2023-05-10 09:06:37
As part of Microsoft’s latest Patch Tuesday, the comment from Satnam Narang, Senior Staff Research Engineer at Tenable:
“The May 2023 Patch Tuesday includes fixes for 38 CVEs, seven of which are rated critical and 31 important. This month’s release includes fixes for two zero-day vulnerabilities that have been exploited in the wild. »
“CVE-2023-29336 is an elevation of privilege (EoP) in Win32k. According to Microsoft, it was exploited in the wild as a zero-day vulnerability. This is the fifth month in a row that an elevation of privilege vulnerability has been exploited in the wild as zero day. We expect the researchers who discovered it to release details of its exploitation soon. However, it is uncertain whether this flaw is a patch bypass. In the past, we have observed three separate instances where Win32k EoP vulnerabilities were exploited as zero days. In January 2022, Microsoft patched CVE-2022-21882, which was exploited in the wild and is believed to be a workaround for vulnerability CVE-2021-1732, patched in February 2021 and itself exploited in the wild. In October 2021, Microsoft patched another Win32k EoP, identified as CVE-2021-40449, which was related to a Remote Access Enabled Trojan (RAT) known as MysterySnail, and was a patch bypass. for CVE-2016-3309. While relatively rare, interestingly several Win32k EoP flaws exploited as zero days were also patch bypasses. »
“CVE-2023-24932 is a security feature bypass vulnerability in the Secure Boot system. This vulnerability was exploited in the wild as zero day and publicly disclosed before fixes were available. It appears to be related to an ESET report from March regarding BlackLotus, a UEFI (Unified Extensible Firmware Interface) bootkit that has been available to cybercriminals since October 2022 and can be purchased for $5,000 on hacking forums. The report at the time stated that the bootkit was able to bypass the UEFI Secure Boot security feature on fully patched systems. An attacker can exploit this flaw if he has physical access or administrative rights on a vulnerable system. »
1683710424
#Microsofts #Patch #Tuesday #Tenables #Commentary