Microsoft patched 38 vulnerabilities during Patch Tuesday. That’s a remarkably small number of bugs for the monthly fix round, which usually sees many more bugs fixed in recent months. Three of the vulnerabilities were zero-days.
Microsoft has KB5026361 for Windows 10 builds 19042.2965, 19044.2965 and 19045.2965 released and KB5026372 for Windows 11 version 22621.1702. In the monthly patch round, three zero-days are fixed. Two of them were actively abused during attacks. Details of the other had already been made public, but they were not exploited. The bugs CVE-2023-29336 and CVE-2023-24932 are a privilege escalation in Win32K and a Secure Boot bypass, respectively. The latter was used by a bootkit called BlackLotus, according to Microsoft. Details about this were released by ESET in March. Microsoft never discloses how the attacks were practically exploited.
A third vulnerability, CVE-2023-29325, is a remote code execution in Windows Object Linking and Embedding. Details of this had already been made public, but the vulnerability was not known to be exploited.
During the May monthly patch round, Microsoft patched a total of 38 vulnerabilities. There are relatively few; in recent months, the number of vulnerabilities repaired has often approached or exceeded a hundred. Of the vulnerabilities, twelve had the ability to remotely execute code. Furthermore, in eight cases it was possible to retrieve data from a system and in another eight cases it was possible to increase the rights on a system. It also fixed five denial-of-service bugs, four ways to bypass security, and one spoofing bug.