Microsoft Monthly Security Update (May 2023)
[Updated on 2024-03-28]
Updated Source and Related Links.
CVE-2023-24955 vulnerability is exploited in the wild. In a network-based attack, an authenticated attacker as a Site Owner could execute code remotely on the SharePoint Server. Hence, the risk level is rated from Medium Risk to High Risk.
Microsoft has released monthly security update for their products:
| Vulnerable Product | Risk Level | Impacts | Notes |
| Browser |  Medium Risk | Elevation of Privilege Security Restriction Bypass | |
| Microsoft Office |  High Risk | Information Disclosure Spoofing Remote Code Execution Security Restriction Bypass Denial of Service | vulnerability is exploited in the wild. In a network-based attack, an authenticated attacker as a Site Owner could execute code remotely on the SharePoint Server. Hence, the risk level is rated from Medium Risk to High Risk. |
| Windows | Medium Risk | Remote Code Execution Denial of Service Elevation of Privilege Information Disclosure Security Restriction Bypass | is being exploited in the wild. The vulnerability can be exploited by using Win32k to trigger elevation of privilege, but this CVE is required local access and it is rated as risk medium.
is being exploited in the wild. The vulnerability can be exploited by using Windows Secure Boot to trigger security restriction bypass, but this CVE is required local access and it is rated as risk medium. |
| Extended Security Updates (ESU) | Medium Risk | Remote Code Execution Information Disclosure Denial of Service Elevation of Privilege Security Restriction Bypass | is being exploited in the wild. The vulnerability can be exploited by using Win32k to trigger elevation of privilege, but this CVE is required local access and it is rated as risk medium.
is being exploited in the wild. The vulnerability can be exploited by using Windows Secure Boot to trigger security restriction bypass, but this CVE is required local access and it is rated as risk medium. |
| Developer Tools | Medium Risk | Information Disclosure Elevation of Privilege |
Number of ‘Extremely High Risk’ product(s): 0
Number of ‘High Risk’ product(s): 1
Number of ‘Medium Risk’ product(s): 4
Number of ‘Low Risk’ product(s): 0
Evaluation of overall ‘Risk Level’: High Risk
RISK: High Risk
TYPE: Operating Systems – Windows OS
Impact
- Denial of Service
- Elevation of Privilege
- Information Disclosure
- Remote Code Execution
- Spoofing
- Security Restriction Bypass
System / Technologies affected
- Browser
- Microsoft Office
- Windows
- Extended Security Updates (ESU)
- Developer Tools
Solutions
Before installation of the software, please visit the vendor web-site for more details.
- Apply fixes issued by the vendor.
Vulnerability Identifier
Source
Related Link
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
