{"id":45583,"date":"2023-05-10T15:14:11","date_gmt":"2023-05-10T14:14:11","guid":{"rendered":"https:\/\/www.n-able.com\/?p=45583"},"modified":"2023-05-19T11:19:09","modified_gmt":"2023-05-19T10:19:09","slug":"patch-tuesday-may-2023","status":"publish","type":"post","link":"https:\/\/www.n-able.com\/it\/blog\/patch-tuesday-may-2023","title":{"rendered":"Patch Tuesday May 2023: Vulnerability Count Dips but UEFI Bootkits Deserve Your Attention"},"content":{"rendered":"<p class=\"p2\"><span class=\"s1\">With only 38 new vulnerabilities being addressed this month, is this a calm before the storm? From my previous experience, dips in the number of addressed vulnerabilities on any given Microsoft Patch Tuesday are often followed by a sharp increase over the following months. While you shouldn\u2019t plan IT strategies around anecdotes or aching joints, there is some wisdom to be gained from reading the winds. Since we have so few Microsoft updates for this month, take the opportunity to get ahead while you can and brace for a larger number of vulnerabilities and the possible need for manual mitigations to be applied after the next Patch Tuesday. <\/span><\/p>\n<h2 class=\"p3\"><span class=\"s1\">Microsoft Vulnerabilities <\/span><\/h2>\n<p class=\"p4\"><span class=\"s1\">Microsoft has released fixes or updates for a total of 52 different vulnerabilities. Some of these are simply republishing older fixes, like <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2013-3900\" target=\"_blank\" rel=\"noopener\"><span class=\"s2\">CVE-2013-3900<\/span><\/a>, or updates to existing vulnerabilities like <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-23398\" target=\"_blank\" rel=\"noopener\"><span class=\"s2\">CVE-2023-23398<\/span><\/a>. Of the 38 new vulnerabilities three are zero-days that are either under active exploitation or are designated as exploitation more likely. <\/span><\/p>\n<p class=\"p5\"><span class=\"s2\"><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-29325\" target=\"_blank\" rel=\"noopener\">CVE-2023-29325<\/a><\/span><span class=\"s3\"> likely deserves a position as a priority one item for you and your teams to address this month. This zero-day is not under active exploitation as of publishing this blog, but the delivery vector is trivial to take advantage of for threat actors once a proof of concept is released. According to Microsoft, \u201c<\/span><span class=\"s4\">In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted email to the victim. Exploitation of the vulnerability might involve either a victim opening a specially crafted email with an affected version of Microsoft Outlook software, or a victim&#8217;s Outlook application displaying a preview of a specially crafted email. This could result in the attacker executing remote code on the victim&#8217;s machine.\u201d While there are prior actions required to leverage this exploit, attacks that chain vulnerabilities together are not uncommon and there is a high likelihood this will become part of widespread attack campaigns.<\/span><\/p>\n<p class=\"p6\"><span class=\"s5\"><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-24932\" target=\"_blank\" rel=\"noopener\">CVE-2023-24932<\/a><\/span><span class=\"s4\"> is a Secure Boot Security Feature Bypass vulnerability affecting Windows Server 2008 and newer OS builds, so almost every Windows system currently in production. Worth noting is that the fix released by Microsoft updates the Windows Boot Manager, but does not mitigate against the vulnerability by default. If you want to take advantage of this fix you\u2019ll need to make sure you follow <a href=\"https:\/\/support.microsoft.com\/help\/5025885\" target=\"_blank\" rel=\"noopener\"><span class=\"s6\">Microsoft\u2019s guidance<\/span><\/a>. You will also need to take into consideration that this vulnerability is leveraged by the <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/04\/11\/guidance-for-investigating-attacks-using-cve-2022-21894-the-blacklotus-campaign\/\" target=\"_blank\" rel=\"noopener\"><span class=\"s6\">BlackLotus UEFI bootkit<\/span><\/a> in the wild. <\/span><\/p>\n<p class=\"p6\"><span class=\"s5\"><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-29336\" target=\"_blank\" rel=\"noopener\">CVE-2023-29336<\/a><\/span><span class=\"s4\"> is also a major concern this month. This zero-day Win32k Elevation of Privilege vulnerability is under active exploitation, but Microsoft has not released any information on how the vulnerability