CVE-2023-29325
published 2023-05-09CVE-2023-29325: Windows OLE Remote Code Execution Vulnerability Windows OLE Remote Code Execution Vulnerability
high7.5CVSS 3.1
AVNACHPRNUIRSUCHIHAH
EPSS
84.39%
99.7th percentile
Windows OLE Remote Code Execution Vulnerability
Windows OLE Remote Code Execution Vulnerability
Affected
31 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10_version_1507 | >= 10.0.10240.0 < 10.0.10240.19926 | 10.0.10240.19926 |
| microsoft | windows_10_version_1607 | >= 10.0.14393.0 < 10.0.14393.5921 | 10.0.14393.5921 |
| microsoft | windows_10_version_1809 | >= 10.0.0 < 10.0.17763.4377 | 10.0.17763.4377 |
| microsoft | windows_10_version_1809 | >= 10.0.17763.0 < 10.0.17763.4377 | 10.0.17763.4377 |
| microsoft | windows_10_version_20h2 | >= 10.0.0 < 10.0.19042.2965 | 10.0.19042.2965 |
| microsoft | windows_10_version_21h2 | >= 10.0.19043.0 < 10.0.19044.2965 | 10.0.19044.2965 |
| microsoft | windows_10_version_22h2 | >= 10.0.19045.0 < 10.0.19045.2965 | 10.0.19045.2965 |
| microsoft | windows_11_version_21h2 | >= 10.0.0 < 10.0.22000.1936 | 10.0.22000.1936 |
| microsoft | windows_11_version_22h2 | >= 10.0.22621.0 < 10.0.22621.1702 | 10.0.22621.1702 |
| microsoft | windows_server_2008_r2_service_pack_1 | >= 6.1.7601.0 < 6.1.7601.26519 | 6.1.7601.26519 |
| microsoft | windows_server_2008_service_pack_2 | >= 6.0.6003.0 < 6.0.6003.22070 | 6.0.6003.22070 |
| microsoft | windows_server_2012 | >= 6.2.9200.0 < 6.2.9200.24266 | 6.2.9200.24266 |
| microsoft | windows_server_2012_r2 | >= 6.3.9600.0 < 6.3.9600.20969 | 6.3.9600.20969 |
| microsoft | windows_server_2016 | >= 10.0.14393.0 < 10.0.14393.5921 | 10.0.14393.5921 |
| microsoft | windows_server_2019 | >= 10.0.17763.0 < 10.0.17763.4377 | 10.0.17763.4377 |
| microsoft | windows_server_2022 | >= 10.0.20348.0 < 10.0.20348.1726 | 10.0.20348.1726 |
| msrc | windows_10 | — | — |
| msrc | windows_10_version_1607 | — | — |
| msrc | windows_10_version_1809 | — | — |
| msrc | windows_10_version_20h2 | — | — |
| msrc | windows_10_version_21h2 | — | — |
| msrc | windows_10_version_22h2 | — | — |
| msrc | windows_11_version_21h2 | — | — |
| msrc | windows_11_version_22h2 | — | — |
| msrc | windows_server_2008 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The Outlook Preview Pane is a confirmed attack vector — flag/alert on RTF or specially crafted emails rendered in the Preview Pane without user opening the message. ↗
- →Exploitation requires winning a race condition plus additional environment preparation steps — look for repeated/rapid OLE object rendering attempts or unusual pre-exploitation activity preceding Outlook crashes or code execution. ↗
- →Check Point IPS signature available for network-level detection of CVE-2023-29325 exploitation attempts. ↗
- →CVE-2023-29325 is publicly disclosed (not yet exploited in the wild at patch time) but rated 'Exploitation More Likely' — prioritize detection of Outlook-based OLE object handling anomalies. ↗
- ·Workaround: configuring Outlook to read all email in plain text format mitigates the Preview Pane attack vector, but causes loss of pictures, specialized fonts, animations, and other rich content; pictures become attachments. ↗
- ·The workaround applies to both the preview pane and open messages; the message remains in Rich Text or HTML format in the store, so custom code solutions (object model) may behave unexpectedly. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
cvelistv58.1HIGH
vendor_msrc8.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Windows OLE Remote Code Execution Vulnerability
vendor_msrc·2023-05-09·CVSS 8.1
CVE-2023-29325 [HIGH] CWE-416 Windows OLE Remote Code Execution Vulnerability
Windows OLE Remote Code Execution Vulnerability
FAQ: Is the Preview Pane an attack vector for this vulnerability?
