You are currently viewing #Microsoft Security&Cumulative Updates-May Tusday Patches

#Microsoft Security&Cumulative Updates-May Tusday Patches

This is May- Tuesday Microsoft Security updates

report created by : Hazem Mohamed | 15-May-2023

Microsoft announcement regarding Windows clients: IMPORTANT Starting in April 2023, optional, non-security preview updates will release on the fourth Tuesday of the month. For more

Kindly check the information gathered about May security updates :

CVEs
Microsoft’s MAY  2023 Tuesday Updates, Microsoft released patches to 38 vulnerabilities, including THREE zero-day CVE-2023-29336 (Win32k Elevation of Privilege Vulnerability), CVE-2023-24932 (Secure Boot Security Feature Bypass Vulnerability), and CVE-2023-29325 (Windows OLE Remote Code Execution Vulnerability)

  • 8 Elevation of Privilege Vulnerabilities
  • 4 Security Feature Bypass Vulnerabilities
  • 12 Remote Code Execution Vulnerabilities
  • 8 Information Disclosure Vulnerabilities
  • 5 Denial of Service Vulnerabilities
  • 1 Spoofing Vulnerabilities

Windows Server 2016 has 18  CVEs: 5 Critical and 13 Important

Critical CVEs :

 

CVE-2023-24903
CVE-2023-29325
CVE-2023-24943
CVE-2023-24941
CVE-2023-28283
CVE-2023-24903
Important CVEs:

 

CVE-2023-24947
CVE-2023-29336
CVE-2023-29324
CVE-2023-24948
CVE-2023-24946
CVE-2023-24945
CVE-2023-24942
CVE-2023-24901
CVE-2023-24940
CVE-2023-24900
CVE-2023-24939
CVE-2023-28251
CVE-2023-24932
 
KBs for Windows Servers 2016
1-       KB5023788 (March-Servicing stack update)

2-      KB5026363 (Monthly Security Update)

Clients

Windows 10 version 21H2 and 22H2

2023-05 Cumulative Update for Windows 10 Version 22H2, Windows 10 Version 21H2, and Windows 10 Version 20H2 (KB5026361)

Updates and improvements:

  • This update addresses a race condition in Windows Local Administrator Password Solution (LAPS). The Local Security Authority Subsystem Service (LSASS) might stop responding.
  • The update includes content of the preview update, released on April 25, 2023. Notable are a new option to configure application group rules and the ability to sync language and region settings when the Microsoft account display language or regional format are changed.

Windows 11 Release version 

Updates and improvements:

  • This update addresses a race condition in Windows Local Administrator Password Solution (LAPS). The Local Security Authority Subsystem Service (LSASS) might stop responding.
  • Also includes the preview updates released on April 25.

Windows 11 version 22H2  

Updates and improvements:

  • Adds a new toggle to Settings > Windows Update to get Windows updates early.
  • This update addresses a race condition in Windows Local Administrator Password Solution (LAPS). The Local Security Authority Subsystem Service (LSASS) might stop responding.
  • This update affects the Kernel-mode Hardware-enforced Stack Protection security feature. The update adds more drivers to the database of drivers that are not compatible with it.
  • Includes the non-security updates released on April 25 as a preview. Same new features as in Windows 10’s preview update.

Other security updates

2023-05 Cumulative Security Update for Internet Explorer (KB5026366)

2023-05 Cumulative Update for Windows 10 Version 1507 for x86-based Systems (KB5026382)

Servers:

Windows Server 2016:

KB5023788 (Servicing stack update)

 Before installing Security updates:

Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security updates.

the latest SSU (KB5023788) as mentioned …

 

Highlights:

  • This update addresses security issues for your Windows operating system.

Improvements:

This security update includes quality improvements. When you install this KB:

 This update affects the Islamic Republic of Iran. The update supports the government’s daylight saving time change order from 2022.

  • This update addresses an issue that affects the Key Distribution Center (KDC) service. When the service stops on a local machine, signing in to all local Kerberos fails. The error is STATUS_NETLOGON_NOT_STARTED.
  • This update addresses an issue that affects Microsoft Edge IE mode. The issue stops you from configuring add-ons.

If you installed earlier updates, only the new updates contained in this package will be downloaded and installed on your device.

For more information about security vulnerabilities, please refer to the new Security Update Guide website and the May 2023 Security Updates.

Known issues in this update :

Microsoft is not currently aware of any issues with this update.

2023-05 Cumulative Update for Windows Server 2016 and Windows 10 Version 1607 (KB5026363)

2023-05 Cumulative Update for Windows Server 2019 and Windows 10 Version 1809 (KB5026362)

2023-05 Security Monthly Quality Rollup for Windows Server 2008 (KB5026408)

2023-05 Security Only Quality Update for Windows Server 2008 (KB5026427)

2023-05 Security Monthly Quality Rollup for Windows Embedded Standard 7 and Windows Server 2008 R2 (KB5026413)

2023-05 Security Only Quality Update for Windows Embedded Standard 7 and Windows Server 2008 R2 (KB5026426)

2023-05 Security Only Quality Update for Windows Embedded 8 Standard and Windows Server 2012 (KB5026411)

2023-05 Security Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012 (KB5026419)

2023-05 Security Only Quality Update for Windows Embedded 8.1 and Windows Server 2012 R2 (KB5026409)

2023-05 Security Monthly Quality Rollup for Windows Embedded 8.1 and Windows Server 2012 R2 (KB5026415)

2023-05 Cumulative security Hotpatch for Azure Stack HCI, version 21H2 and Windows Server 2022 Datacenter: Azure Edition for x64-based Systems (KB5026456)

2023-05 Cumulative Update for Microsoft server operating system version 21H2 and Microsoft server operating system, version 22H2 for x64-based Systems (KB5026370)

References :

https://msrc.microsoft.com/update-guide/

https://msrc.microsoft.com/update-guide/en-us/releaseNote/2023-May

Best Regards,

Hazem Mohamed – SC & BC

hmohamed200@gmail.com