Microsoft Patch Tuesday for May 2023 fixed 2 actively exploited zero-day flaws


Microsoft released security upgrades in May 2023 that fix 40 vulnerabilities, including two zero-day issues that are already being actively used in attacks. Microsoft Teams, SharePoint Server, Microsoft Edge (based on Chromium), Visual Studio, SysInternals, and Microsoft Windows are all affected by the issues.

Win32k Elevation of Privilege Vulnerability, CVE-2023-29336 (CVSS 7.8). Attacks deliberately take advantage of this vulnerability. A code execution defect and the weakness can be combined to propagate malware. Researchers from the Avast Antivirus company, Jan Vojtek, Milánek, and Luigino Camastra, discovered the vulnerability, which shows that it was a component of an attack chain used to spread malware.

Read More…