Microsoft Points Patches for 97 Flaws, Together with Lively Ransomware Exploit

Apr 12, 2023Ravie LakshmananPatch Tuesday / Software program Updates

It is the second Tuesday of the month, and Microsoft has launched one other set of safety updates to repair a total of 97 flaws impacting its software program, one among which has been actively exploited in ransomware assaults within the wild.

Seven of the 97 bugs are rated Essential and 90 are rated Vital in severity. Curiously, 45 of the shortcomings are distant code execution flaws, adopted by 20 elevation of privilege vulnerabilities. The updates additionally comply with fixes for 26 vulnerabilities in its Edge browser that had been launched over the previous month.

The safety flaw that is come underneath lively exploitation is CVE-2023-28252 (CVSS rating: 7.8), a privilege escalation bug within the Home windows Frequent Log File System (CLFS) Driver.

“An attacker who efficiently exploited this vulnerability might achieve SYSTEM privileges,” Microsoft stated in an advisory, crediting researchers Boris Larin, Genwei Jiang, and Quan Jin for reporting the problem.

CVE-2023-28252 is the fourth privilege escalation flaw within the CLFS part that has come underneath lively abuse prior to now yr alone after CVE-2022-24521, CVE-2022-37969, and CVE-2023-23376 (CVSS scores: 7.8). A minimum of 32 vulnerabilities have been recognized in CLFS since 2018.

In keeping with Russian cybersecurity agency Kaspersky, the vulnerability has been weaponized by a cybercrime group to deploy Nokoyawa ransomware towards small and medium-sized companies within the Center East, North America, and Asia.

“CVE-2023-28252 is an out-of-bounds write (increment) vulnerability that may be exploited when the system makes an attempt to increase the metadata block,” Larin said. “The vulnerability will get triggered by the manipulation of the bottom log file.”

In gentle of ongoing exploitation of the flaw, CISA added the Home windows zero-day to its catalog of Recognized Exploited Vulnerabilities (KEV), ordering Federal Civilian Government Department (FCEB) businesses to safe their programs by Might 2, 2023.

Additionally patched are crucial distant code execution flaws impacting DHCP Server Service, Layer 2 Tunneling Protocol, Uncooked Picture Extension, Home windows Level-to-Level Tunneling Protocol, Home windows Pragmatic Normal Multicast, and Microsoft Message Queuing (MSMQ).

The MSMQ bug, tracked as CVE-2023-21554 (CVSS rating: 9.8) and dubbed QueueJumper by Test Level, might result in unauthorized code execution and take over a server by sending a specifically crafted malicious MSMQ packet to an MSMQ server.

“The CVE-2023-21554 vulnerability permits an attacker to probably execute code remotely and with out authorization by reaching the TCP port 1801,” Test Level researcher Haifei Li said. “In different phrases, an attacker might achieve management of the method by way of only one packet to the 1801/tcp port with the exploit, triggering the vulnerability.”

Two different flaws found in MSMQ, CVE-2023-21769 and CVE-2023-28302 (CVSS scores: 7.5), could possibly be exploited to trigger a denial-of-service (DoS) situation resembling a service crash and Home windows Blue Display screen of Loss of life (BSoD).

Microsoft has additionally up to date its advisory for CVE-2013-3900, a WinVerifyTrust signature validation vulnerability, to incorporate the next Server Core set up variations –

• Home windows Server 2008 for 32-bit Programs Service Pack 2
• Home windows Server 2008 for x65-based Programs Service Pack 2
• Home windows Server 2008 R2 for x64-based Programs Service 1
• Home windows Server 2012
• Home windows Server 2012 R2
• Home windows Server 2016
• Home windows Server 2019, and
• Home windows Server 2022

The event comes as North Korea-linked menace actors have been noticed leveraging the flaw to include encrypted shellcode into professional libraries with out invalidating the Microsoft-issued signature.

Software program Patches from Different Distributors

Along with Microsoft, safety updates have additionally been launched by different distributors in the previous few weeks to rectify a number of vulnerabilities, together with —