Executive summary

Microsoft’s May patch Tuesday addressed 38 security issues, including one actively exploited zero-day vulnerability used to escalate privileges. Adobe released updates to fix security issues across their products, including one actively exploited vulnerability impacting Acrobat and Reader. SAP have also issued fixes for a number of vulnerabilities within their product range.

Microsoft

Microsoft’s May Patch Tuesday provides updates to address 38 security issues across its product range, including three zero-day vulnerabilities (CVE-2023-29336, CVE-2923-24932 and CVE-2023-29325). One of the exploited zero-day vulnerabilities (CVE-2023-29336) is a privilege escalation vulnerability which has been added the US Cybersecurity and Infrastructure Security Agency’s (CISA) “Known Exploited Vulnerabilities Catalog”. 6 critical vulnerabilities were also patched through updates provided by Microsoft.

Adobe

This month, Adobe released fixes for 43 vulnerabilities, of which 22 were rated critical. The 43 vulnerabilities impact Adobe Experience Manager(1), InDesign(3), Illustrator(5), InCopy(1), Genuine Service(1), Acrobat(14), Magneto(7), Creative Cloud Desktop Application(1), Media Encoder(1), After Effects(security bulletin not available), Medium(1), Animate(7). One vulnerability (CVE-2021-28550) has been recorded as actively exploited.

SAP

Enterprise software vendor SAP has addressed vulnerabilities in several of its products, including two critical-severity vulnerabilities that impact SAP 3D visual Enterprise License Manager and SAP BusinessObjects Business Intelligence Platform. The updates included fixes for 18 vulnerabilities. Including remote execution and authentication bypass. A total of 2 vulnerabilities were given the “Hot News” priority, which is the highest priority according to SAP.

What’s the risk to me or my business?

The actively exploited vulnerabilities could allow an attacker to gain SYSTEM privileges, remotely execute code and install bootkits. All of which could be used to compromise the confidentiality, integrity and availability of information stored by an organisation.

What can I do?

Regarding Microsoft’s patch Tuesday, security updates are available for all supported versions of Windows impacted. The updates should be applied as soon as possible for the zero day vulnerabilities and all other vulnerabilities that have a critical severity rating. For CVE-2023-2942, the patch is not enabled by default and as such must be applied. For CVE-2023-29325, Microsoft have recommended that if a patch is not applied, the vulnerability can be mitigated by users viewing emails in plain text format.

The exploited zero-day vulnerability impacting Adobe should be patched immediately. Updates should also be applied immediately for critical vulnerabilities impacting both Adobe and SAP products.

Technical Summary

CVE-2023-29336: The actively exploited vulnerability could allow an attacker to gain SYSTEM privileges, effectively providing them with unlimited permission.

CVE-2023-29432: This zero day vulnerability allows an attacker with physical access or administrative rights to install the Blacklotus UEFI bootkit. The UEFI is usually the first thing to run and the bootkit therefore is invisible to security software running on the impacted device.

CVE-2023-29325: this zero day vulnerability allows an attacker to perform remote code execution in Outlook, through specially crafted emails. These emails only need to be previewed for the exploit to work.

CVE-2021-28550: This is a remote code execution vulnerability impacting Adobe Acrobat and Reader which would allow the attacker to perform commands with the same permissions as the victim would.    

Further details on other specific updates within Microsoft’s patch Tuesday can be found here: https://www.ghacks.net/2023/05/09/microsoft-patches-several-critical-security-issues-on-the-may-2023-windows-patch-day/

Further details about CVE-2023-29336 can be found here: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-29336   

Further details about CVE-2023-24932 can be found here: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-24932    

Further details about 2023-29325 can be found here: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-29325    

Further details of the vulnerabilities addressed in Adobe Experience Manager can be found here: https://helpx.adobe.com/security/products/experience-manager/apsb21-15.html

Further details of the vulnerabilities addressed in Adobe InDesign can be found here: https://helpx.adobe.com/security/products/indesign/apsb21-22.html

Further details of the vulnerabilities addressed in Adobe Illustrator can be found here: https://helpx.adobe.com/security/products/illustrator/apsb21-24.html

Further details of the vulnerabilities addressed in Adobe InCopy can be found here: https://helpx.adobe.com/security/products/incopy/apsb21-25.html

Further details of the vulnerabilities addressed in Adobe Acrobat and Reader can be found here: https://helpx.adobe.com/security/products/acrobat/apsb21-29.html

Further details of the vulnerabilities addressed in Adobe Magento can be found here: https://helpx.adobe.com/security/products/magento/apsb21-30.html

Further details of the vulnerabilities addressed in Adobe Creative Cloud Desktop Application can be found here: https://helpx.adobe.com/security/products/creative-cloud/apsb21-31.html

Further details of the vulnerabilities addressed in Adobe Media Encoder can be found here: https://helpx.adobe.com/security/products/media-encoder/apsb21-32.html

Further details of the vulnerabilities addressed in Adobe Medium can be found here: https://helpx.adobe.com/security/products/medium/apsb21-34.html

Further details of the vulnerabilities addressed in Adobe Animate can be found here: https://helpx.adobe.com/security/products/animate/apsb21-35.html

Further details of the vulnerabilities addressed by SAP can be found here: https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity