Microsoft has released another set of security updates to fix a total of 97 flaws impacting its software, one of which has been actively exploited in ransomware attacks in the wild.
Seven of the 97 bugs are rated Critical and 90 are rated Important in severity. Interestingly, 45 of the shortcomings are remote code execution flaws, followed by 20 elevation of privilege vulnerabilities.
The security flaw that’s come under active exploitation is CVE-2023-28252 (CVSS score: 7.8), a privilege escalation bug in the Windows Common Log File System (CLFS) Driver.
“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” Microsoft said in an advisory, crediting researchers Boris Larin, Genwei Jiang, and Quan Jin for reporting the issue.
CVE-2023-28252 is the fourth privilege escalation flaw in the CLFS component that has come under active abuse in the past year alone after CVE-2022-24521, CVE-2022-37969, and CVE-2023-23376 (CVSS scores: 7.8). At least 32 vulnerabilities have been identified in CLFS since 2018.
“Automox recommends patch deployment within 24 hours since this is an actively exploited zero-day,” Geisel said in emailed comments to Dark Reading.
Researchers identified two of the critical vulnerabilities in April’s batch as needing immediate action. One of them is CVE-2023-21554.
The bug affects Microsoft Message Queuing (MSMQ) technology and gives attackers a way to gain RCE by sending a specially crafted MSMQ packet to a MSMQ server. The vulnerability affects Windows 10, 11, and Server 2008-2022 systems that have the message queuing feature enabled on their systems.
Microsoft has also updated its advisory for CVE-2013-3900, a WinVerifyTrust signature validation vulnerability, to include the following Server Core installation versions –
- Windows Server 2008 for 32-bit Systems Service Pack 2
- Windows Server 2008 for x65-based Systems Service Pack 2
- Windows Server 2008 R2 for x64-based Systems Service 1
- Windows Server 2012
- Windows Server 2012 R2
- Windows Server 2016
- Windows Server 2019, and
- Windows Server 2022
The other critical vulnerability that needs immediate fixing is CVE-2023-28231, a RCE bug in the DHCP Server service. Microsoft has assessed the bug as another issue that attackers are more likely to try and weaponize.