Microsoft’s May Patch Tuesday Fixes 38 Flaws, Including Active Zero-Day Bug


Microsoft has rolled out Patch Tuesday updates for May 2023 to address 38 security flaws, including one zero-day bug that it said is being actively exploited in the wild.

Trend Micro’s Zero Day Initiative (ZDI) said the volume is the lowest since August 2021, although it pointed out that “this number is expected to rise in the coming months.”

Of the 38 vulnerabilities, six are rated Critical and 32 are rated Important in severity. Eight of the flaws have been tagged with “Exploitation More Likely” assessment by Microsoft.

This is aside from 18 flaws – including 11 bugs since the start of May – the Windows maker resolved in its Chromium-based Edge browser following the release of April Patch Tuesday updates.

Topping the list is CVE-2023-29336 (CVSS score: 7.8), a privilege escalation flaw in Win32k that has come under active exploitation. It’s not immediately clear how widespread the attacks are.

Read more…