Windows 10: Microsoft patches several critical security issues on the May 2023 Windows Patch Day

Discus and support Microsoft patches several critical security issues on the May 2023 Windows Patch Day in Windows 10 News to solve the problem; Microsoft released security updates and non-security updates for all supported versions of its Windows operating system and other company products on... Discussion in 'Windows 10 News' started by GHacks, May 9, 2023.

  1. GHacks
    GHacks New Member

    Microsoft patches several critical security issues on the May 2023 Windows Patch Day


    Microsoft released security updates and non-security updates for all supported versions of its Windows operating system and other company products on the May 2023 Patch Tuesday.

    All versions of Windows are affected by critical updates. Updates were also released for other Microsoft products, including Microsoft Edge and Microsoft Office.

    This overview provides system administrators and home users with information on the released patches. It offers an overview of the Windows updates, lists known issues, links to support pages and direct downloads, and more.

    Click here to access our April 2023 overview of the Microsoft Patch Day.

    Microsoft Windows Security Updates: May 2023


    You can download the following Excel spreadsheet. It lists the released security updates of the May 2023 Microsoft Patch Day. Click on the following link to download it: windows may 2023 security updates

    Executive Summary

    • Microsoft released security updates for all supported client and server versions of Windows.
    • Security updates were also released for Microsoft Office, Visual Studio Code, Microsoft Bluetooth Driver, Windows Backup Engine, Remote Desktop Client, Windows SMB and Microsoft Teams.
    • The following Windows client version have known issues: Windows 10 version 1809, Windows 10 version 20H2, 21H2 and 22H2, Windows 11 version 21H2 and 22H2.
    • The following Windows server versions have known issues: Windows Server 2008 and 2008 R2, Windows Server 2019 and 2022
    • Microsoft won't release feature updates for Windows 10 anymore. Windows 10 version 22H2 is the last version of Windows 10.
    Operating System Distribution

    • Windows 10 version 21H2: 19 vulnerabilities, 4 critical and 15 important.
      • Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability -- CVE-2023-24903
      • Windows OLE Remote Code Execution Vulnerability -- CVE-2023-29325
      • Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability -- CVE-2023-24943
      • Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability -- CVE-2023-28283
    • Windows 10 version 22H2: 19 vulnerabilities, 4 critical and 15 important.
      • same as Windows 10 version 21H2
    • Windows 11 version 2!H2: 20 vulnerabilities, 4 critical and 16 important
      • Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability -- CVE-2023-24903
      • Windows OLE Remote Code Execution Vulnerability -- CVE-2023-29325
      • Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability -- CVE-2023-24943
      • Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability -- CVE-2023-28283
    • Windows 11 version 22H2: 19 vulnerabilities, 4 critical and 16 important
      • same as Windows 11 version 22H2

    Windows Server products

    • Windows Server 2008 R2 (extended support only): 14 vulnerabilities: 4 critical and 10 important
      • Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability -- CVE-2023-24943
      • Windows OLE Remote Code Execution Vulnerability -- CVE-2023-29325
      • Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability -- CVE-2023-24903
      • Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability -- CVE-2023-28283
    • Windows Server 2012 R2: 16 vulnerabilities: 5 critical and 11 important
      • Same as Windows Server 2008 R2, plus
      • Windows Network File System Remote Code Execution Vulnerability -- CVE-2023-24941
    • Windows Server 2016: 18 vulnerabilities: 5 critical and 13 important.
      • Same as Windows Server 2012 R2
    • Windows Server 2019: 19 vulnerabilities: 5 critical and 14 important.
      • Same as Windows Server 2012 R2
    • Windows Server 2022: 18 vulnerabilities: 5 critical and 131 important.
      • Same as Windows Server 2012 R2
    Windows Security Updates


    Windows 10 version 21H2 and 22H2


    Updates and improvements:

    • This update addresses a race condition in Windows Local Administrator Password Solution (LAPS). The Local Security Authority Subsystem Service (LSASS) might stop responding.
    • The update includes content of the preview update, released on April 25, 2023. Notable are a new option to configure application group rules and the ability to sync language and region settings when the Microsoft account display language or regional format are changed.

    Windows 11 Release version


    Updates and improvements:

    • This update addresses a race condition in Windows Local Administrator Password Solution (LAPS). The Local Security Authority Subsystem Service (LSASS) might stop responding.
    • Also includes the preview updates released on April 25.

    Windows 11 version 22H2


    Updates and improvements:

    • Adds a new toggle to Settings > Windows Update to get Windows updates early.
    • This update addresses a race condition in Windows Local Administrator Password Solution (LAPS). The Local Security Authority Subsystem Service (LSASS) might stop responding.
    • This update affects the Kernel-mode Hardware-enforced Stack Protection security feature. The update adds more drivers to the database of drivers that are not compatible with it.
    • Includes the non-security updates released on April 25 as a preview. Same new features as in Windows 10's preview update.

