
One of the biggest flaws exploited by Salt Typhoon hackers has had a patch available for years
Representational image depecting cybersecurity protection
Ivanti reveals major security update, so make sure you're protected
Representational image of a cybercriminal
Microsoft discovers five potentially damaging attacks against its own software
A person at a laptop with a cybersecure lock symbol floating above it.
Hackers are still using old Ivanti bugs to break into networks
Latest in Security
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Coinbase targeted after recent Github attacks
hacker.jpeg
Key trusted Microsoft platform exploited to enable malware, experts warn
IBM office logo
IBM to provide platform for flagship cyber skills programme for girls
Oracle
Oracle denies data breach after hacker claims to hold six million records
Hacker silhouette working on a laptop with North Korean flag on the background
North Korea unveils new military unit targeting AI attacks
An image of network security icons for a network encircling a digital blue earth.
US government warns agencies to make sure their backups are safe from NAKIVO security issue
Latest in News
A phone showing a ChatGPT app error message
ChatGPT is down for many – here's what's going on
AirPods Max with USB-C in every color
Apple's AirPods Max with USB-C will get lossless audio in April, but you'll need to go wired
A woman sitting in a chair looking at a Windows 11 laptop
It looks like Microsoft might have thought better about banishing Copilot AI shortcut from Windows 11
US flags
US government IT contracts set to be centralized in new Trump order
Tesla Roadster 2
Tesla is still taking deposits on its long overdue Roadster, despite promising it would arrive in 2020
Samsung HW-Q990D soundbar with Halloween theme over the top
Samsung promises to repair soundbars bricked by its disastrous software update for free – but it'll probably involve shipping
More about security
hacker.jpeg

Key trusted Microsoft platform exploited to enable malware, experts warn
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol

Coinbase targeted after recent Github attacks
iPhone 16 Pro Desert Titanium in hand

I think the rumored iPhone 17 Pro redesign looks great – but is it Apple enough?
See more latest