Microsoft released its monthly Patch Tuesday security updates designed to fix nearly 40 security flaws in the Windows OS and other software, including two zero-day vulnerabilities exploited in the wild.
One of the zero-days is CVE-2023-29336, a buffer overflow issue within the Win32k driver, which can be abused by a local user for code execution with SYSTEM privileges. The issue affects systems running Windows 10 and Windows Server 2008, 2012, and 2016.
The second zero-day is CVE-2023-24932, a Secure Boot bypass in Windows. An attacker with physical access to the system or a local user with Administrative rights can bypass Secure Boot.
According to reports, this vulnerability was used by a threat actor to install the BlackLotus UEFI bootkit. Microsoft released instructions last month on how to detect BlackLotus UEFI bootkit infections.
“The security update addresses the vulnerability by updating the Windows Boot Manager, but is not enabled by default. Additional steps are required at this time to mitigate the vulnerability,” Microsoft noted in a security advisory.
Other noteworthy security issues addressed in this month’s Patch Tuesday include remote code execution bugs in Microsoft Windows OLE, Microsoft Office, Exel, Microsoft Remote Desktop Client, Windows Network File System, Windows SSTP, AV1 Video Extension, and Windows LDAP.