It really is the next Tuesday of the thirty day period, and Microsoft has unveiled yet another set of security updates to deal with a total of 97 flaws impacting its software, a person of which has been actively exploited in ransomware assaults in the wild.
7 of the 97 bugs are rated Critical and 90 are rated Crucial in severity. Curiously, 45 of the shortcomings are distant code execution flaws, followed by 20 elevation of privilege vulnerabilities. The updates also adhere to fixes for 26 vulnerabilities in its Edge browser that ended up introduced in excess of the past month.
The security flaw that’s come below energetic exploitation is CVE-2023-28252 (CVSS rating: 7.8), a privilege escalation bug in the Windows Typical Log File Method (CLFS) Driver.
“An attacker who properly exploited this vulnerability could gain Method privileges,” Microsoft explained in an advisory, crediting scientists Boris Larin, Genwei Jiang, and Quan Jin for reporting the issue.
CVE-2023-28252 is the fourth privilege escalation flaw in the CLFS component that has occur underneath lively abuse in the previous 12 months alone after CVE-2022-24521, CVE-2022-37969, and CVE-2023-23376 (CVSS scores: 7.8). At minimum 32 vulnerabilities have been determined in CLFS given that 2018.
According to Russian cybersecurity company Kaspersky, the vulnerability has been weaponized by a cybercrime group to deploy Nokoyawa ransomware towards smaller and medium-sized organizations in the Center East, North The usa, and Asia.
“CVE-2023-28252 is an out-of-bounds publish (increment) vulnerability that can be exploited when the process makes an attempt to extend the metadata block,” Larin explained. “The vulnerability receives triggered by the manipulation of the foundation log file.”
In gentle of ongoing exploitation of the flaw, CISA additional the Windows zero-working day to its catalog of Recognised Exploited Vulnerabilities (KEV), ordering Federal Civilian Government Branch (FCEB) organizations to secure their units by May perhaps 2, 2023.
Also patched are critical distant code execution flaws impacting DHCP Server Support, Layer 2 Tunneling Protocol, Uncooked Graphic Extension, Windows Level-to-Stage Tunneling Protocol, Windows Pragmatic Standard Multicast, and Microsoft Information Queuing (MSMQ).
The MSMQ bug, tracked as CVE-2023-21554 (CVSS rating: 9.8) and dubbed QueueJumper by Check Stage, could guide to unauthorized code execution and take above a server by sending a specifically crafted destructive MSMQ packet to an MSMQ server.
“The CVE-2023-21554 vulnerability makes it possible for an attacker to probably execute code remotely and with out authorization by reaching the TCP port 1801,” Test Position researcher Haifei Li explained. “In other phrases, an attacker could obtain control of the method by means of just one particular packet to the 1801/tcp port with the exploit, triggering the vulnerability.”
Two other flaws found in MSMQ, CVE-2023-21769 and CVE-2023-28302 (CVSS scores: 7.5), could be exploited to lead to a denial-of-services (DoS) condition these kinds of as a support crash and Windows Blue Display of Dying (BSoD).
Future WEBINARLearn to Safe the Identity Perimeter – Established Tactics
Increase your organization security with our approaching specialist-led cybersecurity webinar: Explore Identification Perimeter approaches!
Never Skip Out โ Help you save Your Seat!
Microsoft has also up to date its advisory for CVE-2013-3900, a WinVerifyTrust signature validation vulnerability, to consist of the adhering to Server Main set up variations –
- Windows Server 2008 for 32-bit Units Services Pack 2
- Windows Server 2008 for x65-primarily based Systems Provider Pack 2
- Windows Server 2008 R2 for x64-centered Methods Assistance 1
- Windows Server 2012
- Windows Server 2012 R2
- Windows Server 2016
- Windows Server 2019, and
- Windows Server 2022
The growth arrives as North Korea-connected risk actors have been observed leveraging the flaw to include encrypted shellcode into reputable libraries with out invalidating the Microsoft-issued signature.
Application Patches from Other Sellers
In addition to Microsoft, security updates have also been introduced by other vendors in the very last handful of months to rectify quite a few vulnerabilities, such as โ
- Adobe
- AMD
- Android
- Apache Projects
- Apple
- Arm
- Aruba Networks
- Cisco
- Citrix
- CODESYS
- Dell
- Drupal
- F5
- Fortinet
- GitLab
- Google Chrome
- HP
- IBM
- Jenkins
- Juniper Networks
- Lenovo
- Linux distributions Debian, Oracle Linux, Purple Hat, SUSE, and Ubuntu
- MediaTek
- Mozilla Firefox, Firefox ESR, and Thunderbird
- NETGEAR
- NVIDIA
- Palo Alto Networks
- Qualcomm
- Samba
- Samsung
- SAP
- Schneider Electric
- Siemens
- SonicWall, and
- Sophos
Observed this posting interesting? Stick to us on Twitter ๏ and LinkedIn to study more unique articles we submit.
Some parts of this article are sourced from:
thehackernews.com