is exploited. <\/span><\/p>\n<h2 class=\"p3\"><span class=\"s1\">Microsoft 365 and Click to Run<\/span><\/h2>\n<p><span>As a reminder and review from last month, modern Microsoft 365 apps leverage a different update mechanism than older versions of Microsoft Office. Make sure you review your patching tools and processes to ensure M365 Apps have a defined <a href=\"https:\/\/learn.microsoft.com\/en-us\/deployoffice\/updates\/overview-update-process-microsoft-365-apps\">update process<\/a> in place. We have an automation item available in the Automation Cookbook for N&#8209;sight and N&#8209;central <\/span><span>partners which allows them to check and update Microsoft 365 versions that leverage Microsoft\u2019s Click to Run executable that is included in all installs of Microsoft 365 apps. <\/span><\/p>\n<ul>\n<li>Download Microsoft 365 Update with Version Check for <a href=\"https:\/\/me.n-able.com\/s\/article\/Microsoft-365-Update-With-Version-Check-N&#8209;sight\">N&#8209;sight<\/a><\/li>\n<li>Download Microsoft 365 Update with Version Check for <span><a href=\"https:\/\/me.n-able.com\/s\/article\/Microsoft-365-Update-With-Version-Check-NC\">N&#8209;central<\/a> <\/span><\/li>\n<\/ul>\n<h2 class=\"p1\">Microsoft Patch Tuesday Vulnerability Prioritization<\/h2>\n<p class=\"p4\"><span class=\"s1\">As always, prioritizing which vulnerabilities to address first is part following established best practices and a little bit of gut instinct. Critical severity, exploitation more likely, and exploitation detected vulnerabilities as always should be ranking fairly high on priority list. If you only patch based on severity you are leaving a lot of unnecessary risk exposure lying around. <\/span><\/p>\n<p class=\"p7\"><em><span class=\"s4\"><b>Table Key:\u00a0<\/b>Severity:\u00a0C = Critical, I = Important, M = Moderate, R = Re-issue;\u00a0Status: EML = Exploitation More Likely, ELL = Exploitation Less Likely, ED = Exploitation Detected,\u00a0N\/A = Not Available\u00a0<\/span><\/em><span class=\"s1\">\u00a0<\/span><\/p>\n<table cellspacing=\"0\" cellpadding=\"0\" class=\"t1\">\n<tbody>\n<tr>\n<td valign=\"top\" class=\"td1\" width=\"20%\">\n<p class=\"p8\"><strong><span class=\"s1\">CVE Number<\/span><\/strong><\/p>\n<\/td>\n<td valign=\"top\" class=\"td2\" width=\"60%\">\n<p class=\"p8\"><strong><span class=\"s1\">CVE Title<\/span><\/strong><\/p>\n<\/td>\n<td valign=\"top\" class=\"td3\" width=\"10%\">\n<p class=\"p8\" style=\"text-align: center;\"><strong><span class=\"s1\">Severity<\/span><\/strong><\/p>\n<\/td>\n<td valign=\"top\" class=\"td4\" width=\"10%\">\n<p class=\"p8\" style=\"text-align: center;\"><strong><span class=\"s1\">Status<\/span><\/strong><\/p>\n<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\" class=\"td5\">\n<p class=\"p9\"><span class=\"s7\"><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-29336\" target=\"_blank\" rel=\"noopener\">CVE-2023-29336<\/a><\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td6\">\n<p class=\"p10\"><span class=\"s1\">Win32k Elevation of Privilege Vulnerability<\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td7\">\n<p class=\"p10\" style=\"text-align: center;\"><span class=\"s1\">I<\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td8\">\n<p class=\"p10\" style=\"text-align: center;\"><span class=\"s1\">ED<\/span><\/p>\n<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\" class=\"td5\">\n<p class=\"p9\"><span class=\"s7\"><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-24932\" target=\"_blank\" rel=\"noopener\">CVE-2023-24932<\/a><\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td6\">\n<p class=\"p10\"><span class=\"s1\">Secure Boot Security Feature Bypass Vulnerability<\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td7\">\n<p class=\"p10\" style=\"text-align: center;\"><span class=\"s1\">I<\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td8\">\n<p class=\"p10\" style=\"text-align: center;\"><span class=\"s1\">ED<\/span><\/p>\n<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\" class=\"td5\">\n<p class=\"p9\"><span class=\"s7\"><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2013-3900\" target=\"_blank\" rel=\"noopener\">CVE-2013-3900<\/a><\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td6\">\n<p class=\"p10\"><span class=\"s1\">WinVerifyTrust Signature Validation Vulnerability<\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td7\">\n<p class=\"p10\" style=\"text-align: center;\"><span class=\"s1\">R<\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td8\">\n<p