Once a month, in the middle of the Patch Tuesday release cycle, the Readiness teams publishes an update on Microsoft related patches, out of band  (OOB) releases and republished CVE vulnerability documentation. This note is intended as a informal brief on recent changes and may reflect a dynamic or rapidly changing situation.

For the month of May 2023, this posting will include the following areas:

  • Resolved issues
  • Reported issues
  • Updated CVE entries
  • Scheduled Out-of-band (OOB) releases

Resolved Issues

As there were not any reported issues with the previous May Microsoft Patch Tuesday release,  we do not have any resolved issues to add for this section as of writing.

Reported Issues

This section deals with reported issues from Microsoft sources only. There may be plenty of problems reported in the media, which the Readiness will investigate but may not include in this brief:

  • After installing the past May 2023 update, some apps might have intermittent issues with speech recognition, expressive input, and handwriting when using Chinese or Japanese languages. Microsoft is working on a resolution, and we expect an update soon.
  • You might have intermittent issues saving, or copying, or attaching files using 32-bit apps which are large address aware and using the CopyFile API. Windows devices are more likely to be affected by this issue when using some commercial/enterprise security software which uses extended file attributes.
  • After installing “Update for Microsoft Defender Antivirus antimalware platform – KB5007651 “, you might receive a security notification or warning stating that “Local Security protection is off. Your device may be vulnerable.” and once protections are enabled, your Windows device might persistently prompt that a restart is required.

Microsoft is working on a resolution for all three of these reported issues and we expect an update soon. You can find an updated status  of these reported issues on the Microsoft Health dashboard here.  You can also follow @WindowsUpdate on Twitter for Windows release health updates.

Updated Microsoft CVE Entries

Over the past few weeks since the last Patch Tuesday cycle, Microsoft periodically updates their release documentation as published by CVE entries. Here is a Windows focussed list of updates and revisions from the previous update cycle:

  • CVE-2023-24953 Microsoft Excel Remote Code Execution Vulnerability. Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
  • CVE-2023-29344: Microsoft Office Remote Code Execution Vulnerability. Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.

Scheduled Out-of-band (OOB) releases.

At the time of writing there are no planned or documented Out of band releases scheduled for May from Microsoft.

Greg Lambert