Microsoft Patch Tuesday May 2023: Microsoft Edge, BlackLotus Secure Boot SFB, OLE RCE, Win32k EoP

Hello everyone! This episode will be about Microsoft Patch Tuesday for May 2023, including vulnerabilities that were added between April and May Patch Tuesdays. As usual, I use my open source Vulristics project to analyse and prioritize vulnerabilities. I took the comments about the vulnerabilities from the Qualys, Tenable, Rapid7, ZDI Patch Tuesday reviews. It’s been a long time since we’ve had such tiny Patch Tuesday. 57 CVEs, including CVEs appeared during the month. And only 38 without them! 😄 Urgent 00:45 Memory Corruption – Microsoft Edge (CVE-2023-2033) Critical 01:17 Security Feature Bypass – Secure Boot (CVE-2023-24932) 02:55 Memory Corruption – Microsoft Edge (CVE-2023-2136) High 03:11 Remote Code Execution – Windows OLE (CVE-2023-29325) 04:20 Elevation of Privilege – Windows Win32k (CVE-2023-29336) 05:19 Remote Code Execution – Windows Network File System (CVE-2023-24941) 06:07 Remote Code Execution – Windows Pragmatic General Multicast (PGM) (CVE-2023-24943) 06:58 Remote Code Execution – Windows Lightweight Directory Access Protocol (LDAP) (CVE-2023-28283) 07:31 Remote Code Execution – Microsoft SharePoint (CVE-2023-24955) #BlackLotus #PatchTuesday #Microsoft #EoP #LDAP #MicrosoftEdge #NFS #OLE #PGM #RCE #SecureBoot #SharePoint #Win32k