class=\"p10\" style=\"text-align: center;\"><span class=\"s1\">ED<\/span><\/p>\n<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\" class=\"td5\">\n<p class=\"p9\"><span class=\"s7\"><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-28283\" target=\"_blank\" rel=\"noopener\">CVE-2023-28283<\/a><\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td6\">\n<p class=\"p10\"><span class=\"s1\">Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability<\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td7\">\n<p class=\"p10\" style=\"text-align: center;\"><span class=\"s1\">C<\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td8\">\n<p class=\"p10\" style=\"text-align: center;\"><span class=\"s1\">ELL<\/span><\/p>\n<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\" class=\"td5\">\n<p class=\"p9\"><span class=\"s7\"><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-24943\" target=\"_blank\" rel=\"noopener\">CVE-2023-24943<\/a><\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td6\">\n<p class=\"p10\"><span class=\"s1\">Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability<\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td7\">\n<p class=\"p10\" style=\"text-align: center;\"><span class=\"s1\">C<\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td8\">\n<p class=\"p10\" style=\"text-align: center;\"><span class=\"s1\">ELL<\/span><\/p>\n<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\" class=\"td5\">\n<p class=\"p9\"><span class=\"s7\"><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-24903\" target=\"_blank\" rel=\"noopener\">CVE-2023-24903<\/a><\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td6\">\n<p class=\"p10\"><span class=\"s1\">Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability<\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td7\">\n<p class=\"p10\" style=\"text-align: center;\"><span class=\"s1\">C<\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td8\">\n<p class=\"p10\" style=\"text-align: center;\"><span class=\"s1\">ELL<\/span><\/p>\n<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\" class=\"td5\">\n<p class=\"p9\"><span class=\"s7\"><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-29325\" target=\"_blank\" rel=\"noopener\">CVE-2023-29325<\/a><\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td6\">\n<p class=\"p10\"><span class=\"s1\">Windows OLE Remote Code Execution Vulnerability<\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td7\">\n<p class=\"p10\" style=\"text-align: center;\"><span class=\"s1\">C<\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td8\">\n<p class=\"p10\" style=\"text-align: center;\"><span class=\"s1\">EML<\/span><\/p>\n<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\" class=\"td5\">\n<p class=\"p9\"><span class=\"s7\"><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-29324\" target=\"_blank\" rel=\"noopener\">CVE-2023-29324<\/a><\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td6\">\n<p class=\"p10\"><span class=\"s1\">Windows MSHTML Platform Security Feature Bypass Vulnerability<\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td7\">\n<p class=\"p10\" style=\"text-align: center;\"><span class=\"s1\">I<\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td8\">\n<p class=\"p10\" style=\"text-align: center;\"><span class=\"s1\">EML<\/span><\/p>\n<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\" class=\"td5\">\n<p class=\"p9\"><span class=\"s7\"><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-24955\" target=\"_blank\" rel=\"noopener\">CVE-2023-24955<\/a><\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td6\">\n<p class=\"p10\"><span class=\"s1\">Microsoft SharePoint Server Remote Code Execution Vulnerability<\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td7\">\n<p class=\"p10\" style=\"text-align: center;\"><span class=\"s1\">C<\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td8\">\n<p class=\"p10\" style=\"text-align: center;\"><span class=\"s1\">EML<\/span><\/p>\n<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\" class=\"td5\">\n<p class=\"p9\"><span class=\"s7\"><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-24954\" target=\"_blank\" rel=\"noopener\">CVE-2023-24954<\/a><\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td6\">\n<p class=\"p10\"><span class=\"s1\">Microsoft SharePoint Server Information Disclosure Vulnerability<\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td7\">\n<p