Microsoft fixed 3 zero-day vulnerabilities with its latest Patch Tuesday patches, among a total of 38 fixes. A small number of bugs this time, but Microsoft promises to make future deployments easier for IT admins.
Two of the zero-day vulnerabilities have been actively exploited to attack systems, Microsoft announced. First, CVE-2023-29336, which makes privilege escalation possible. In other words, without the new patch, this vulnerability allows attackers to give themselves more permissions within an IT environment. That’s not what you want if you’re responsible for maintaining a good security posture.
The second zero-day that was patched will cause more problems for administrators, TechTarget reports. CVE-2023-24932 evades the Secure Boot feature. An attacker needs physical access or admin rights to use it along with the BlackLotus bootkit, but then a hacker can inject code at the UEFI level. The patch does not fix this problem in its entirety. Fresh bootable media is required to update the boot manager. Microsoft provides more details about this on its own website.
Microsoft says it will provide an easier deployment on July’s Patch Tuesday. Admins still have their work cut out for them now, though. They can’t wait two more months to patch this vulnerability completely. So they have to follow the described steps.
The third vulnerability, CVE-2023-29325, is not known to have been exploited. It involves remote code execution in Windows Object Linking & Embedding.
Can Autopatch be an alternative?
Microsoft has an offering that makes it easier for IT admins to keep up with security: Windows Autopatch. This feature automatically keeps software up-to-date and makes it easier to use new services in an existing IT environment. Ultimately, all this takes away a lot of work for admins, who can focus on other tasks.
However, only Microsoft 365 Enterprise E3 and E5 customers benefit from this when combined with Azure Active Directory Premium and Microsoft Intune. So this doesn’t solve the problem for everyone.
If an organization doesn’t or can’t use Autopatch in its environment, this particular Patch Tuesday may have been light in the number of patches, but does create (a lot of) extra admin work. This is quite common, by the way. For example, last December’s security update caused server failures.
Also read: Microsoft is about to launch Autopatch, an alternative to Patch Tuesday