Microsoft’s Latest Patch Tuesday: A Deep Dive into Security Vulnerabilities and Zero-Day Exploits

Microsoft’s recent Patch Tuesday release addressed a staggering 38 security vulnerabilities across six product families, including six critical issues in Windows and one in SharePoint. With some of these vulnerabilities already exploited in the wild and others publicly disclosed, it is crucial for system administrators to understand the potential risks and take necessary actions to secure their systems.

A Closer Look at the Vulnerabilities

The largest number of addressed vulnerabilities pertains to Windows, with 27 CVEs (Common Vulnerabilities and Exposures). Office follows with four CVEs, SharePoint (three), AV1 Video Extension (two), and Teams and Visual Studio (one each). At the time of the patch release, only two of these issues (CVE-2023-29325 and CVE-2023-24932, both affecting Windows) have been publicly disclosed. However, neither of them is known to be under active exploitation yet.

Among the addressed vulnerabilities, one has been detected under active exploitation in the wild: CVE-2023-29336. This Important-severity elevation-of-privilege issue is present in Windows.

Zero-Day Vulnerabilities in the Spotlight

This month’s Patch Tuesday release tackles three zero-day vulnerabilities: two actively exploited in attacks and another publicly disclosed but not yet exploited.

1. CVE-2023-29336: An elevation of privilege vulnerability found in the Win32k kernel mode driver. Cybercriminals could exploit this vulnerability to gain SYSTEM privileges.
2. CVE-2023-24932: A Secure Boot Security Feature Bypass Vulnerability. This patch comes with additional steps required for full protection, as it updates the Windows Boot Manager but is not enabled by default. System administrators must take extra measures to activate it. This vulnerability is linked to ongoing attempts to address a vulnerability exploited by the BlackLotus bootkit. Microsoft has outlined its progress on this issue in a separate post.
3. CVE-2023-29325: A Windows OLE (Object Linking and Embedding) Remote Code Execution (RCE) Vulnerability. This publicly disclosed zero-day vulnerability has not been actively exploited yet. However, it is considered a critical-class RCE, and experts believe it could be exploited within the next 30 days.

Important Considerations for System Administrators

Both the CVE-2023-29325 and CVE-2023-24932 patches come with fairly detailed installation requirements. System administrators are urged to read the instructions carefully and ensure that their systems are fully protected. For instance, when applying the NFS patch, administrators should verify that a patch addressing CVE-2022-26937 (released May 2022) is already installed.

Update your system

It is essential for system administrators to stay informed about these vulnerabilities and take swift action to secure their networks. By understanding the implications of these vulnerabilities and following the appropriate installation guidelines, administrators can minimize potential risks and protect their organizations from cyber threats.