Yes, the Preview Pane is an attack vector.
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to win a race condition and also to take additional actions prior to exploitation to prepare the target environment.
FAQ: How could an attacker exploit the vulnerability?
In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted email to the victim. Exploitation of the vulnerability might involve either a victim opening a specially crafted email with an affected version of Microsoft Outlook software, or a
CVEList
Windows OLE Remote Code Execution Vulnerability
cvelistv5·2023-05-09·CVSS 8.1
CVE-2023-29325 [HIGH] CWE-416 Windows OLE Remote Code Execution Vulnerability
Windows OLE Remote Code Execution Vulnerability
Windows OLE Remote Code Execution Vulnerability
No detection rules found.
No public exploits indexed.
Checkpoint
15th May – Threat Intelligence Report
blogs_checkpoint·2023-05-15
CVE-2023-29325 15th May – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 15th May – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 15th May, please download our Threat_Intelligence Bulletin
TOP ATTACKS AND BREACHES
The Swedish-Swiss multinational automation company ABB has been a victim of a ransomware attack conducted by the Russian Black Basta ransomware group. The threat actors have attacked the company’s Windows Active Directory, affecting hundreds of devices. To prevent the spread of ransomware to its customers, ABB terminated VPN connec
Krebs
Microsoft Patch Tuesday, May 2023 Edition
blogs_krebs·2023-05-10·CVSS 6.7
CVE-2023-29336 [MEDIUM] Microsoft Patch Tuesday, May 2023 Edition
Microsoft today released software updates to fix at least four dozen security holes in its Windows operating systems and other software, including patches for two zero-day vulnerabilities that are already being exploited in active attacks.
First up in May’s zero-day flaws is CVE-2023-29336 , which is an “elevation of privilege” weakness in Windows which has a low attack complexity, requires low privileges, and no user interaction. However, as the SANS Internet Storm Center points out , the attack vector for this bug is local.
“Local Privilege escalation vulnerabilities are a key part of attackers’ objectives,” said Kevin Breen , director of cyber threat research at Immersive Labs . “Once they gain initial access they will seek administrative or SYSTEM-level permissions. This can allow th
Krebs
Microsoft Patch Tuesday, May 2023 Edition
blogs_krebs·2023-05-10·CVSS 6.7
CVE-2023-29336 [MEDIUM] Microsoft Patch Tuesday, May 2023 Edition
Microsoft today released software updates to fix at least four dozen security holes in its Windows operating systems and other software, including patches for two zero-day vulnerabilities that are already being exploited in active attacks.
First up in May’s zero-day flaws is CVE-2023-29336, which is an “elevation of privilege” weakness in Windows which has a low attack complexity, requires low privileges, and no user interaction. However, as the SANS Internet Storm Center points out, the attack vector for this bug is local.
“Local Privilege escalation vulnerabilities are a key part of attackers’ objectives,” said Kevin Breen, director of cyber threat research at Immersive Labs. “Once they gain initial access they will seek administrative or SYSTEM-level permissions. This can allow the at
Talos
Microsoft Patch Tuesday for May 2023 — Fewest vulnerabilities disclosed in a month in three-plus years
blogs_talos·2023-05-09·CVSS 9.8
[CRITICAL] Microsoft Patch Tuesday for May 2023 — Fewest vulnerabilities disclosed in a month in three-plus years
## Microsoft Patch Tuesday for May 2023 — Fewest vulnerabilities disclosed in a month in three-plus years
Microsoft disclosed 40 vulnerabilities across its suite of products and software Tuesday, the fewest the company’s included in a Patch Tuesday since December 2019.
However, two of the vulnerabilities is being actively exploited in the wild, according to Microsoft, the fourth month in a row in which this is the case for the monthly roundup of security issues.
In all, this Patch Tuesday includes seven critical vulnerabilities and 33 that are considered “important.”
One of the zero-day vulnerabilities included this month is CVE-2023-29336 , an elevation of privilege vulnerability in the Win32k kernel mode driver. An adversary could exploit this vulnerability to gain SYSTEM privileges.
