Microsoft May 2023 Patch Tuesday fixes 3 zero-days, 38 flaws

[Gandalf_The_Grey]

Content source

https://www.bleepingcomputer.com/news/microsoft/microsoft-may-2023-patch-tuesday-fixes-3-zero-days-38-flaws/

Today is Microsoft's May 2023 Patch Tuesday, and security updates fix three zero-day vulnerabilities and a total of 38 flaws.

Six vulnerabilities are classified as 'Critical' as they allow remote code execution, the most severe type of vulnerability.

The number of bugs in each vulnerability category is listed below:

• 8 Elevation of Privilege Vulnerabilities
• 4 Security Feature Bypass Vulnerabilities
• 12 Remote Code Execution Vulnerabilities
• 8 Information Disclosure Vulnerabilities
• 5 Denial of Service Vulnerabilities
• 1 Spoofing Vulnerability

Today's Patch Tuesday is one of the smallest in terms of resolved vulnerabilities, with only thirty-eight vulnerabilities fixed, not including eleven Microsoft Edge vulnerabilities fixed last week, on May 5th.

Microsoft May 2023 Patch Tuesday fixes 3 zero-days, 38 flaws

Today is Microsoft's May 2023 Patch Tuesday, and security updates fix three zero-day vulnerabilities and a total of 38 flaws.

www.bleepingcomputer.com

 

[Gandalf_The_Grey]

The May 2023 Security Update Review

It’s patch Tuesday once again, and Adobe and Microsoft have released their monthly batch of security updates. Take a break from your regularly scheduled activities and join us as we review the details of the latest offerings from Microsoft and Adobe. If you’d rather watch the video recap, you can check out the Patch Report webcast on our YouTube channel. It should be posted within a couple of hours after the release.

Adobe Patches for May 2023

For May, Adobe released a single bulletin for Substance 3D Painter addressing 11 Critical-rated and 3 Important-rated vulnerabilities. All of these bugs were found and reported by ZDI vulnerability researcher Mat Powell. The most severe of these issues would allow an attacker to execute arbitrary code on an affected system if they can convince a user to open a specially-crafted file.

None of the bugs fixed by Adobe this month are listed as publicly known or under active attack at the time of release. Adobe categorizes these updates as a deployment priority rating of 3.

Microsoft Patches for May 2023

This month, Microsoft released 38 new patches addressing CVEs in Microsoft Windows and Windows Components; Office and Office Components; Microsoft Edge (Chromium-based); SharePoint Server; Visual Studio; SysInternals; and Microsoft Teams. This is in addition to 11 CVEs in Chromium that were previously released for Edge and are now being documented in the Security Updates Guide.

A total of four of these bugs came were submitted through the ZDI program. This includes three SharePoint fixes that were reported during the most recent Pwn2Own Vancouver competition. However, none of the other bugs reported at that event have yet to be addressed by Microsoft.

Of the new patches released today, seven are rated Critical and 31 are rated Important in severity. May tends to be a smaller month for fixes historically, but this month’s volume is the lowest since August 2021. However, considering just the number of ZDI cases waiting to be patched, this number is expected to rise in the coming months.

One of the new CVEs is listed as under active attack and two are listed as publicly known at the time of release.

Zero Day Initiative — The May 2023 Security Update Review

It’s patch Tuesday once again, and Adobe and Microsoft have released their monthly batch of security updates. Take a break from your regularly scheduled activities and join us as we review the details of the latest offerings from Microsoft and Adobe. If you’d rather watch the video recap, you can ch

www.zerodayinitiative.com

 

[Gandalf_The_Grey]

Microsoft patches several critical security issues on the May 2023 Windows Patch Day

Microsoft released security updates and non-security updates for all supported versions of its Windows operating system and other company products on the May 2023 Patch Tuesday.

All versions of Windows are affected by critical updates. Updates were also released for other Microsoft products, including Microsoft Edge and Microsoft Office.

This overview provides system administrators and home users with information on the released patches. It offers an overview of the Windows updates, lists known issues, links to support pages and direct downloads, and more.

You can download the following Excel spreadsheet. It lists the released security updates of the May 2023 Microsoft Patch Day. Click on the following link to download it: windows may 2023 security updates

Executive Summary​

• Microsoft released security updates for all supported client and server versions of Windows.
• Security updates were also released for Microsoft Office, Visual Studio Code, Microsoft Bluetooth Driver, Windows Backup Engine, Remote Desktop Client, Windows SMB and Microsoft Teams.
• The following Windows client version have known issues: Windows 10 version 1809, Windows 10 version 20H2, 21H2 and 22H2, Windows 11 version 21H2 and 22H2.
• The following Windows server versions have known issues: Windows Server 2008 and 2008 R2, Windows Server 2019 and 2022
• Microsoft won't release feature updates for Windows 10 anymore. Windows 10 version 22H2 is the last version of Windows 10.

Microsoft patches several critical security issues on the May 2023 Windows Patch Day - gHacks Tech News

Microsoft released security and non-security updates for all supported versions of Windows on the May 2023 Patch Day.

www.ghacks.net

 

[Zero Knowledge]

Honestly that's a good result for MS. 38 compared to the usual 90 +. Big improvement even though 12 RCE's it's actually a good result and down.

I guess Edge has taken care of a lot of update patches/problems with it updating almost daily.

 

[simmerskool]

Honestly that's a good result for MS. 38 compared to the usual 90 +. Big improvement even though 12 RCE's it's actually a good result and down.

I guess Edge has taken care of a lot of update patches/problems with it updating almost daily.

I was working online with an MS tech today, and she closed Edge and open Chrome to get done what she was trying to do

 

[ForgottenSeer 97327]

I was working online with an MS tech today, and she closed Edge and open Chrome to get done what she was trying to do

Raises so many questions, was she working on her or your PC and what was she trying to do? Edge has more restrictions than Chrome.

 

[simmerskool]

Raises so many questions, was she working on her or your PC and what was she trying to do? Edge has more restrictions than Chrome.

yes, I let MS tech Angelina login to my win10. First time doing that on this computer since 2016, that I'm aware of Overall I thought she was good, or very good, although she first tried everything I had tried and failed too. I do still have the win10 dot iso she used for the in-place upgrade.