Microsoft Issues Patches for 97 Flaws, Including Active Ransomware Exploit

0
967
Microsoft Issues Patches for 97 Flaws, Including Active Ransomware Exploit


Apr 12, 2023Ravie LakshmananPatch Tuesday / Software Updates

Microsoft Issues Patches for 97 Flaws, Including Active Ransomware Exploit

It’s the second Tuesday of the month, and Microsoft has launched one other set of safety updates to repair a complete of 97 flaws impacting its software program, one among which has been actively exploited in ransomware assaults within the wild.

Seven of the 97 bugs are rated Critical and 90 are rated Important in severity. Interestingly, 45 of the shortcomings are distant code execution flaws, adopted by 20 elevation of privilege vulnerabilities. The updates additionally comply with fixes for 26 vulnerabilities in its Edge browser that have been launched over the previous month.

The safety flaw that is come underneath lively exploitation is CVE-2023-28252 (CVSS rating: 7.8), a privilege escalation bug within the Windows Common Log File System (CLFS) Driver.

“An attacker who efficiently exploited this vulnerability may achieve SYSTEM privileges,” Microsoft mentioned in an advisory, crediting researchers Boris Larin, Genwei Jiang, and Quan Jin for reporting the problem.

CVE-2023-28252 is the fourth privilege escalation flaw within the CLFS element that has come underneath lively abuse previously 12 months alone after CVE-2022-24521, CVE-2022-37969, and CVE-2023-23376 (CVSS scores: 7.8). At least 32 vulnerabilities have been recognized in CLFS since 2018.

According to Russian cybersecurity agency Kaspersky, the vulnerability has been weaponized by a cybercrime group to deploy Nokoyawa ransomware towards small and medium-sized companies within the Middle East, North America, and Asia.

“CVE-2023-28252 is an out-of-bounds write (increment) vulnerability that may be exploited when the system makes an attempt to increase the metadata block,” Larin mentioned. “The vulnerability will get triggered by the manipulation of the bottom log file.”

In gentle of ongoing exploitation of the flaw, CISA added the Windows zero-day to its catalog of Known Exploited Vulnerabilities (KEV), ordering Federal Civilian Executive Branch (FCEB) companies to safe their programs by May 2, 2023.

Active Ransomware Exploit

Also patched are important distant code execution flaws impacting DHCP Server Service, Layer 2 Tunneling Protocol, Raw Image Extension, Windows Point-to-Point Tunneling Protocol, Windows Pragmatic General Multicast, and Microsoft Message Queuing (MSMQ).

The MSMQ bug, tracked as CVE-2023-21554 (CVSS rating: 9.8) and dubbed QueueJumper by Check Point, may result in unauthorized code execution and take over a server by sending a specifically crafted malicious MSMQ packet to an MSMQ server.

“The CVE-2023-21554 vulnerability permits an attacker to doubtlessly execute code remotely and with out authorization by reaching the TCP port 1801,” Check Point researcher Haifei Li mentioned. “In different phrases, an attacker may achieve management of the method via only one packet to the 1801/tcp port with the exploit, triggering the vulnerability.”

Two different flaws found in MSMQ, CVE-2023-21769 and CVE-2023-28302 (CVSS scores: 7.5), might be exploited to trigger a denial-of-service (DoS) situation corresponding to a service crash and Windows Blue Screen of Death (BSoD).

UPCOMING WEBINAR

Learn to Secure the Identity Perimeter – Proven Strategies

Improve what you are promoting safety with our upcoming expert-led cybersecurity webinar: Explore Identity Perimeter methods!

Don’t Miss Out – Save Your Seat!

Microsoft has additionally up to date its advisory for CVE-2013-3900, a WinVerifyTrust signature validation vulnerability, to incorporate the next Server Core set up variations –

  • Windows Server 2008 for 32-bit Systems Service Pack 2
  • Windows Server 2008 for x65-based Systems Service Pack 2
  • Windows Server 2008 R2 for x64-based Systems Service 1
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows Server 2016
  • Windows Server 2019, and
  • Windows Server 2022

The improvement comes as North Korea-linked menace actors have been noticed leveraging the flaw to include encrypted shellcode into respectable libraries with out invalidating the Microsoft-issued signature.

Software Patches from Other Vendors

In addition to Microsoft, safety updates have additionally been launched by different distributors in the previous couple of weeks to rectify a number of vulnerabilities, together with —

Found this text fascinating? Follow us on Twitter and LinkedIn to learn extra unique content material we put up.

LEAVE A REPLY

Please enter your comment!
Please enter your name here