class=\"p10\" style=\"text-align: center;\"><span class=\"s1\">I<\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td8\">\n<p class=\"p10\" style=\"text-align: center;\"><span class=\"s1\">EML<\/span><\/p>\n<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\" class=\"td5\">\n<p class=\"p9\"><span class=\"s7\"><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-24950\" target=\"_blank\" rel=\"noopener\">CVE-2023-24950<\/a><\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td6\">\n<p class=\"p10\"><span class=\"s1\">Microsoft SharePoint Server Spoofing Vulnerability<\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td7\">\n<p class=\"p10\" style=\"text-align: center;\"><span class=\"s1\">I<\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td8\">\n<p class=\"p10\" style=\"text-align: center;\"><span class=\"s1\">EML<\/span><\/p>\n<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\" class=\"td5\">\n<p class=\"p9\"><span class=\"s7\"><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-24949\" target=\"_blank\" rel=\"noopener\">CVE-2023-24949<\/a><\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td6\">\n<p class=\"p10\"><span class=\"s1\">Windows Kernel Elevation of Privilege Vulnerability<\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td7\">\n<p class=\"p10\" style=\"text-align: center;\"><span class=\"s1\">I<\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td8\">\n<p class=\"p10\" style=\"text-align: center;\"><span class=\"s1\">EML<\/span><\/p>\n<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\" class=\"td5\">\n<p class=\"p9\"><span class=\"s7\"><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-24941\" target=\"_blank\" rel=\"noopener\">CVE-2023-24941<\/a><\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td6\">\n<p class=\"p10\"><span class=\"s1\">Windows Network File System Remote Code Execution Vulnerability<\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td7\">\n<p class=\"p10\" style=\"text-align: center;\"><span class=\"s1\">C<\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td8\">\n<p class=\"p10\" style=\"text-align: center;\"><span class=\"s1\">EML<\/span><\/p>\n<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\" class=\"td5\">\n<p class=\"p9\"><span class=\"s7\"><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-24902\" target=\"_blank\" rel=\"noopener\">CVE-2023-24902<\/a><\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td6\">\n<p class=\"p10\"><span class=\"s1\">Win32k Elevation of Privilege Vulnerability<\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td7\">\n<p class=\"p10\" style=\"text-align: center;\"><span class=\"s1\">I<\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td8\">\n<p class=\"p10\" style=\"text-align: center;\"><span class=\"s1\">EML<\/span><\/p>\n<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\" class=\"td5\">\n<p class=\"p9\"><span class=\"s7\"><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-23398\" target=\"_blank\" rel=\"noopener\">CVE-2023-23398<\/a><\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td6\">\n<p class=\"p10\"><span class=\"s1\">Microsoft Excel Spoofing Vulnerability<\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td7\">\n<p class=\"p10\" style=\"text-align: center;\"><span class=\"s1\">I<\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td8\">\n<p class=\"p10\" style=\"text-align: center;\"><span class=\"s1\">EML<\/span><\/p>\n<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\" class=\"td5\">\n<p class=\"p9\"><span class=\"s7\"><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-29325\" target=\"_blank\" rel=\"noopener\">CVE-2023-29325<\/a><\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td6\">\n<p class=\"p10\"><span class=\"s1\">Windows OLE Remote Code Execution Vulnerability<\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td7\">\n<p class=\"p10\" style=\"text-align: center;\"><span class=\"s1\">C<\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td8\">\n<p class=\"p10\" style=\"text-align: center;\"><span class=\"s1\">EML<\/span><\/p>\n<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\" class=\"td5\">\n<p class=\"p9\"><span class=\"s7\"><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-29324\" target=\"_blank\" rel=\"noopener\">CVE-2023-29324<\/a><\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td6\">\n<p class=\"p10\"><span class=\"s1\">Windows MSHTML Platform Security Feature Bypass Vulnerability<\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td7\">\n<p