Microsoft Releases 38 Security Updates to Address Critical Vulnerabilities
Microsoft has released 38 security updates on Tuesday, May 11, addressing several critical vulnerabilities in its products. Security experts are urging users to install the patches as soon as possible, as two of the vulnerabilities are already being actively exploited by attackers.
Identification of Vulnerabilities
Six out of the 38 vulnerabilities have a critical level of danger. Dustin Childs from Zero Dan Initiative noted that CVE-2023-29336, which is a vulnerability with a rating of 7.8 out of 10, could be used to obtain system privileges on computers with Windows. “This type of increase in privileges is usually combined with the error of the code for the spread of malware,” Childs added. Additionally, Microsoft recognized that CVE-2023-24932, which is a Secure Boot protection bypass vulnerability, was being used by the Blacklotus Butotkt to infect computers with Windows.
Response from Microsoft
Microsoft security experts thank the researchers from Avast by Yana Voleschek, Milanec, and Luigo Kamastra for the discovery and disclosure of CVE-2023-29336. While Microsoft Security Response Center (MSRC) identified the vulnerability of CVE-2023-24932 separately and noted that it was necessary for “complete protection against this vulnerability”. MSRC warned that “this vulnerability allows the attacker to execute a self-signed code at the Unified Extensible Firmware Interface (UEFI) when Secure Boot is turned on” and is used mainly as a mechanism for preserving and bypassing protection. However, the attacker needs physical access or local rights of the administrator on the target device for the successful use of this vulnerability.
Blacklotus Vulnerability
Blacklotus is a type of UEFI Butkin, which is sold on hacker forums for approximately $5,000. It is a rare type of malicious software as it works on Windows systems even with the security function of Secure Boot which was put in place to block Blacklotus. Security researcher Martin Smolar from Eset and Tomer Snow-Or from Sentinelone revealed CVE-2023-24932 as the Blacklotus vulnerability that allows attackers to bypass Secure Boot.
Conclusion
If you are using any of Microsoft’s products, it is crucial to install the released patches as soon as possible to protect your system and data from cybercriminals who may exploit these vulnerabilities.