Qualys
Microsoft and Adobe Patch Tuesday, May 2023 Security Update Review
blogs_qualys·2023-05-09
Microsoft and Adobe Patch Tuesday, May 2023 Security Update Review
## Table of Contents
Microsoft Patch Tuesday for May 2023
Adobe Patches for May 2023
Zero-day Vulnerabilities Patched in May Patch Tuesday Edition
Other Critical Severity Vulnerabilities Patched in May Patch Tuesday Edition
Other Microsoft Vulnerability Highlights
Microsoft Release Summary
Discover and Prioritize Vulnerabilities in Vulnerability Management, Detection & Response (VMDR)
Rapid Response with Patch Management (PM)
EVALUATE Vendor-Suggested Mitigation with Policy Compliance (PC)
EXECUTE Mitigation Using Qualys Custom Assessment and Remediation (CAR)
Qualys Monthly Webinar Series
This Month in Vulnerabilities & Patches
Microsoft has addressed 49 vulnerabilities in its May Patch Tuesday edition. The security advisories cover various vulnerabilities in different produc
Talos
Microsoft Patch Tuesday for May 2023 — Fewest vulnerabilities disclosed in a month in three-plus years
blogs_talos·2023-05-09·CVSS 9.8
[CRITICAL] Microsoft Patch Tuesday for May 2023 — Fewest vulnerabilities disclosed in a month in three-plus years
Microsoft disclosed 40 vulnerabilities across its suite of products and software Tuesday, the fewest the company’s included in a Patch Tuesday since December 2019.
However, two of the vulnerabilities is being actively exploited in the wild, according to Microsoft, the fourth month in a row in which this is the case for the monthly roundup of security issues.
In all, this Patch Tuesday includes seven critical vulnerabilities and 33 that are considered “important.”
One of the zero-day vulnerabilities included this month is CVE-2023-29336, an elevation of privilege vulnerability in the Win32k kernel mode driver. An adversary could exploit this vulnerability to gain SYSTEM privileges.
The most serious vulnerability disclosed Tuesday is CVE-2023-24941, a remote code execution vulnerability
Qualys
Microsoft Patch Tuesday, May 2023 Security Update Review | Qualys
blogs_qualys·2023-05-09
Microsoft Patch Tuesday, May 2023 Security Update Review | Qualys
#### Table of Contents
- Microsoft Patch Tuesday for May 2023
- Adobe Patches for May 2023
- Zero-day Vulnerabilities Patched in May Patch Tuesday Edition
- Other Critical Severity Vulnerabilities Patched in May Patch Tuesday Edition
- Other Microsoft Vulnerability Highlights
- Microsoft Release Summary
- Discover and Prioritize Vulnerabilities in Vulnerability Management, Detection & Response (VMDR)
- Rapid Response with Patch Management (PM)
- EVALUATE Vendor-Suggested Mitigation with Policy Compliance (PC)
- EXECUTE Mitigation Using Qualys Custom Assessment and Remediation (CAR)
- Qualys Monthly Webinar Series
- This Month in Vulnerabilities & Patches
Microsoft has addressed 49 vulnerabilities in its May Patch Tuesday edition. The security advisories cover various vulnerabilities in d
Tenable
Microsoft’s May 2023 Patch Tuesday Addresses 38 CVEs (CVE-2023-29336)
blogs_tenable·2023-05-09·CVSS 7.8
[HIGH] Microsoft’s May 2023 Patch Tuesday Addresses 38 CVEs (CVE-2023-29336)
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Huntress
What Is a Race Condition? Types, Causes & Security Impact | Huntress
blogs_huntress
What Is a Race Condition? Types, Causes & Security Impact | Huntress
## Table of Contents
What is a Race Condition?
What Causes Race Conditions?
Types of Race Conditions
Why Do Race Conditions Matter in Cybersecurity?
Real-World Examples of Race Conditions
How to Detect Race Conditions
Best Practices for Mitigating Race Conditions
Frequently Asked Questions (FAQs)
## What is a race condition?
A race condition occurs when the outcome of a program or process depends on the timing or sequence of multiple threads or processes that are accessing and modifying shared resources. This lack of proper synchronization creates unpredictable behavior, which can lead to security vulnerabilities, data inconsistencies, and system instability.
## Example breakdown
Imagine two threads in a banking system trying to withdraw from the same account balance. Without p
Crowdstrike
May 2023 Patch Tuesday: Updates and Analysis
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] May 2023 Patch Tuesday: Updates and Analysis
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand ATT&CK in 10 Minutes or Less [VI
2023-05-09
Published