Headline
Update now! April’s Patch Tuesday includes a fix for one zero-day
Categories: Exploits and vulnerabilities Categories: News Tags: Microsoft
Tags: Apple
Tags: Google
Tags: Adobe
Tags: Cisco
Tags: SAP
Tags: Mozilla
Tags: CVE-2023-28252
Tags: CVE-2023-28231
Tags: CVE-2023-21554
Tags: Word
Tags: Publisher
Tags: Office
One fixed vulnerability is being actively exploited by a ransomware gang and many others were fixed in this month’s Patch Tuesday updates.
(Read more…)
The post Update now! April’s Patch Tuesday includes a fix for one zero-day appeared first on Malwarebytes Labs.
Posted: April 12, 2023 by
It’s Patch Tuesday again. Microsoft and other vendors have released their monthly updates. Among a total of 97 patched vulnerabilities there is one actively exploited zero-day.
Microsoft classifies a vulnerability as a zero-day if it is publicly disclosed or actively exploited with no official fix available. The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. The actively exploited zero day is listed as CVE-2023-28252.
CVE-2023-28252 is an elevation of privilege (EoP) vulnerability in the Windows Common Log File System (CLFS) driver. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges, which is the highest level of privilege on Windows systems. This is the type of vulnerability that we can expect to see chained with other vulnerabilities. Once an attacker has access, EoP vulnerabilities allow them to exploit that access to the fullest.
CISA has already added the CVE-2023-28252 Windows zero-day to its catalog of Known Exploited Vulnerabilities, which means federal (FCEB) agencies have until May 2, 2023 to patch against it.
Given the reach and simplicity of exploitation, this vulnerability is bound to be very popular among cybercriminals, and so it should be patched as soon as possible. CLFS is present in all Windows versions and so is the vulnerability. Exploitation does not require any user interaction and the vulnerability is already in use by at least one ransomware gang.
Another vulnerability to keep an eye on is CVE-2023-28231, a DHCP Server Service remote code execution (RCE) vulnerability. It is rated as critical with a CVSS score of 8.8 out of 10. Even though the attacker would need access to the network to successfully exploit this vulnerability, Microsoft has it listed as “Exploitation more likely.”
Another one that Microsoft deems more likely to be exploited is CVE-2023-21554, an RCE vulnerability in Microsoft Message Queuing (MSMQ) with a CVSS score of 9.8 out of 10. To exploit this vulnerability, an attacker would need to send a specially crafted malicious MSMQ packet to a MSMQ server. This could result in remote code execution on the server side.
A few others we can expect to see, especially in the form of email attachments, are several RCE vulnerabilities in Microsoft Office, Word, and Publisher [2]. All these vulnerabilities require the user to open a malicious file. So this is something we can typically expect to see a lot in phishing campaigns.
Other vendors
Other vendors have synchronized their periodic updates with Microsoft. Here are few major ones that you may find in your environment.
Adobe has released security updates for several products:
- Digital Editions
- InCopy
- Acrobat and Reader
- Substance 3D Stager
- Dimension
- Substance 3D Designer
Apple released emergency updates for two known-to-be-exploited vulnerabilities.
Cisco released security updates for multiple products.
Google has released updates for the Chrome browser and for Android.
Mozilla has released security advisories for vulnerabilities affecting multiple Mozilla products:
- Firefox 112, Firefox for Android 112, Focus for Android 112
- Firefox ESR 102.10
- Thunderbird 102.10
SAP has released its April 2023 updates.
Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.
TRY NOW
RELATED ARTICLES
Related news
This Metasploit module checks the provided hosts for the CVE-2023-21554 vulnerability by sending a MSMQ message with an altered DataLength field within the SRMPEnvelopeHeader that overflows the given buffer. On patched systems, the error is caught and no response is sent back. On vulnerable systems, the integer wraps around and depending on the length could cause an out-of-bounds write. In the context of this module a response is sent back, which indicates that the system is vulnerable.
