Microsoft’s latest May patch Tuesday has a lot in store. It plans to squash 3 zero-day vulnerabilities and 38 flaws.
Patch Tuesday is usually a day of trepidation as we wait for someone else to download and apply the update so we can see what goes wrong.
This time is different.
While smaller than many other patch Tuesdays, the inclusion of the zero-day fixes makes it one worth installing right away.
Of those 38 vulnerabilities, 6 are rated Critical and 32 are rated Important. Eight of the flaws have been tagged with the “Exploitation More Likely” assessment by Microsoft.
Those 38 flaws include:
- 8 Elevation of privilege vulnerabilities
- 4 Security feature bypass vulnerabilities
- 12 Remote code execution vulnerabilities
- 8 Information disclosure vulnerabilities
- 5 Denial of service vulnerabilities
- 1 Spoofing vulnerability
These flaws have been found within Windows core, Office, Edge and Sysinternals. All frequently used elements of the OS for businesses and home users.
Three zero-day bugs fixed
The updates KB5026372 (Windows 11) and KB5026363 (Windows 10) include fixes for 3 zero-day bugs.
Two have been actively exploited out in the wild and one has been known about from forums and other sources.
CVE-2023-29336 – Win32k Elevation of Privilege Vulnerability – A privilege escalation vulnerability within the Win32k Kernel driver that allowed an attacker to give themselves SYSTEM privileges.
“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” reads Microsoft’s advisory.
CVE-2023-24932 – Secure Boot Security Feature Bypass Vulnerability – A flaw that could allow an attacker to bypass secure boot and install the BlackLotus UEFI bootkit.
“To exploit the vulnerability, an attacker who has physical access or Administrative rights to a target device could install an affected boot policy,” reads Microsoft’s advisory.
CVE-2023-29325 – Windows OLE Remote Code Execution Vulnerability – A flaw in Outlook that could be exploited using a ‘specially crafted email’ that could execute remote code.
“In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted email to the victim,” warns Microsoft’s advisory.
As you can see, while there are fewer fixes this time, at least 3 of them are required for everyday users.
That’s why we at Dave’s Computers recommends installing this update right away rather than waiting.
Other elements of May patch Tuesday
While this week’s update was mainly about fixes, there were a couple of improvements added.
One was to add more drivers to the incompatible driver database of the Hardware-enforced Stack Protection feature.
A catchy term to be sure, but the database serves a vital function within Windows. It’s what Windows uses to check the security status of drivers if you use Windows Security.
The addition includes even more drivers that are not compatible with Hardware-enforced Stack Protection.
The other update was to Windows Local Administrator Password Solution (LAPS).
Some users saw 0xc0000005 access violation errors when trying to do too many things at once when managing accounts on a Windows desktop. This issue is aimed more at system admins than home users, which is why it’s less important.
The update should help prevent those errors and make life a little easier for busy Windows admins.
One new feature
Finally, there’s a new Windows Update feature being introduced with this patch Tuesday.
It introduces a new toggle within Settings > Windows Update.
Toggle it on and your device will speed up the update cycle and be prioritized for updates.
It looks a little like the fast-track option for Windows developers and testers where you can opt into getting the newest updates as soon as they are released.
The toggle will be off by default and we would recommend keeping it that way for now.
Microsoft has form for messing up even the smallest update so we wouldn’t recommend going fast track unless you’re a developer, app creator or someone who needs to know the future of Windows faster.