KB5027231: Patch Tuesday comes with Security updates for you

Patch Tuesday updates are here and they focus on security.

Reading time icon 13 min. read


Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

Key notes

  • 73 CVEs are addressed in the update, ranging from moderate to critical.
  • Chrome and GitHub vulnerabilities are also addressed.
  • You can now download and install the KB5027231 release on your Windows 11. 
KB5027231

It’s that time of the month again. You guessed it. Patch Tuesday has arrived with some important security updates for Windows 11.

According to the Redmond-based tech giant, the KB5027231 specifically addresses security issues on your Windows 11, including improving on KB5026446‘s features on security.

It’s worth noting that this update focuses on no less than 73 CVEs that are either critical to moderate, and also offers support to 22 non-Microsoft CVEs, especially for Chrome and GitHub.

Fortunately, none of them is actively exploited at the moment, so you can catch your breath if you haven’t updated your Windows 11.

KB5027231: Here’s the complete list of CVEs Microsoft addressed on Patch Tuesday

Some of the most important CVEs addressed in this security update focus on critical CVEs that attack Visual Studio’s Net Framework, as well as Microsoft SharePoint Servers.

There is a particular CVE that is highly prone to attacks, CVE-2023-32013, and it concerns Windows Hyper-V Denial of Service, so you might want to update your system if it’s in your target.KB5027231

Here’s the complete list of CVEs Microsoft addressed on Patch Tuesday.

TagCVEBase ScoreCVSS VectorExploitabilityFAQs?Workarounds?Mitigations?
Azure DevOpsCVE-2023-215657.1CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Azure DevOpsCVE-2023-215695.5CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
.NET and Visual StudioCVE-2023-248957.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Microsoft DynamicsCVE-2023-248965.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
.NET and Visual StudioCVE-2023-248977.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
.NET and Visual StudioCVE-2023-249368.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows CryptoAPICVE-2023-249376.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:CExploitation Less LikelyNoNoNo
Windows CryptoAPICVE-2023-249386.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:CExploitation Less LikelyNoNoNo
Microsoft Exchange ServerCVE-2023-283108.0CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation More LikelyYesNoNo
.NET FrameworkCVE-2023-293267.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
.NET CoreCVE-2023-293317.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:CExploitation Less LikelyNoNoNo
NuGet ClientCVE-2023-293377.1CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Microsoft Edge (Chromium-based)CVE-2023-293456.1CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows NTFSCVE-2023-293467.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows Group PolicyCVE-2023-293518.1CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Remote Desktop ClientCVE-2023-293526.5CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
SysInternalsCVE-2023-293535.5CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows DHCP ServerCVE-2023-293555.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:CExploitation Less LikelyYesNoYes
Microsoft Office SharePointCVE-2023-293579.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation More LikelyYesNoYes
Windows GDICVE-2023-293587.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation More LikelyYesNoNo
Windows Win32KCVE-2023-293597.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation More LikelyYesNoNo
Windows TPM Device DriverCVE-2023-293607.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation More LikelyYesNoNo
Windows Cloud Files Mini Filter DriverCVE-2023-293617.0CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation More LikelyYesNoNo
Remote Desktop ClientCVE-2023-293628.8CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows PGMCVE-2023-293639.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoYes
Windows Authentication MethodsCVE-2023-293647.0CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:CExploitation Less LikelyYesNoNo
Microsoft Windows Codecs LibraryCVE-2023-293657.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows Geolocation ServiceCVE-2023-293667.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows OLECVE-2023-293677.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows FilteringCVE-2023-293687.0CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows Remote Procedure Call RuntimeCVE-2023-293696.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:CExploitation Less LikelyNoNoNo
Microsoft Windows Codecs LibraryCVE-2023-293707.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows Win32KCVE-2023-293717.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation More LikelyYesNoNo
Microsoft WDAC OLE DB provider for SQLCVE-2023-293728.8CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows ODBC DriverCVE-2023-293738.8CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows Resilient File System (ReFS)CVE-2023-320087.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows Collaborative Translation FrameworkCVE-2023-320098.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows Bus Filter DriverCVE-2023-320107.0CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows iSCSICVE-2023-320117.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:CExploitation Less LikelyNoNoNo
Windows Container Manager ServiceCVE-2023-320126.3CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows Hyper-VCVE-2023-320136.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows PGMCVE-2023-320149.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoYes
Windows PGMCVE-2023-320159.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoYes
Windows InstallerCVE-2023-320165.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Microsoft Printer DriversCVE-2023-320177.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows HelloCVE-2023-320187.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows KernelCVE-2023-320194.7CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Role: DNS ServerCVE-2023-320203.7CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows SMBCVE-2023-320217.1CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoYes
Windows Server ServiceCVE-2023-320227.6CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoYes
Microsoft Power AppsCVE-2023-320243.0CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Microsoft Office ExcelCVE-2023-320297.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
.NET and Visual StudioCVE-2023-320307.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:CExploitation Less LikelyNoNoNo
Microsoft Exchange ServerCVE-2023-320318.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation More LikelyYesNoNo
.NET and Visual StudioCVE-2023-320326.5CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H/E:P/RL:O/RC:CExploitation Less LikelyYesNoNo
.NET and Visual StudioCVE-2023-331267.3CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:CExploitation Less LikelyYesNoNo
.NET and Visual StudioCVE-2023-331278.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:CExploitation Less LikelyYesNoNo
.NET and Visual StudioCVE-2023-331287.3CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:CExploitation Less LikelyYesNoNo
Microsoft Office SharePointCVE-2023-331296.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Microsoft Office SharePointCVE-2023-331307.3CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Microsoft Office OutlookCVE-2023-331318.8CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Microsoft Office SharePointCVE-2023-331326.3CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Microsoft Office ExcelCVE-2023-331337.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
.NET and Visual StudioCVE-2023-331357.3CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:CExploitation Less LikelyYesNoNo
Microsoft Office ExcelCVE-2023-331377.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Visual StudioCVE-2023-331395.5CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:CExploitation Less LikelyYesNoNo
Microsoft Office OneNoteCVE-2023-331406.5CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
ASP .NETCVE-2023-331417.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:CExploitation Less LikelyNoNoNo
Microsoft Office SharePointCVE-2023-331426.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Microsoft Edge (Chromium-based)CVE-2023-331437.5CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Visual Studio CodeCVE-2023-331445.0CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:CExploitation Less LikelyYesNoNo
Microsoft Edge (Chromium-based)CVE-2023-331456.5CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Microsoft OfficeCVE-2023-331467.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo

On the other hand, the updates also add support for Bluetooth Low Energy audio. If you remember, this particular feature will let you use your wireless Bluetooth headphones much longer while providing the same audio quality.

The technology doesn’t take a lot of your devices’ battery, allowing for a sustainable way to enjoy your music, podcasts, and whatever you’re listening to.

Here’s the list of the other improvements coming to Windows 11 with this new update.

Improvements

  • This update addresses a known issue that affects 32-bit apps that are large address aware and use the CopyFile API. You might have issues when you save, copy, or attach files. If you use some commercial or enterprise security software that uses extended file attributes, this issue will likely affect you. For Microsoft Office apps, this issue only affects the 32-bit versions. You might receive the error, “Document not saved.” 
  • This update addresses a compatibility issue. The issue occurs because of unsupported use of the registry.
  • This update addresses an issue that affects the Windows Kernel. This issue is related to CVE-2023-32019. To learn more, see KB5028407.

What do you think about these Patch Tuesday updates? Be sure to let us know in the comments section below.

More about the topics: Windows 11, Windows Update

User forum

0 messages