Microsoft Monthly Security Update (May 2023)

Release Date: 10 May 2023

RISK: Medium Risk

TYPE: Operating Systems - Windows OS

Microsoft has released monthly security update for their products:

Vulnerable Product	Risk Level	Impacts	Notes
Browser	Medium Risk	Elevation of Privilege Security Restriction Bypass
Microsoft Office	Medium Risk	Information Disclosure Spoofing Remote Code Execution Security Restriction Bypass Denial of Service
Windows	Medium Risk	Remote Code Execution Denial of Service Elevation of Privilege Information Disclosure Security Restriction Bypass	CVE-2023-29336 is being exploited in the wild. The vulnerability can be exploited by using Win32k to trigger elevation of privilege, but this CVE is required local access and it is rated as risk medium. CVE-2023-24932 is being exploited in the wild. The vulnerability can be exploited by using Windows Secure Boot to trigger security restriction bypass, but this CVE is required local access and it is rated as risk medium.
Extended Security Updates (ESU)	Medium Risk	Remote Code Execution Information Disclosure Denial of Service Elevation of Privilege Security Restriction Bypass	CVE-2023-29336 is being exploited in the wild. The vulnerability can be exploited by using Win32k to trigger elevation of privilege, but this CVE is required local access and it is rated as risk medium. CVE-2023-24932 is being exploited in the wild. The vulnerability can be exploited by using Windows Secure Boot to trigger security restriction bypass, but this CVE is required local access and it is rated as risk medium.
Developer Tools	Medium Risk	Information Disclosure Elevation of Privilege

Number of 'Extremely High Risk' product(s): 0

Number of 'High Risk' product(s): 0

Number of 'Medium Risk' product(s): 5

Number of 'Low Risk' product(s): 0

Evaluation of overall 'Risk Level': High Risk

Impact

Before installation of the software, please visit the vendor web-site for more details.