    Other security updates

    2023-05 Cumulative Security Update for Internet Explorer (KB5026366)

    2023-05 Cumulative Update for Windows 10 Version 1507 for x86-based Systems (KB5026382)

    2023-05 Cumulative Update for Windows 10 Version 22H2, Windows 10 Version 21H2, and Windows 10 Version 20H2 (KB5026361)

    Server

    2023-05 Cumulative Update for Windows Server 2016 and Windows 10 Version 1607 (KB5026363)

    2023-05 Cumulative Update for Windows Server 2019 and Windows 10 Version 1809 (KB5026362)

    2023-05 Security Monthly Quality Rollup for Windows Server 2008 (KB5026408)

    2023-05 Security Only Quality Update for Windows Server 2008 (KB5026427)

    2023-05 Security Monthly Quality Rollup for Windows Embedded Standard 7 and Windows Server 2008 R2 (KB5026413)

    2023-05 Security Only Quality Update for Windows Embedded Standard 7 and Windows Server 2008 R2 (KB5026426)

    2023-05 Security Only Quality Update for Windows Embedded 8 Standard and Windows Server 2012 (KB5026411)

    2023-05 Security Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012 (KB5026419)

    2023-05 Security Only Quality Update for Windows Embedded 8.1 and Windows Server 2012 R2 (KB5026409)

    2023-05 Security Monthly Quality Rollup for Windows Embedded 8.1 and Windows Server 2012 R2 (KB5026415)

    2023-05 Cumulative security Hotpatch for Azure Stack HCI, version 21H2 and Windows Server 2022 Datacenter: Azure Edition for x64-based Systems (KB5026456)

    2023-05 Cumulative Update for Microsoft server operating system version 21H2 and Microsoft server operating system, version 22H2 for x64-based Systems (KB5026370)

    Known Issues


    Windows 10 versions 21H2 and 22H2

    • (Old) Custom installations may not receive the new Microsoft Edge web browser, while the old version may be removed.

    Windows 11 version 21H2

    • (Old) Some Windows devices with third-party user interface customizations may not start up after installing this update or future updates.
      • Microsoft recommends uninstalling the third-party UI customization applications before installing this update, or updating them, if updates are available. Check out our support article for additional information on the issue.

    Windows 11 version 22H2

    • (New) Some applications may "have intermittent issues with speech recognition, expressive input, and handwriting when using Chinese or Japanese languages".
      • To mitigate the issue, do the following: close the app that is having the issues, then open Task Manager and end the ctfrmon.exe process. The app should now be ready for use again.
    • (Old) Provisioning packages may not work as expected. Windows may only be configured partially and the " Out Of Box Experience might not finish or might restart unexpectedly".
      • Provisioning the Windows device before upgrading to Windows 11 version 22H2 fixes the issue.
    Security advisories and updates

    Non-security updates


    Microsoft Office Updates

    You find Office update information here.

    How to download and install the May 2023 security updates


    Microsoft patches several critical security issues on the May 2023 Windows Patch Day windows-security-updates-may-2023.png

    Most Windows Home devices are updated automatically once the monthly security updates are released. The checking process does not happen in real-time, and some administrators may want to install the security updates as early as possible.

    This can be done either by running a manual check for updates or downloading the updates manually to install them after the download completes.

    Do the following to run a manual check for updates:

    1. Select Start, type Windows Update and load the Windows Update item that is displayed.
    2. Select check for updates to run a manual check for updates.
    Direct update downloads


    Below are resource pages with direct download links, if you prefer to download the updates to install them manually.

    Windows 10 Version 21H2

    • KB5026361 -- 2023-05 Cumulative Update for Windows 10 Version 21H2

    Windows 10 version 22H2

    • KB5026361 -- 2023-05 Cumulative Update for Windows 10 Version 21H2

    Windows 11 Release version

    • KB5026368 -- 2023-05 Cumulative Update for Windows 11
    Windows 11 version 22H2
    • KB5026372 -- 2023-05 Cumulative Update for Windows 11 version 22H2
    Additional resources


    Thank you for being a Ghacks reader. The post Microsoft patches several critical security issues on the May 2023 Windows Patch Day appeared first on gHacks Technology News.

    read more...
     
    GHacks, May 9, 2023
    #1
  2. qubit Win User

    Jan 10th Patch Tuesday: 7 Patches On The Way

    Microsoft has just released their Security Bulletin Advance Notification for January 2012. This is pre-release information about the Windows patches due to be rolled out on Microsoft Update on Tuesday 10th January. In it, there is one critical and six important updates. There are three remote code execution patches (one critical); two information disclosures and one privilege escalation. There is also one "security feature bypass", which is interesting, because it's not a description seen before. It's not hard to get an idea of what this fixes, but we await the release of the official bulletins for the full description of what security feature is fixed.