class=\"p10\" style=\"text-align: center;\"><span class=\"s1\">I<\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td8\">\n<p class=\"p10\" style=\"text-align: center;\"><span class=\"s1\">EML<\/span><\/p>\n<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\" class=\"td5\">\n<p class=\"p9\"><span class=\"s7\"><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-24955\" target=\"_blank\" rel=\"noopener\">CVE-2023-24955<\/a><\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td6\">\n<p class=\"p10\"><span class=\"s1\">Microsoft SharePoint Server Remote Code Execution Vulnerability<\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td7\">\n<p class=\"p10\" style=\"text-align: center;\"><span class=\"s1\">C<\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td8\">\n<p class=\"p10\" style=\"text-align: center;\"><span class=\"s1\">EML<\/span><\/p>\n<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\" class=\"td5\">\n<p class=\"p9\"><span class=\"s7\"><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-24954\" target=\"_blank\" rel=\"noopener\">CVE-2023-24954<\/a><\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td6\">\n<p class=\"p10\"><span class=\"s1\">Microsoft SharePoint Server Information Disclosure Vulnerability<\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td7\">\n<p class=\"p10\" style=\"text-align: center;\"><span class=\"s1\">I<\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td8\">\n<p class=\"p10\" style=\"text-align: center;\"><span class=\"s1\">EML<\/span><\/p>\n<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\" class=\"td5\">\n<p class=\"p9\"><span class=\"s7\"><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-24950\" target=\"_blank\" rel=\"noopener\">CVE-2023-24950<\/a><\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td6\">\n<p class=\"p10\"><span class=\"s1\">Microsoft SharePoint Server Spoofing Vulnerability<\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td7\">\n<p class=\"p10\" style=\"text-align: center;\"><span class=\"s1\">I<\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td8\">\n<p class=\"p10\" style=\"text-align: center;\"><span class=\"s1\">EML<\/span><\/p>\n<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\" class=\"td5\">\n<p class=\"p9\"><span class=\"s7\"><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-24949\" target=\"_blank\" rel=\"noopener\">CVE-2023-24949<\/a><\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td6\">\n<p class=\"p10\"><span class=\"s1\">Windows Kernel Elevation of Privilege Vulnerability<\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td7\">\n<p class=\"p10\" style=\"text-align: center;\"><span class=\"s1\">I<\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td8\">\n<p class=\"p10\" style=\"text-align: center;\"><span class=\"s1\">EML<\/span><\/p>\n<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\" class=\"td5\">\n<p class=\"p9\"><span class=\"s7\"><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-24941\" target=\"_blank\" rel=\"noopener\">CVE-2023-24941<\/a><\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td6\">\n<p class=\"p10\"><span class=\"s1\">Windows Network File System Remote Code Execution Vulnerability<\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td7\">\n<p class=\"p10\" style=\"text-align: center;\"><span class=\"s1\">C<\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td8\">\n<p class=\"p10\" style=\"text-align: center;\"><span class=\"s1\">EML<\/span><\/p>\n<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\" class=\"td5\">\n<p class=\"p9\"><span class=\"s7\"><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-24902\" target=\"_blank\" rel=\"noopener\">CVE-2023-24902<\/a><\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td6\">\n<p class=\"p10\"><span class=\"s1\">Win32k Elevation of Privilege Vulnerability<\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td7\">\n<p class=\"p10\" style=\"text-align: center;\"><span class=\"s1\">I<\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td8\">\n<p class=\"p10\" style=\"text-align: center;\"><span class=\"s1\">EML<\/span><\/p>\n<\/td>\n<\/tr>\n<tr>\n<td valign=\"top\" class=\"td5\">\n<p class=\"p9\"><span class=\"s7\"><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-23398\" target=\"_blank\" rel=\"noopener\">CVE-2023-23398<\/a><\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td6\">\n<p class=\"p10\"><span class=\"s1\">Microsoft Excel Spoofing