Security News > 2023 > April > Microsoft patches zero-day exploited by attackers (CVE-2023-28252)
It's April 2023 Patch Tuesday, and Microsoft has released fixes for 97 CVE-numbered vulnerabilities, including one actively exploited zero-day.
"CVE-2023-28252 is the second CLFS elevation of privilege zero-day exploited in the wild this year and the fourth in the last two years. It is also the second CLFS zero-day disclosed to Microsoft by researchers from Mandiant and DBAPPSecurity, though it is unclear if both of these discoveries are related to the same attacker."
Dustin Childs, head of threat awareness at Trend Micro Inc.'s Zero Day Initiative, has posited that the February fix might have been insufficient and that attackers may have found a method to bypass that fix - though there's not enough information available to confirm this.
CVE-2023-21554 is a critical remote code execution vulnerability in the Microsoft Message Queuing service.
Child also made sure to point out Microsoft's republishing of CVE-2013-3900, an old WinVerifyTrust Signature Validation vulnerability that has recently been exploited by attackers in the 3CX supply chain attack.
"An anonymous attacker could exploit the vulnerability by modifying an existing signed executable file to leverage unverified portions of the file in such a way as to add malicious code to the file without invalidating the signature. An attacker who successfully exploited this vulnerability could take complete control of an affected system," Microsoft noted, and said it does not plan to enforce the stricter verification behavior as a default functionality on supported releases of Microsoft Windows.
News URL
https://www.helpnetsecurity.com/2023/04/11/cve-2023-28252/
Related news
- Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws (source)
- Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572) (source)
- Week in review: Microsoft fixes two exploited zero-days, SOC teams are losing trust in security tools (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws (source)
- Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039) (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-11 | CVE-2023-28252 | Out-of-bounds Write vulnerability in Microsoft products Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
| 2023-04-11 | CVE-2023-21554 | Unspecified vulnerability in Microsoft products Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 9.8 |
| 2013-12-11 | CVE-2013-3900 | Improper Input Validation vulnerability in Microsoft products The WinVerifyTrust function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate PE file digests during Authenticode signature verification, which allows remote attackers to execute arbitrary code via a crafted PE file, aka "WinVerifyTrust Signature Validation Vulnerability." | 0.0 |