Security News > 2023 > April > Microsoft patches zero-day exploited by attackers (CVE-2023-28252)

Microsoft patches zero-day exploited by attackers (CVE-2023-28252)
2023-04-11 19:11

It's April 2023 Patch Tuesday, and Microsoft has released fixes for 97 CVE-numbered vulnerabilities, including one actively exploited zero-day.

"CVE-2023-28252 is the second CLFS elevation of privilege zero-day exploited in the wild this year and the fourth in the last two years. It is also the second CLFS zero-day disclosed to Microsoft by researchers from Mandiant and DBAPPSecurity, though it is unclear if both of these discoveries are related to the same attacker."

Dustin Childs, head of threat awareness at Trend Micro Inc.'s Zero Day Initiative, has posited that the February fix might have been insufficient and that attackers may have found a method to bypass that fix - though there's not enough information available to confirm this.

CVE-2023-21554 is a critical remote code execution vulnerability in the Microsoft Message Queuing service.

Child also made sure to point out Microsoft's republishing of CVE-2013-3900, an old WinVerifyTrust Signature Validation vulnerability that has recently been exploited by attackers in the 3CX supply chain attack.

"An anonymous attacker could exploit the vulnerability by modifying an existing signed executable file to leverage unverified portions of the file in such a way as to add malicious code to the file without invalidating the signature. An attacker who successfully exploited this vulnerability could take complete control of an affected system," Microsoft noted, and said it does not plan to enforce the stricter verification behavior as a default functionality on supported releases of Microsoft Windows.


News URL

https://www.helpnetsecurity.com/2023/04/11/cve-2023-28252/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-04-11 CVE-2023-28252 Out-of-bounds Write vulnerability in Microsoft products
Windows Common Log File System Driver Elevation of Privilege Vulnerability
local
low complexity
microsoft CWE-787
7.8
2023-04-11 CVE-2023-21554 Unspecified vulnerability in Microsoft products
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
network
low complexity
microsoft
critical
9.8
2013-12-11 CVE-2013-3900 Improper Input Validation vulnerability in Microsoft products
The WinVerifyTrust function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate PE file digests during Authenticode signature verification, which allows remote attackers to execute arbitrary code via a crafted PE file, aka "WinVerifyTrust Signature Validation Vulnerability."
0.0

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 706 781 4550 4600 3628 13559