In today’s SensCy Cyber Brief, your SensCy team reviewed Microsoft’s latest series of patches released on Tuesday, May 9, 2023. Today’s Patch Tuesday comes with fixes 78 flaws, including 38 remote code execution vulnerabilities.
What is Patch Tuesday?
Patch Tuesday is Microsoft’s initiative to release new security fixes for the Windows operating system and any other Microsoft software on a monthly basis. Your SensCy team will monitor such releases and provide you with our observations and recommendations.
Why is it important?
This month’s patch Tuesday is critical because it fixes two notable flaws that will likely impact your organization The SensCy team recommends Microsoft users install those patches immediately.
The first one is CVE-2023-29357 is an Elevation of Privilege Vulnerability in Microsoft SharePoint. “An attacker who has gained access to spoofed JWT authentication tokens can use them to execute a network attack which bypasses authentication and allows them to gain access to the privileges of an authenticated user”
The second is CVE-2023-32031, is severe remote code execution in the Exchange Server. The attacker for this vulnerability could target the server accounts in an arbitrary or remote code execution. As an authenticated user, the attacker could attempt to trigger malicious code in the context of the server’s account through a network call,”
In addition to the zero-day fix, Microsoft is also fixing 38 vulnerabilities, with six classified as “Critical” as they allow remote code execution, “In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted email to the victim,
Here is a breakdown of each vulnerability category:
- 17 Elevation of Privilege Vulnerabilities
- 3 Security Feature Bypass Vulnerabilities
- 32 Remote Code Execution Vulnerabilities
- 5 Information Disclosure Vulnerabilities
- 10 Denial of Service Vulnerabilities
- 10 Spoofing Vulnerabilities
- 1 Edge- Chromium Vulnerability
For more information on vulnerabilities and the system that it affects, please refer to the full report from Microsoft linked here.
If you have any questions or concerns regarding Patch Tuesday and are unsure of the implication of the new updates on your company, please reach out to SensCy.