Microsoft May 2023 Patch Tuesday fixes 3 zero-days, 38 flaws

Gandalf_The_Grey

Gandalf_The_Grey

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,871
Content source
https://www.bleepingcomputer.com/news/microsoft/microsoft-may-2023-patch-tuesday-fixes-3-zero-days-38-flaws/
Today is Microsoft's May 2023 Patch Tuesday, and security updates fix three zero-day vulnerabilities and a total of 38 flaws.

Six vulnerabilities are classified as 'Critical' as they allow remote code execution, the most severe type of vulnerability.

The number of bugs in each vulnerability category is listed below:
  • 8 Elevation of Privilege Vulnerabilities
  • 4 Security Feature Bypass Vulnerabilities
  • 12 Remote Code Execution Vulnerabilities
  • 8 Information Disclosure Vulnerabilities
  • 5 Denial of Service Vulnerabilities
  • 1 Spoofing Vulnerability
Today's Patch Tuesday is one of the smallest in terms of resolved vulnerabilities, with only thirty-eight vulnerabilities fixed, not including eleven Microsoft Edge vulnerabilities fixed last week, on May 5th.
Click to expand...
www.bleepingcomputer.com

Microsoft May 2023 Patch Tuesday fixes 3 zero-days, 38 flaws

Today is Microsoft's May 2023 Patch Tuesday, and security updates fix three zero-day vulnerabilities and a total of 38 flaws.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
  • +Reputation
  • Thanks
Reactions: dinosaur07, JB007, Nevi and 13 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,871
The May 2023 Security Update Review
It’s patch Tuesday once again, and Adobe and Microsoft have released their monthly batch of security updates. Take a break from your regularly scheduled activities and join us as we review the details of the latest offerings from Microsoft and Adobe. If you’d rather watch the video recap, you can check out the Patch Report webcast on our YouTube channel. It should be posted within a couple of hours after the release.

Adobe Patches for May 2023

For May, Adobe released a single bulletin for Substance 3D Painter addressing 11 Critical-rated and 3 Important-rated vulnerabilities. All of these bugs were found and reported by ZDI vulnerability researcher Mat Powell. The most severe of these issues would allow an attacker to execute arbitrary code on an affected system if they can convince a user to open a specially-crafted file.

None of the bugs fixed by Adobe this month are listed as publicly known or under active attack at the time of release. Adobe categorizes these updates as a deployment priority rating of 3.

Microsoft Patches for May 2023

This month, Microsoft released 38 new patches addressing CVEs in Microsoft Windows and Windows Components; Office and Office Components; Microsoft Edge (Chromium-based); SharePoint Server; Visual Studio; SysInternals; and Microsoft Teams. This is in addition to 11 CVEs in Chromium that were previously released for Edge and are now being documented in the Security Updates Guide.

A total of four of these bugs came were submitted through the ZDI program. This includes three SharePoint fixes that were reported during the most recent Pwn2Own Vancouver competition. However, none of the other bugs reported at that event have yet to be addressed by Microsoft.

Of the new patches released today, seven are rated Critical and 31 are rated Important in severity. May tends to be a smaller month for fixes historically, but this month’s volume is the lowest since August 2021. However, considering just the number of ZDI cases waiting to be patched, this number is expected to rise in the coming months.

One of the new CVEs is listed as under active attack and two are listed as publicly known at the time of release.
Click to expand...
www.zerodayinitiative.com

Zero Day Initiative — The May 2023 Security Update Review

It’s patch Tuesday once again, and Adobe and Microsoft have released their monthly batch of security updates. Take a break from your regularly scheduled activities and join us as we review the details of the latest offerings from Microsoft and Adobe. If you’d rather watch the video recap, you can ch
www.zerodayinitiative.com www.zerodayinitiative.com
 
  • Like
  • +Reputation
Reactions: JB007, Nevi, simmerskool and 9 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,871
Microsoft patches several critical security issues on the May 2023 Windows Patch Day
Microsoft released security updates and non-security updates for all supported versions of its Windows operating system and other company products on the May 2023 Patch Tuesday.

All versions of Windows are affected by critical updates. Updates were also released for other Microsoft products, including Microsoft Edge and Microsoft Office.

This overview provides system administrators and home users with information on the released patches. It offers an overview of the Windows updates, lists known issues, links to support pages and direct downloads, and more.
Click to expand...
You can download the following Excel spreadsheet. It lists the released security updates of the May 2023 Microsoft Patch Day. Click on the following link to download it: windows may 2023 security updates

Executive Summary​

  • Microsoft released security updates for all supported client and server versions of Windows.
  • Security updates were also released for Microsoft Office, Visual Studio Code, Microsoft Bluetooth Driver, Windows Backup Engine, Remote Desktop Client, Windows SMB and Microsoft Teams.
  • The following Windows client version have known issues: Windows 10 version 1809, Windows 10 version 20H2, 21H2 and 22H2, Windows 11 version 21H2 and 22H2.
  • The following Windows server versions have known issues: Windows Server 2008 and 2008 R2, Windows Server 2019 and 2022
  • Microsoft won't release feature updates for Windows 10 anymore. Windows 10 version 22H2 is the last version of Windows 10.
Click to expand...
www.ghacks.net

Microsoft patches several critical security issues on the May 2023 Windows Patch Day - gHacks Tech News

Microsoft released security and non-security updates for all supported versions of Windows on the May 2023 Patch Day.
www.ghacks.net
 
  • Like
  • +Reputation
Reactions: plat, JB007, Nevi and 10 others
simmerskool

simmerskool

Level 42
Verified
Top Poster
Well-known
Apr 16, 2017
3,137
Zero Knowledge said:
Honestly that's a good result for MS. 38 compared to the usual 90 +. Big improvement even though 12 RCE's it's actually a good result and down.

I guess Edge has taken care of a lot of update patches/problems with it updating almost daily.
Click to expand...
I was working online with an MS tech today, and she closed Edge and open Chrome to get done what she was trying to do :ROFLMAO:
 
  • HaHa
  • Like
  • Applause
Reactions: oldschool, plat, vtqhtr413 and 2 others
simmerskool

simmerskool

Level 42
Verified
Top Poster
Well-known
Apr 16, 2017
3,137
Max90 said:
Raises so many questions, was she working on her or your PC and what was she trying to do? Edge has more restrictions than Chrome.
Click to expand...
yes, I let MS tech Angelina login to my win10. First time doing that on this computer since 2016, that I'm aware of :ROFLMAO: Overall I thought she was good, or very good, although she first tried everything I had tried and failed too. I do still have the win10 dot iso she used for the in-place upgrade.
 
  • Like
Reactions: ForgottenSeer 97327 and oldschool
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • +Reputation
    • Applause
Security News Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws
Replies
1
Views
919
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Like
    • +Reputation
Security News Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws
Replies
2
Views
471
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Like
    • +Reputation
Security News Microsoft September 2024 Patch Tuesday fixes 4 zero-days, 79 flaws
Replies
2
Views
1,717
Security News
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top