Vulnerability<\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td7\">\n<p class=\"p10\" style=\"text-align: center;\"><span class=\"s1\">I<\/span><\/p>\n<\/td>\n<td valign=\"top\" class=\"td8\">\n<p class=\"p10\" style=\"text-align: center;\"><span class=\"s1\">EML<\/span><\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2 class=\"p3\"><span class=\"s1\">Summary<\/span><\/h2>\n<p class=\"p11\"><span class=\"s1\">As always make sure you have established patching processes for evaluation, testing and pushing into production. If you have traditionally only dealt with patches by applying them based on their severity consider including prioritization of patches for Zero-Days, Exploitation Detected, and Exploitation More Likely vulnerabilities in your\u00a0<a href=\"https:\/\/www.n-able.com\/features\/windows-patch-management\" target=\"_blank\" rel=\"noopener\"><span class=\"s8\">Patch Management<\/span><\/a>\u00a0routines.<\/span><\/p>\n<p class=\"p11\"><span class=\"s1\"><b>Looking for more blogs on patching, or looking for previous Microsoft Patch Tuesday Reviews, then check out\u00a0<\/b><a href=\"https:\/\/www.n-able.com\/blog\/patch-management?filter_products=all#filtered\" target=\"_blank\" rel=\"noopener\"><span class=\"s8\"><b>this section of our blog<\/b><\/span><\/a><b>.<\/b>\u00a0<\/span><\/p>\n<p class=\"p11\"><em><span class=\"s1\">Lewis Pope is the Head Security Nerd at N&#8209;able. You can follow him on Twitter:\u00a0<a href=\"https:\/\/twitter.com\/cybersec_nerd\" target=\"_blank\" rel=\"noopener\"><span class=\"s8\">@cybersec_nerd<\/span><\/a><\/span><\/em><\/p>\n<p class=\"p12\"><em><span class=\"s9\">LinkedIn:\u00a0<a href=\"https:\/\/www.linkedin.com\/in\/thesecuritypope\" target=\"_blank\" rel=\"noopener\"><span class=\"s10\">thesecuritypope<\/span><\/a><\/span><\/em><\/p>\n<p class=\"p12\"><em><span class=\"s9\">Twitch:\u00a0<a href=\"https:\/\/www.twitch.tv\/cybersec_nerd\" target=\"_blank\" rel=\"noopener\"><span class=\"s10\">cybersec_nerd<\/span><\/a><\/span><\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Learn more about this month&#8217;s Microsoft Patch Tuesday, which addresses 38 vulnerabilities\u2014including three zero-day vulnerabilities. Lewis Pope investigates.<\/p>\n","protected":false},"author":62,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"class_list":["post-45583","post","type-post","status-publish","format-standard","hentry"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.2 (Yoast SEO v27.2) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Patch Tuesday May 2023: Vulnerability Count Dips but UEFI Bootkits Deserve Your Attention - N-able<\/title>\n<meta name=\"description\" content=\"May\u2019s Microsoft Patch Tuesday addresses just 38 vulnerabilities, including three zero-day vulnerabilities. Lewis Pope investigates.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.n-able.com\/it\/blog\/patch-tuesday-may-2023\" \/>\n<meta property=\"og:locale\" content=\"it_IT\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Patch Tuesday May 2023: Vulnerability Count Dips but UEFI Bootkits Deserve Your Attention - N-able\" \/>\n<meta property=\"og:description\" content=\"May\u2019s Microsoft Patch Tuesday addresses just 38 vulnerabilities, including three zero-day vulnerabilities. Lewis Pope investigates.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.n-able.com\/it\/blog\/patch-tuesday-may-2023\" \/>\n<meta property=\"og:site_name\" content=\"N-able\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/NableMSP\" \/>\n<meta property=\"article:published_time\" content=\"2023-05-10T14:14:11+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-05-19T10:19:09+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.n-able.com\/wp-content\/uploads\/2022\/08\/220809_blogbanner_PatchTuesday_ss-03.png\" \/>\n\t<meta property=\"og:image:width\" content=\"2500\" \/>\n\t<meta property=\"og:image:height\" content=\"1309\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Lewis Pope\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.n-able.com\/wp-content\/uploads\/2022\/08\/220809_blogbanner_PatchTuesday_ss-03.png\" \/>\n<meta name=\"twitter:creator\" content=\"@Nable\" \/>\n<meta name=\"twitter:site\" content=\"@Nable\" \/>\n<meta name=\"twitter:label1\" content=\"Scritto da\" \/>\n\t<meta name=\"twitter:data1\" content=\"Lewis Pope\" \/>\n\t<meta name=\"twitter:label2\" content=\"Tempo di lettura