Выпустил эпизод про майский Microsoft Patch Tues­day. Первые впечатления оказались вполне верными. Добавил ещё 4 уязвимости, которые выглядят многообещающе, расширил описание и указал на пару странностей в EPSS.

———

Hel­lo every­one! This episode will be about Microsoft Patch Tues­day for May 2023, includ­ing vul­ner­a­bil­i­ties that were added between April and May Patch Tues­days. As usu­al, I use my open source Vul­ris­tics project to analyse and pri­or­i­tize vul­ner­a­bil­i­ties. I took the com­ments about the vul­ner­a­bil­i­ties from the Qualys, Ten­able, Rapid7, ZDI Patch Tues­day reviews. It's been a long time since we've had such tiny Patch Tues­day. 57 CVEs, includ­ing CVEs appeared dur­ing the month. And only 38 with­out them! 😄

Urgent
00:45 Mem­o­ry Cor­rup­tion – Microsoft Edge (CVE-2023–2033)

Crit­i­cal
01:17 Secu­ri­ty Fea­ture Bypass – Secure Boot (CVE-2023–24932)
02:55 Mem­o­ry Cor­rup­tion – Microsoft Edge (CVE-2023–2136)

High
03:11 Remote Code Exe­cu­tion – Win­dows OLE (CVE-2023–29325)
04:20 Ele­va­tion of Priv­i­lege – Win­dows Win32k (CVE-2023–29336)
05:19 Remote Code Exe­cu­tion – Win­dows Net­work File Sys­tem (CVE-2023–24941)
06:07 Remote Code Exe­cu­tion – Win­dows Prag­mat­ic Gen­er­al Mul­ti­cast (PGM) (CVE-2023–24943)
06:58 Remote Code Exe­cu­tion – Win­dows Light­weight Direc­to­ry Access Pro­to­col (LDAP) (CVE-2023–28283)
07:31 Remote Code Exe­cu­tion – Microsoft Share­Point (CVE-2023–24955)

🎞 Video
🎞 Video2 (for Rus­sia)
📘 Blog­post
🗒 Vul­ris­tics report