    All versions of Windows have patches coming up, but some of those patches don't apply to particular versions of Windows and the notification lists which Windows version gets which bulletin/patch. At the same time, Microsoft is releasing an updated version of it's Windows Malicious Software Removal Tool. Full details here
     
    qubit, May 9, 2023
    #2
  3. D_o_S Win User
    Microsoft issues new patches

    Microsoft Corp. has released its security software patches for April, addressing an unpatched bug in the Internet Explorer browser that hackers had been exploiting for several weeks.

    As expected, the company released five patches, called "updates" in Microsoft parlance, addressing a number of critical vulnerabilities in IE and the Windows operating system. Microsoft also released an update for Outlook Express, rated "important," and a fix for Windows FrontPage Server Extensions and SharePoint Team Services 2002, rated "moderate."

    Source: Computerworld
     
    D_o_S, May 9, 2023
    #3
  4. Microsoft patches several critical security issues on the May 2023 Windows Patch Day

    I did not receive all updates on "patch Tuesday" for March 14, 2023. Was this the case for anyone else?

    Please check out the list of updates released on March 14 'Patch Tuesday'.

    March 2023 Security Updates - Release Notes - Security Update Guide - Microsoft: Security Update Guide - Microsoft Security Response Center

    Only one update was released for Windows 10/11 on that day, the Quality Update. The March 2023 .NET Framework Security Update hasn't been released yet. But, as far as I know, the .NET Framework security updates don't necessarily release on Patch Tuesdays.
     
    Ramesh Srinivasan, May 9, 2023
    #4
Thema:

Microsoft patches several critical security issues on the May 2023 Windows Patch Day

Loading...
  1. Microsoft patches several critical security issues on the May 2023 Windows Patch Day - Similar Threads - Microsoft patches several

  2. Microsoft Patch Update Issue

    in Windows 10 Gaming
    Microsoft Patch Update Issue: Hi, Please make me learn something about patch update. As on my SIEM my windows agent give me critical alert for not installing the following updateKB4011715 patch is not installed KB5029244 patch is not installed KB5022282 patch is not installed KB5021233 patch is not...
  3. Microsoft Patch Update Issue

    in Windows 10 Software and Apps
    Microsoft Patch Update Issue: Hi, Please make me learn something about patch update. As on my SIEM my windows agent give me critical alert for not installing the following updateKB4011715 patch is not installed KB5029244 patch is not installed KB5022282 patch is not installed KB5021233 patch is not...
  4. Microsoft Patch Update Issue

    in AntiVirus, Firewalls and System Security
    Microsoft Patch Update Issue: Hi, Please make me learn something about patch update. As on my SIEM my windows agent give me critical alert for not installing the following updateKB4011715 patch is not installed KB5029244 patch is not installed KB5022282 patch is not installed KB5021233 patch is not...
  5. The Windows July 2023 security updates are here and they patch critical issues

    in Windows 10 News
    The Windows July 2023 security updates are here and they patch critical issues: Microsoft released security updates for client and server versions of its Windows operating system today. The security updates address vulnerabilities in all supported versions of Windows and are available via Windows Update and other update management systems. Our overview...
  6. The Windows June 2023 security patches are here and address these issues

    in Windows 10 News
    The Windows June 2023 security patches are here and address these issues: It is the second Tuesday of the month, and that means that Microsoft has released security updates for the Windows operating system, Microsoft Office and other company products. The Windows updates are available already and will be distributed on most Home systems via...
  7. Time to Patch: Microsoft released security patch for actively exploited issue

    in Windows 10 News
    Time to Patch: Microsoft released security patch for actively exploited issue: Microsoft released security updates for Windows yesterday on the March 2023 Patch Day. Among the patched security updates, several of which are rated critical by Microsoft, is a security issue that is exploited actively in the wild. The issue was reported by Google's Threat...
  8. Printnightmare security patch

    in AntiVirus, Firewalls and System Security
    Printnightmare security patch: Hello. Looking for help finding and downloading this security patch. I have WIN 7 HOME PREMIUM 64 bit SP1. While searching, thought I found it. There were 2 options for download: XLSX MICROSOFT EXCEL & CSV COMMA VALUE. None of this means anything to me. Maybe I was in the...
  9. Security Patch

    in AntiVirus, Firewalls and System Security
    Security Patch: Hi All, How to download the KB4049411 and KB4033631 in Microsoft catalog? If we select "Check for Update" , these two patches are showing , but in Microsoft catalog mentioned KB's are not shown....
  10. Microsoft change location of some security updates May Patch Tuesday

    in Windows 10 News
    Microsoft change location of some security updates May Patch Tuesday: Microsoft is going to cease its current practice of making all security updates available from both the Microsoft Download Center and the Microsoft Update Catalog. In a very brief April 29 blog post, company officials noted the coming change, which takes effect next...