For May 2023 Patch Tuesday, Microsoft has delivered fixes for 38 CVE-numbered vulnerabilities, including a patch for a Windows bug (CVE-2023-29336) and a Secure Boot bypass flaw (CVE-2023-24932) exploited by attackers in the wild. The two exploited bugs (CVE-2023-29336, CVE-2023-24932) CVE-2023-29336 is a vulnerability that allows attackers to gain SYSTEM privileges. Flagged by researchers with AV maker Avast, it seems probable that it’s being exploited to deliver malware. Microsoft has offered no details about the … More

The post Microsoft fixes two actively exploited bugs, one used by BlackLotus bootkit (CVE-2023-29336, CVE-2023-24932) appeared first on Help Net Security.