Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT Security Bulletin
ASB-2023.0103
Microsoft Patch Tuesday update for Microsoft Windows for May 2023
10 May 2023
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Windows 10
Windows 11
Windows Server
AV1 Video Extension
Microsoft Remote Desktop
Operating System: Windows
Resolution: Patch/Upgrade
CVE Names: CVE-2023-29341 CVE-2023-29340 CVE-2023-29336
CVE-2023-29325 CVE-2023-29324 CVE-2023-28290
CVE-2023-28283 CVE-2023-28251 CVE-2023-24949
CVE-2023-24948 CVE-2023-24947 CVE-2023-24946
CVE-2023-24945 CVE-2023-24944 CVE-2023-24943
CVE-2023-24942 CVE-2023-24941 CVE-2023-24940
CVE-2023-24939 CVE-2023-24932 CVE-2023-24905
CVE-2023-24903 CVE-2023-24902 CVE-2023-24901
CVE-2023-24900 CVE-2023-24899 CVE-2023-24898
Comment: CVSS (Max): 9.8 CVE-2023-24941 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Source: Microsoft
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
OVERVIEW
Microsoft has released its monthly security patch update for the
month of May 2023.
This update resolves 27 vulnerabilities across the following
product(s): [1]
AV1 Video Extension
Microsoft Remote Desktop
Windows 10
Windows 11
Windows 11 version 21H2
Windows Server 2012
Windows Server 2012 R2
Windows Server 2016
Windows Server 2019
Windows Server 2022
IMPACT
Microsoft has given the following details regarding these vulnerabilities.
Details Impact Severity
CVE-2023-24898 Denial of Service Important
CVE-2023-24899 Elevation of Privilege Important
CVE-2023-24900 Information Disclosure Important
CVE-2023-24901 Information Disclosure Important
CVE-2023-24902 Elevation of Privilege Important
CVE-2023-24903 Remote Code Execution Critical
CVE-2023-24905 Remote Code Execution Important
CVE-2023-24932 Security Feature Bypass Important
CVE-2023-24939 Denial of Service Important
CVE-2023-24940 Denial of Service Important
CVE-2023-24941 Remote Code Execution Critical
CVE-2023-24942 Denial of Service Important
CVE-2023-24943 Remote Code Execution Critical
CVE-2023-24944 Information Disclosure Important
CVE-2023-24945 Information Disclosure Important
CVE-2023-24946 Elevation of Privilege Important
CVE-2023-24947 Remote Code Execution Important
CVE-2023-24948 Elevation of Privilege Important
CVE-2023-24949 Elevation of Privilege Important
CVE-2023-28251 Security Feature Bypass Important
CVE-2023-28283 Remote Code Execution Critical
CVE-2023-28290 Information Disclosure Important
CVE-2023-29324 Security Feature Bypass Important
CVE-2023-29325 Remote Code Execution Critical
CVE-2023-29336 Elevation of Privilege Important
CVE-2023-29340 Remote Code Execution Important
CVE-2023-29341 Remote Code Execution Important
MITIGATION
Microsoft recommends updating the software with the version made
available on the Microsoft Update Catalogue for the following
Knowledge Base articles. [1].
KB5026361, KB5026362, KB5026363, KB5026366, KB5026368
KB5026370, KB5026372, KB5026382, KB5026409, KB5026411
KB5026415, KB5026419, KB5026456
REFERENCES
[1] Microsoft Security Update Guidance
https://portal.msrc.microsoft.com/en-us/security-guidance
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBZFrNHckNZI30y1K9AQhNNQ/6A32A/CIXOM4mBcTeEECQOyhbgkRfmoll
8VRrsR49VZSIz7yE8t0avlANurCr4O4XviFtrhkw0ssJhzeTxHkL42vU6YI9paT6
DWDsnfr0zghfGcTr2M8GZ5afuxOul2S7Rv082LQcDDD3YHJ2UXTieq7nadyxFNx9
b8HAnP3VYwYAMNVo4hKo5UMR19AZyM7anvC3DH+9B81zNQ+u9dtnHVrJeO71h5Dp
WxPI4tCRauMpGSYQ2mLwWziuBjDrAb2Xfl9UIbF1CbwMYFGNzRndHb0S0EAOpQhJ
ynGvckcAR4XXyVXTNGCT76TWC0Fb7W4/YZRsEktNRwmS/1jzuzZq1lvM42uJM/M5
eFgXmK0zBsTghzmzktFYwRdsWGq8+uHhflya3G5H0JVrm1hK+ZkroMPGZHTg4n7r
Fuj8DeeqxBmXvrov6ORSgVL4nK9F4Qy/cfsrNm9l6eKbjjcyHoNRhAQSm1DIsQup
SbmX4KKG+WOTqtflfDITvaw91UEOMdjUdOE6NXukwwlooE3/SGWjSlFXdm4OCflO
2wYczdLVmRHTqaEN7DPmWBlLZKt2mt+cXrcy2fQxeD2cHpl8Afl7xd3SBvKnCu1H
lGbz3AnTIlPchVJJ+n9jwQHimXWtlsXFBRjZ3v0pQXkWTF/z5xZ9l9Orn9RgLLEL
ODT8SlCmHJQ=
=STfy
-----END PGP SIGNATURE-----