🐛 COMMON VULNERABILITIES AND EXPOSURES 43[−]
9 MayCVE-2022-41121 Windows Graphics Component Elevation of Privilege VulnerabilityIn the Security Updates table, removed Remote Desktop client for Windows Desktop as it is not affected by this vulnerability. This is an informational change only.MSRC.MICROSOFT.COM
9 MayCVE-2023-28283 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 MayCVE-2023-24898 Windows SMB Denial of Service VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 MayCVE-2023-24899 Windows Graphics Component Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 MayCVE-2023-24939 Server for NFS Denial of Service VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 MayCVE-2023-24900 Windows NTLM Security Support Provider Information Disclosure VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 MayCVE-2023-24901 Windows NFS Portmapper Information Disclosure VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 MayCVE-2023-24941 Windows Network File System Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 MayCVE-2023-24942 Remote Procedure Call Runtime Denial of Service VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 MayCVE-2023-24903 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 MayCVE-2023-24905 Remote Desktop Client Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 MayCVE-2023-24945 Windows iSCSI Target Service Information Disclosure VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 MayCVE-2023-24946 Windows Backup Service Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 MayCVE-2023-24947 Windows Bluetooth Driver Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 MayCVE-2023-24948 Windows Bluetooth Driver Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 MayCVE-2023-24949 Windows Kernel Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 MayCVE-2023-24950 Microsoft SharePoint Server Spoofing VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 MayCVE-2023-24953 Microsoft Excel Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 MayCVE-2023-24954 Microsoft SharePoint Server Information Disclosure VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 MayCVE-2023-24955 Microsoft SharePoint Server Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 MayCVE-2023-29324 Windows MSHTML Platform Security Feature Bypass VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 MayCVE-2023-29335 Microsoft Word Security Feature Bypass VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 MayCVE-2023-29336 Win32k Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 MayCVE-2023-29338 Visual Studio Code Information Disclosure VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 MayCVE-2023-29340 AV1 Video Extension Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 MayCVE-2023-29341 AV1 Video Extension Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 MayCVE-2023-29343 SysInternals Sysmon for Windows Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 MayCVE-2023-28251 Windows Driver Revocation List Security Feature Bypass VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 MayCVE-2023-28290 Microsoft Remote Desktop app for Windows Information Disclosure VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 MayCVE-2023-24904 Windows Installer Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 MayCVE-2023-29325 Windows OLE Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 MayCVE-2023-29333 Microsoft Access Denial of Service VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 MayCVE-2023-29344 Microsoft Office Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 MayCVE-2023-24858 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure VulnerabilityUpdated one or more CVSS scores for the affected products. This is an informational change only.MSRC.MICROSOFT.COM
9 MayCVE-2023-24911 Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure VulnerabilityUpdated one or more CVSS scores for the affected products and added an FAQ explaining the vector string settings. This is an informational change only.MSRC.MICROSOFT.COM
9 MayCVE-2023-24892 Microsoft Edge (Chromium-based) Webview2 Spoofing VulnerabilityUpdated one or more CVSS scores for the affected products and added an FAQ explaining the vector string settings. This is an informational change only.MSRC.MICROSOFT.COM
9 MayCVE-2023-21738 Microsoft Office Visio Remote Code Execution VulnerabilityUpdated one or more CVSS scores for the affected products. This is an informational change only.MSRC.MICROSOFT.COM
9 MayCVE-2023-21779 Visual Studio Code Remote Code Execution VulnerabilityUpdated one or more CVSS scores for the affected products. This is an informational change only.MSRC.MICROSOFT.COM
9 MayCVE-2022-26928 Windows Photo Import API Elevation of Privilege VulnerabilityTo comprehensively address CVE-2022-26928, Microsoft has released May 2023 security updates for all affected versions of Microsoft Windows. Microsoft strongly recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are c…MSRC.MICROSOFT.COM
9 MayCVE-2013-3900 WinVerifyTrust Signature Validation VulnerabilityIn the Executive Summary, corrected information about Windows 10 and Windows 11 to state that the supporting code for this reg key was incorporated at the time of release for Windows 10 and Windows 11, so no security update is required; however, the reg key must be set. This is a…MSRC.MICROSOFT.COM
9 MayCVE-2022-29900 AMD: CVE-2022-29900 AMD CPU Branch Type ConfusionThis document originally was associated with CVE-2022-23816. That CVE was officially rejected by the assigning CNA in lie u of a different CVE which was associated with the same vulnerability. For this reason, we updated this document to reference CVE-2022-29900. This is an infor…MSRC.MICROSOFT.COM
9 MayCVE-2021-28452 Microsoft Outlook Memory Corruption VulnerabilityCorrected Article links in the Security Updates table. This is an informational change only.MSRC.MICROSOFT.COM
9 MayGuidance related to Secure Boot Manager changes associated with CVE-2023-24932Summary Summary Today, Microsoft is releasing CVE-2023-24932, and associated configuration guidance, to address a Secure Boot bypass vulnerability used by the BlackLotus bootkit to exploit CVE-2022-21894. Customers will need to closely follow the configuration guidance to fully p…MSRC.MICROSOFT.COM
⚠️ VULNERABILITY DISCLOSURE 2[−]
9 MayMultiple Vulnerabilities in Aruba Products Could Allow for Arbitrary Code Execution.Multiple vulnerabilities have been discovered in Aruba Products, the most severe of which could allow for Arbitrary code execution. Aruba Mobility Conductor is an advanced WLAN deployed as a virtual machine (VM) or installed on an x86-based hardware appliance. Aruba Mobility Cont…CISECURITY.ORG
9 MayCritical Patches Issued for Microsoft Products, May 9, 2023Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, o…CISECURITY.ORG
🕵️ THREAT INTELLIGENCE 1[−]
9 MayESET APT Activity Report Q4 2022–Q1 2023An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q4 2022 and Q1 2023WELIVESECURITY.COM
🌐 CYBER THREAT LANDSCAPE 1[−]
9 MayHow the war in Ukraine has been a catalyst in private-public collaborationsAs the war shows no signs of ending and cyber-activity by states and criminal groups remains high, conversations around the cyber-resilience of critical infrastructure have never been more vitalWELIVESECURITY.COM