• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
urgent: microsoft issues patches for 97 flaws, including active ransomware

Urgent: Microsoft Issues Patches for 97 Flaws, Including Active Ransomware Exploit

You are here: Home / General Cyber Security News / Urgent: Microsoft Issues Patches for 97 Flaws, Including Active Ransomware Exploit
April 12, 2023

It’s the next Tuesday of the month, and Microsoft has unveiled yet another set of security updates to repair a full of 97 flaws impacting its computer software, one particular of which has been actively exploited in ransomware attacks in the wild.

7 of the 97 bugs are rated Critical and 90 are rated Significant in severity. Interestingly, 45 of the shortcomings are remote code execution flaws, followed by 20 elevation of privilege vulnerabilities. The updates also stick to fixes for 26 vulnerabilities in its Edge browser that were being unveiled more than the previous thirty day period.

The security flaw that is arrive beneath lively exploitation is CVE-2023-28252 (CVSS rating: 7.8), a privilege escalation bug in the Windows Common Log File Process (CLFS) Driver.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


“An attacker who correctly exploited this vulnerability could acquire System privileges,” Microsoft claimed in an advisory, crediting researchers Boris Larin, Genwei Jiang, and Quan Jin for reporting the issue.

CVE-2023-28252 is the fourth privilege escalation flaw in the CLFS part that has arrive under active abuse in the past yr by itself soon after CVE-2022-24521, CVE-2022-37969, and CVE-2023-23376 (CVSS scores: 7.8). At least 32 vulnerabilities have been identified in CLFS due to the fact 2018.

In accordance to Russian cybersecurity company Kaspersky, the vulnerability has been weaponized by a cybercrime team to deploy Nokoyawa ransomware versus smaller and medium-sized organizations in the Middle East, North The united states, and Asia.

“CVE-2023-28252 is an out-of-bounds produce (increment) vulnerability that can be exploited when the program makes an attempt to lengthen the metadata block,” Larin claimed. “The vulnerability gets induced by the manipulation of the base log file.”

In mild of ongoing exploitation of the flaw, CISA included the Windows zero-working day to its catalog of Regarded Exploited Vulnerabilities (KEV), ordering Federal Civilian Executive Department (FCEB) organizations to secure their devices by Might 2, 2023.

Active Ransomware Exploit

Also patched are critical remote code execution flaws impacting DHCP Server Support, Layer 2 Tunneling Protocol, Raw Picture Extension, Windows Stage-to-Issue Tunneling Protocol, Windows Pragmatic Normal Multicast, and Microsoft Information Queuing (MSMQ).

The MSMQ bug, tracked as CVE-2023-21554 (CVSS rating: 9.8) and dubbed QueueJumper by Verify Stage, could guide to unauthorized code execution and take around a server by sending a specifically crafted destructive MSMQ packet to an MSMQ server.

“The CVE-2023-21554 vulnerability lets an attacker to possibly execute code remotely and without having authorization by reaching the TCP port 1801,” Look at Place researcher Haifei Li claimed. “In other terms, an attacker could gain regulate of the approach by just a single packet to the 1801/tcp port with the exploit, triggering the vulnerability.”

Two other flaws discovered in MSMQ, CVE-2023-21769 and CVE-2023-28302 (CVSS scores: 7.5), could be exploited to lead to a denial-of-company (DoS) ailment these types of as a assistance crash and Windows Blue Screen of Loss of life (BSoD).

Approaching WEBINARLearn to Secure the Identity Perimeter – Tested Tactics

Enhance your enterprise security with our upcoming professional-led cybersecurity webinar: Examine Identity Perimeter tactics!

Don’t Skip Out – Save Your Seat!

Microsoft has also updated its advisory for CVE-2013-3900, a WinVerifyTrust signature validation vulnerability, to involve the subsequent Server Main installation variations –

  • Windows Server 2008 for 32-bit Units Services Pack 2
  • Windows Server 2008 for x65-based Programs Assistance Pack 2
  • Windows Server 2008 R2 for x64-based Methods Services 1
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows Server 2016
  • Windows Server 2019, and
  • Windows Server 2022

The development arrives as North Korea-linked danger actors have been observed leveraging the flaw to include encrypted shellcode into genuine libraries with no invalidating the Microsoft-issued signature.

Software program Patches from Other Distributors

In addition to Microsoft, security updates have also been launched by other distributors in the past several months to rectify various vulnerabilities, which include —

  • Adobe
  • AMD
  • Android
  • Apache Tasks
  • Apple
  • Arm
  • Aruba Networks
  • Cisco
  • Citrix
  • CODESYS
  • Dell
  • Drupal
  • F5
  • Fortinet
  • GitLab
  • Google Chrome
  • HP
  • IBM
  • Jenkins
  • Juniper Networks
  • Lenovo
  • Linux distributions Debian, Oracle Linux, Red Hat, SUSE, and Ubuntu
  • MediaTek
  • Mozilla Firefox, Firefox ESR, and Thunderbird
  • NETGEAR
  • NVIDIA
  • Palo Alto Networks
  • Qualcomm
  • Samba
  • Samsung
  • SAP
  • Schneider Electric powered
  • Siemens
  • SonicWall, and
  • Sophos

Found this write-up attention-grabbing? Comply with us on Twitter  and LinkedIn to read through extra distinctive material we post.


Some areas of this write-up are sourced from:
thehackernews.com

Previous Post: «lazarus sub group labyrinth chollima uncovered as mastermind in 3cx supply Lazarus Sub-Group Labyrinth Chollima Uncovered as Mastermind in 3CX Supply Chain Attack
Next Post: Microsoft Fixes Zero-Day Bug This Patch Tuesday Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • BREAKING: 7,000-Device Proxy Botnet Using IoT, EoL Systems Dismantled in U.S. – Dutch Operation
  • OtterCookie v4 Adds VM Detection and Chrome, MetaMask Credential Theft Capabilities
  • Initial Access Brokers Target Brazil Execs via NF-e Spam and Legit RMM Trials
  • Deploying AI Agents? Learn to Secure Them Before Hackers Strike Your Business
  • Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials
  • Beyond Vulnerability Management – Can You CVE What I CVE?
  • Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android
  • Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell
  • 38,000+ FreeDrain Subdomains Found Exploiting SEO to Steal Crypto Wallet Seed Phrases
  • SonicWall Patches 3 Flaws in SMA 100 Devices Allowing Attackers to Run Code as Root

Copyright © TheCyberSecurity.News, All Rights Reserved.