Report a cybercrime, cyber security incident or vulnerability.
Report

What are you looking for?

You can search for keywords to find pages that can help you e.g. scam
First published: 11 May 2023
Last updated: 11 May 2023

Content written for

Individuals & families
Small & medium business
Large organisations & infrastructure
Government

This Alert is relevant to Australians who are running Microsoft products. This alert is intended to be understood by slightly more technical users.

Users are encouraged to immediately apply any available patches.

Background / What has happened?

The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has reviewed the Microsoft May 2023 Security Update.

The Security Update provided patches for 40 vulnerabilities.

2 vulnerabilities are believed to have been exploited.

6 vulnerabilities are rated ‘Critical’.

The following vulnerabilities are important based on their severity, widespread use of the related product and/or likelihood of exploitation.

Network File System (NFS) Remote Code Execution (CVE-2023-24941):

  • Critical CVSS Rating of 9.8
  • Allows unauthenticated remote code execution (RCE) with low complexity. Exploitation is likely to occur.
  • NFS is a common file sharing solution.

Outlook Remote Code Execution (CVE-2023-29325):

  • A malicious email sent to a victim can cause RCE when the email is viewed, including in the preview panel.
  • Outlook is a widely used email client.
  • This vulnerability is likely to be exploited in phishing campaigns and can affect individuals, business and government.

Lightweight Directory Access Protocol Remote Code Execution (CVE-2023-28283):

  • An unauthenticated attacker can get RCE in the context of an LDAP Service.
  • Control over the LDAP service can lead to control of the Active Directory.
  • LDAP is widely used in government and business environments as part of Active Diretory.

Multiple SharePoint vulnerabilities (CVE-2023-24955, CVE-2023-24950, CVE-2023-24954):

  • Multiple authenticated vulnerabilities affecting Microsoft SharePoint.
  • Vulnerabilities allow for RCE and leaking of sensitive security information. Each of these could lead to compromise.
  • Many organisations keep sensitive information in SharePoint.
  • The requirement for single factor authentication is not a significant mitigation against authenticated vulnerabilities for internet facing systems. Malicious actors have many techniques and information sources for gaining authenticated access.

Win32 Kernel Elevation of Privilege (CVE-2023-29336):

  • A local privilege escalation vulnerability affecting Windows systems.
  • Elevation to SYSTEM privileges which can allow an attacker to take full control of a system.
  • Microsoft reports active exploitation detected.  

Windows Secure Boot Bypass Flaw (CVE-2023-24932):

  • UEFI Boot bypass flaw being used to install the Black Lotus UEFI Bootkit, which has been used to deploy persistent malware.
  • Microsoft reports active exploitation detected.
  • Additional actions are required after patching.
  • https://support.microsoft.com/help/5025885

Mitigation / How do I stay secure?

Technical subject matter experts that use Microsoft products should read the associated security update guides available for their products.

Security Update Guide - Microsoft

The UEFI vulnerability has additional mitigations required after patching.

General users should consider enabling automatic patching of Microsoft products if they have not already done so.

Assistance / Where can I go for help?

Organisations or individuals that have been impacted or require assistance can contact us via 1300 CYBER1 (1300 292 371).

Was this information helpful?

Thanks for your feedback!

Optional

Tell us why this information was helpful and we’ll work on making more pages like it