stimato\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minuti\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.n-able.com\/it\/blog\/patch-tuesday-may-2023#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.n-able.com\/it\/blog\/patch-tuesday-may-2023\"},\"author\":{\"name\":\"Lewis Pope\",\"@id\":\"https:\/\/www.n-able.com\/it\/#\/schema\/person\/32c214c92846fdd7b16459b9236c12ae\"},\"headline\":\"Patch Tuesday May 2023: Vulnerability Count Dips but UEFI Bootkits Deserve Your Attention\",\"datePublished\":\"2023-05-10T15:14:11+01:00\",\"dateModified\":\"2023-05-19T10:19:09+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.n-able.com\/it\/blog\/patch-tuesday-may-2023\"},\"wordCount\":999,\"publisher\":{\"@id\":\"https:\/\/www.n-able.com\/it\/#organization\"},\"articleSection\":[\"Uncategorised\"],\"inLanguage\":\"it-IT\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.n-able.com\/it\/blog\/patch-tuesday-may-2023\",\"url\":\"https:\/\/www.n-able.com\/it\/blog\/patch-tuesday-may-2023\",\"name\":\"Patch Tuesday May 2023: Vulnerability Count Dips but UEFI Bootkits Deserve Your Attention - N-able\",\"isPartOf\":{\"@id\":\"https:\/\/www.n-able.com\/it\/#website\"},\"datePublished\":\"2023-05-10T15:14:11+01:00\",\"dateModified\":\"2023-05-19T10:19:09+00:00\",\"description\":\"May\u2019s Microsoft Patch Tuesday addresses just 38 vulnerabilities, including three zero-day vulnerabilities. Lewis Pope investigates.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.n-able.com\/it\/blog\/patch-tuesday-may-2023#breadcrumb\"},\"inLanguage\":\"it-IT\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.n-able.com\/it\/blog\/patch-tuesday-may-2023\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.n-able.com\/it\/blog\/patch-tuesday-may-2023#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Non categorizzato\",\"item\":\"https:\/\/www.n-able.com\/it\/blog\/category\/non-categorizzato\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Patch Tuesday May 2023: Vulnerability Count Dips but UEFI Bootkits Deserve Your Attention\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.n-able.com\/it\/#website\",\"url\":\"https:\/\/www.n-able.com\/it\/\",\"name\":\"N-able\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.n-able.com\/it\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.n-able.com\/it\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"it-IT\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.n-able.com\/it\/#organization\",\"name\":\"N-able\",\"url\":\"https:\/\/www.n-able.com\/it\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\/\/www.n-able.com\/it\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg\",\"contentUrl\":\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg\",\"width\":\"1024\",\"height\":\"1024\",\"caption\":\"N-able\"},\"image\":{\"@id\":\"https:\/\/www.n-able.com\/it\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/NableMSP\",\"https:\/\/x.com\/Nable\",\"https:\/\/www.linkedin.com\/company\/n-able\",\"https:\/\/www.youtube.com\/channel\/UClnp77HHg4aME-S-3fWQhFw\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.n-able.com\/it\/#\/schema\/person\/32c214c92846fdd7b16459b9236c12ae\",\"name\":\"Lewis Pope\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/f61d746b384dec3b7d702cd5a5e62b2d6a9722dd83df5ae50505361c3a3eadb1?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/f61d746b384dec3b7d702cd5a5e62b2d6a9722dd83df5ae50505361c3a3eadb1?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/f61d746b384dec3b7d702cd5a5e62b2d6a9722dd83df5ae50505361c3a3eadb1?s=96&d=mm&r=g\",\"caption\":\"Lewis Pope\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Patch Tuesday May 2023: Vulnerability Count Dips but UEFI Bootkits Deserve Your Attention - N-able","description":"May\u2019s Microsoft Patch Tuesday addresses just 38 vulnerabilities, including three zero-day vulnerabilities. Lewis Pope investigates.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.n-able.com\/it\/blog\/patch-tuesday-may-2023","og_locale":"it_IT","og_type":"article","og_title":"Patch Tuesday May 2023: Vulnerability Count Dips but UEFI Bootkits Deserve Your Attention - N-able","og_description":"May\u2019s Microsoft Patch Tuesday addresses just 38 vulnerabilities, including three zero-day vulnerabilities. Lewis Pope investigates.","og_url":"https:\/\/www.n-able.com\/it\/blog\/patch-tuesday-may-2023","og_site_name":"N-able","article_publisher":"https:\/\/www.facebook.com\/NableMSP","article_published_time":"2023-05-10T14:14:11+00:00","article_modified_time":"2023-05-19T10:19:09+00:00","og_image":[{"width":2500,"height":1309,"url":"https:\/\/www.n-able.com\/wp-content\/uploads\/2022\/08\/220809_blogbanner_PatchTuesday_ss-03.png","type":"image\/png"}],"author":"Lewis