Security News > 2023 > April > Microsoft patches zero-day exploited by attackers (CVE-2023-28252)

Microsoft patches zero-day exploited by attackers (CVE-2023-28252)
2023-04-11 19:11

It's April 2023 Patch Tuesday, and Microsoft has released fixes for 97 CVE-numbered vulnerabilities, including one actively exploited zero-day.

"CVE-2023-28252 is the second CLFS elevation of privilege zero-day exploited in the wild this year and the fourth in the last two years. It is also the second CLFS zero-day disclosed to Microsoft by researchers from Mandiant and DBAPPSecurity, though it is unclear if both of these discoveries are related to the same attacker."

Dustin Childs, head of threat awareness at Trend Micro Inc.'s Zero Day Initiative, has posited that the February fix might have been insufficient and that attackers may have found a method to bypass that fix - though there's not enough information available to confirm this.

CVE-2023-21554 is a critical remote code execution vulnerability in the Microsoft Message Queuing service.

Child also made sure to point out Microsoft's republishing of CVE-2013-3900, an old WinVerifyTrust Signature Validation vulnerability that has recently been exploited by attackers in the 3CX supply chain attack.

"An anonymous attacker could exploit the vulnerability by modifying an existing signed executable file to leverage unverified portions of the file in such a way as to add malicious code to the file without invalidating the signature. An attacker who successfully exploited this vulnerability could take complete control of an affected system," Microsoft noted, and said it does not plan to enforce the stricter verification behavior as a default functionality on supported releases of Microsoft Windows.


News URL

https://www.helpnetsecurity.com/2023/04/11/cve-2023-28252/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-04-11 CVE-2023-28252 Out-of-bounds Write vulnerability in Microsoft products
Windows Common Log File System Driver Elevation of Privilege Vulnerability
0.0
2023-04-11 CVE-2023-21554 Unspecified vulnerability in Microsoft products
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
0.0
2013-12-11 CVE-2013-3900 Improper Verification of Cryptographic Signature vulnerability in Microsoft products
Why is Microsoft republishing a CVE from 2013? We are republishing CVE-2013-3900 in the Security Update Guide to update the Security Updates table and to inform customers that the EnableCertPaddingCheck is available in all currently supported versions of Windows 10 and Windows 11.
network
low complexity
microsoft CWE-347
8.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 365 50 1369 2819 161 4399