Microsoft’s May 2023 Security Patch Addresses Critical Vulnerabilities, With Several Rated “Exploitation More Likely”

Microsoft has released its monthly security patch for May 2023, addressing several critical vulnerabilities across its products. Among the 40 vulnerabilities addressed in this update, some have been classified as “Exploitation More Likely” due to the higher possibility of being targeted by cybercriminals. This article will focus on these high-risk vulnerabilities and provide a summary of the most severe ones, with a Common Vulnerability Scoring System (CVSS) Base Score of 9.0 or more.

The following vulnerabilities have been rated “Exploitation More Likely”:

1. Windows Win32K (CVE-2023-24902) – CVSS Base Score: 7.8
2. Windows Network File System (CVE-2023-24941) – CVSS Base Score: 9.8
3. Windows Kernel (CVE-2023-24949) – CVSS Base Score: 7.8
4. Microsoft Office SharePoint (CVE-2023-24950) – CVSS Base Score: 8.8
5. Microsoft Office SharePoint (CVE-2023-24954) – CVSS Base Score: 6.5
6. Microsoft Office SharePoint (CVE-2023-24955) – CVSS Base Score: 7.2
7. Windows MSHTML Platform (CVE-2023-29324) – CVSS Base Score: 7.5
8. Windows OLE (CVE-2023-29325) – CVSS Base Score: 8.1

Out of these, two vulnerabilities have a CVSS Base Score of 9.0 or more:

1. Windows Network File System (CVE-2023-24941) – CVSS Base Score: 9.8
2. Reliable Multicast Transport Driver (RMCAST) (CVE-2023-24943) – CVSS Base Score: 9.8

CVE-2023-24941 is a significant remote code execution (RCE) vulnerability in the Windows Network File System (NFS), receiving a high severity rating of 9.8 out of 10. This exploit particularly impacts NFS 4, though this is not enabled by default. An attacker can exploit this vulnerability over a network by making an unauthenticated, specially crafted call to an NFS service to execute code on the targeted machine. It does not require any user interactions or special privileges to exploit, which makes it particularly dangerous. Microsoft has outlined several mitigation steps for affected users to prevent the execution of this vulnerability. However, considering the possible large-scale impacts on the environment, the recommended action is to apply the appropriate patch as soon as possible​.

On the other hand, CVE-2023-24943 is another critical RCE vulnerability that uses the Pragmatic General Multicast (PGM). This vulnerability is also rated 9.8 on the severity scale. If a PGM server is running the Windows Messaging Queue service, an attacker could send a file to execute remote code. This exploit doesn’t require user interaction or credentials. Despite its potential for exploitation, Microsoft considers it less likely to be exploited, primarily due to the availability of newer technologies that can be implemented for similar tasks. Nevertheless, if you’re using a PGM server, it is advised to patch it immediately​.

It is essential for users and administrators to apply the necessary patches to mitigate the risk of exploitation. Microsoft continues to monitor the threat landscape and provide updates to ensure the security of its users and products.