Pope","twitter_card":"summary_large_image","twitter_image":"https:\/\/www.n-able.com\/wp-content\/uploads\/2022\/08\/220809_blogbanner_PatchTuesday_ss-03.png","twitter_creator":"@Nable","twitter_site":"@Nable","twitter_misc":{"Scritto da":"Lewis Pope","Tempo di lettura stimato":"5 minuti"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.n-able.com\/it\/blog\/patch-tuesday-may-2023#article","isPartOf":{"@id":"https:\/\/www.n-able.com\/it\/blog\/patch-tuesday-may-2023"},"author":{"name":"Lewis Pope","@id":"https:\/\/www.n-able.com\/it\/#\/schema\/person\/32c214c92846fdd7b16459b9236c12ae"},"headline":"Patch Tuesday May 2023: Vulnerability Count Dips but UEFI Bootkits Deserve Your Attention","datePublished":"2023-05-10T15:14:11+01:00","dateModified":"2023-05-19T10:19:09+00:00","mainEntityOfPage":{"@id":"https:\/\/www.n-able.com\/it\/blog\/patch-tuesday-may-2023"},"wordCount":999,"publisher":{"@id":"https:\/\/www.n-able.com\/it\/#organization"},"articleSection":["Uncategorised"],"inLanguage":"it-IT"},{"@type":"WebPage","@id":"https:\/\/www.n-able.com\/it\/blog\/patch-tuesday-may-2023","url":"https:\/\/www.n-able.com\/it\/blog\/patch-tuesday-may-2023","name":"Patch Tuesday May 2023: Vulnerability Count Dips but UEFI Bootkits Deserve Your Attention - N-able","isPartOf":{"@id":"https:\/\/www.n-able.com\/it\/#website"},"datePublished":"2023-05-10T15:14:11+01:00","dateModified":"2023-05-19T10:19:09+00:00","description":"May\u2019s Microsoft Patch Tuesday addresses just 38 vulnerabilities, including three zero-day vulnerabilities. Lewis Pope investigates.","breadcrumb":{"@id":"https:\/\/www.n-able.com\/it\/blog\/patch-tuesday-may-2023#breadcrumb"},"inLanguage":"it-IT","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.n-able.com\/it\/blog\/patch-tuesday-may-2023"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.n-able.com\/it\/blog\/patch-tuesday-may-2023#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Non categorizzato","item":"https:\/\/www.n-able.com\/it\/blog\/category\/non-categorizzato"},{"@type":"ListItem","position":2,"name":"Patch Tuesday May 2023: Vulnerability Count Dips but UEFI Bootkits Deserve Your Attention"}]},{"@type":"WebSite","@id":"https:\/\/www.n-able.com\/it\/#website","url":"https:\/\/www.n-able.com\/it\/","name":"N-able","description":"","publisher":{"@id":"https:\/\/www.n-able.com\/it\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.n-able.com\/it\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"it-IT"},{"@type":"Organization","@id":"https:\/\/www.n-able.com\/it\/#organization","name":"N-able","url":"https:\/\/www.n-able.com\/it\/","logo":{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/www.n-able.com\/it\/#\/schema\/logo\/image\/","url":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg","contentUrl":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg","width":"1024","height":"1024","caption":"N-able"},"image":{"@id":"https:\/\/www.n-able.com\/it\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/NableMSP","https:\/\/x.com\/Nable","https:\/\/www.linkedin.com\/company\/n-able","https:\/\/www.youtube.com\/channel\/UClnp77HHg4aME-S-3fWQhFw"]},{"@type":"Person","@id":"https:\/\/www.n-able.com\/it\/#\/schema\/person\/32c214c92846fdd7b16459b9236c12ae","name":"Lewis Pope","image":{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/secure.gravatar.com\/avatar\/f61d746b384dec3b7d702cd5a5e62b2d6a9722dd83df5ae50505361c3a3eadb1?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f61d746b384dec3b7d702cd5a5e62b2d6a9722dd83df5ae50505361c3a3eadb1?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f61d746b384dec3b7d702cd5a5e62b2d6a9722dd83df5ae50505361c3a3eadb1?s=96&d=mm&r=g","caption":"Lewis Pope"}}]}},"_links":{"self":[{"href":"https:\/\/www.n-able.com\/it\/wp-json\/wp\/v2\/posts\/45583","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.n-able.com\/it\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.n-able.com\/it\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.n-able.com\/it\/wp-json\/wp\/v2\/users\/62"}],"replies":[{"embeddable":true,"href":"https:\/\/www.n-able.com\/it\/wp-json\/wp\/v2\/comments?post=45583"}],"version-history":[{"count":0,"href":"https:\/\/www.n-able.com\/it\/wp-json\/wp\/v2\/posts\/45583\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.n-able.com\/it\/wp-json\/wp\/v2\/media?parent=45583"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}