Home » May 2023 Patch Tuesday Updates for Windows 11, and windows 10

May 2023 Patch Tuesday Updates for Windows 11, and windows 10

Today part of the May 2023 Patch Tuesday update Microsoft addressed a total of 38 security flaws, including three bug CVE-2023-29336, CVE-2023-24932 andCVE-2023-29325 that the company said is being actively exploited in the wild as zero day. Six vulnerabilities are rated Critical as they allow remote code execution and 32 are rated Important in severity.

Also, Microsoft has fixed several flaws in its software, including Denial of Service (DoS), Elevation of Privilege (EoP), Information Disclosure, Remote Code Execution (RCE), Security Feature Bypass, Spoofing, Microsoft Edge (Chromium-based), and Microsoft Edge (Chromium-based) / Spoofing.

And for client OS the company addressed an interoperability issue between the new Windows Local Administrator Password Solution (LAPS) and legacy LAPS policies. On Windows 11 version 22H2, this update also introduces a new setting for receiving the latest non-security updates as soon as they’re available.

The May 2023 Microsoft vulnerabilities are classified as follows:

Vulnerability Category Quantity Severities
Spoofing Vulnerability 1 Important: 1
Denial of Service Vulnerability 1 Important: 1
Elevation of Privilege Vulnerability 8 Important: 8
Information Disclosure Vulnerability 8 Important: 8
Remote Code Execution Vulnerability 12 Important: 6 Critical: 6
Security Feature Bypass Vulnerability 4 Important: 4

The May 2023 edition of Patch Tuesday brings us 38 fixes, with 6 rated as critical as they allow Elevation of Privilege (EoP), Remote Code Execution (RCE), and Spoofing.

Zero-day Vulnerabilities Patched in May Patch Tuesday Edition

Critical Severity Vulnerabilities Patched in March Patch Tuesday Edition

  • CVE-2023-24941: Windows Network File System Remote Code Execution Vulnerability
  • CVE-2023-24943 Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
  • CVE-2023-24903 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
  • CVE-2023-28283: Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
  • CVE-2023-24955 Microsoft SharePoint Server Remote Code Execution Vulnerability
  • CVE-2023-29324 Windows MSHTML Platform Security Feature Bypass Vulnerability

 Other Microsoft Vulnerability Highlights

  • CVE-2023-24902, an elevation of privilege vulnerability in Win32k that may allow an attacker to gain SYSTEM privileges on successful exploitation.
  • CVE-2023-24949, Windows kernel elevation of privilege vulnerability with which an attacker could gain SYSTEM privileges on affected systems.
  • CVE-2023-24950, the spoofing vulnerability, allows a privileged attacker to create a site on a vulnerable SharePoint server. An attacker may cause the server to leak its NTLM hash on successful exploitation.
  • CVE-2023-24954, an authenticated attacker may exploit this vulnerability to disclose user tokens and other potentially sensitive information. An attacker could gain the Domain SID prefix for the targeted site on successful exploitation.

Windows and Patch Tuesday for May 2023

Today part of the Microsoft patch Tuesday, May 2023 the company has released new cumulative updates for all supported devices, including Windows server and client OS Windows 11 and Windows 10 as well.

Windows 10 22H2 and 21H2 are the victims of 19 vulnerabilities, 4 of which are critical and 15 important.

  • Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability — CVE-2023-24903
  • Windows OLE Remote Code Execution Vulnerability — CVE-2023-29325
  • Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability — CVE-2023-24943
  • Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability — CVE-2023-28283

Windows 11 and Windows 11 22H2 are victims of the same security problems as Windows 10. We thus have 20 vulnerabilities of which 4 are critical and 16 important.

Today’s update includes two new features on Windows 11, the Option to get the latest non-security updates immediately and animation effects have been added to the Widgets icons in the taskbar.

Note – Ensure the Animations effect is enabled on Settings app >> Accessiblity >> Visual Effects

There is a new toggle on Settings app >> Windows Update to choose whether you want to receive the latest non-security Windows updates on priority.

When this option is enabled, Microsoft will prioritize your device to get the latest enhancements and features before many others.

This update also  addressed the interoperability issue between the new Windows LAPS and legacy LAPS policies

Microsoft has also fixed the following bugs in this patch:

  • Microsoft Edge IE mode Pop-up windows open in the background instead of in the foreground.
  • An issue that affects mobile device management (MDM) customers and stops you from printing. This occurs because of an exception.
  • An issue that affects signed Windows Defender Application Control (WDAC) policies..
  • Displays Task View in the wrong area. This occurs when you close a full screen game by pressing Win+Tab.
  • An issue that affects Administrator Account Lockout policies. GPResult and Resultant Set of Policy did not report them.

You can read the complete changelog here at the Microsoft support site.

All this little world is corrected through various cumulative updates

You can search for Windows updates and hit the check for updates button to get the latest Windows updates installed on your device.

Here are the direct links for a download and a manual installation.

  • Windows 10 (version 22H2, 21H2) -> KB5026361
  • Windows 11 version 21H2 (OS Build 22000.1936) -> KB5026368
  • Windows 11 version 22H2 (OS Build 22621.1702) -> KB5026372

If you are looking to download Windows 10 ISO, you can get it from here.

Also read:

Leave a Comment

Scroll to Top