A recently patched security flaw impacting VMware ESXi hypervisors has been actively exploited by "several" ransomware groups to gain elevated permissions and deploy file-encrypting malware. The attacks involve the exploitation of CVE-2024-37085 (CVSS score: 6.8), an Active Directory integration authentication bypass that allows an attacker to obtain administrative access to the host. "A
The banking malware known as Carbanak has been observed being used in ransomware attacks with updated tactics. "The malware has adapted to incorporate attack vendors and techniques to diversify its effectiveness," cybersecurity firm NCC Group said in an analysis of ransomware attacks that took place in November 2023. "Carbanak returned last month through new
A privilege escalation vulnerability exists in the clfs.sys driver which comes installed by default on Windows 10 21H2, Windows 11 21H2 and Windows Server 20348 operating systems. This Metasploit module exploit makes use to two different kinds of specially crafted .blf files.
By Deeba Ahmed Researchers at the AI-powered Security solutions provider, FortiGuard Labs, have been monitoring Microsoft Message Queuing (MSMQ) service for… This is a post from HackRead.com Read the original post: Critical Flaws Exposed Microsoft Message Queuing Service to DoS Attacks
A predictable patch cadence is nice, but the software giant can do more.
Hello everyone! This episode will be about Microsoft Patch Tuesday for April 2023, including vulnerabilities that were added between February and March Patch Tuesdays. As usual, I use my open source Vulristics project to analyse and prioritize vulnerabilities. I took the comments about the vulnerabilities from the Qualys, Tenable, Rapid7, ZDI Patch Tuesday reviews. And this is […]
Hello everyone! This episode and will be about latest news in my Vulristics project. EPSS v3 The third iteration of the Exploit Prediction Scoring System (EPSS) was released in March. It is stated that EPSS has become 82% better. There is a pretty cool and detailed article about the changes. For example, EPSS Team began to analyze not 16 parameters […]
Microsoft zero-days, dark web forum takedowns and Pentagon leaks on Discord in this week's newsletter.
It's the second Tuesday of the month, and Microsoft has released another set of security updates to fix a total of 97 flaws impacting its software, one of which has been actively exploited in ransomware attacks in the wild. Seven of the 97 bugs are rated Critical and 90 are rated Important in severity. Interestingly, 45 of the shortcomings are remote code execution flaws, followed by 20
It's the second Tuesday of the month, and Microsoft has released another set of security updates to fix a total of 97 flaws impacting its software, one of which has been actively exploited in ransomware attacks in the wild. Seven of the 97 bugs are rated Critical and 90 are rated Important in severity. Interestingly, 45 of the shortcomings are remote code execution flaws, followed by 20
Microsoft today released software updates to plug 100 security holes in its Windows operating systems and other software, including a zero-day vulnerability that is already being used in active attacks. Not to be outdone, Apple has released a set of important updates addressing two zero-day vulnerabilities that are being used to attack iPhones, iPads and Macs.
Microsoft today released software updates to plug 100 security holes in its Windows operating systems and other software, including a zero-day vulnerability that is already being used in active attacks. Not to be outdone, Apple has released a set of important updates addressing two zero-day vulnerabilities that are being used to attack iPhones, iPads and Macs.
The April 2023 Patch Tuesday security update also included a reissue of a fix for a 10-year-old bug that a threat actor recently exploited in the supply chain attack on 3CX.
DHCP Server Service Remote Code Execution Vulnerability
Microsoft Message Queuing Remote Code Execution Vulnerability
Windows Common Log File System Driver Elevation of Privilege Vulnerability
April is the third month in a row in which at least one of the vulnerabilities Microsoft released in a Patch Tuesday had been exploited in the wild prior to disclosure.
April is the third month in a row in which at least one of the vulnerabilities Microsoft released in a Patch Tuesday had been exploited in the wild prior to disclosure.
April is the third month in a row in which at least one of the vulnerabilities Microsoft released in a Patch Tuesday had been exploited in the wild prior to disclosure.