Security News > 2023 > April > Urgent: Microsoft Issues Patches for 97 Flaws, Including Active Ransomware Exploit
It's the second Tuesday of the month, and Microsoft has released another set of security updates to fix a total of 97 flaws impacting its software, one of which has been actively exploited in ransomware attacks in the wild.
"An attacker who successfully exploited this vulnerability could gain SYSTEM privileges," Microsoft said in an advisory, crediting researchers Boris Larin, Genwei Jiang, and Quan Jin for reporting the issue.
According to Russian cybersecurity firm Kaspersky, the vulnerability has been weaponized by a cybercrime group to deploy Nokoyawa ransomware against small and medium-sized businesses in the Middle East, North America, and Asia.
In light of ongoing exploitation of the flaw, CISA added the Windows zero-day to its catalog of Known Exploited Vulnerabilities, ordering Federal Civilian Executive Branch agencies to secure their systems by May 2, 2023.
Microsoft has also updated its advisory for CVE-2013-3900, a WinVerifyTrust signature validation vulnerability, to include the following Server Core installation versions -.
In addition to Microsoft, security updates have also been released by other vendors in the last few weeks to rectify several vulnerabilities, including -.
- Microsoft SQL servers hacked to deploy Trigona ransomware (source)
- Fortra Sheds Light on GoAnywhere MFT Zero-Day Exploit Used in Ransomware Attacks (source)
- Microsoft: Clop ransomware gang behind PaperCut server hacks (source)
- Microsoft: Clop and LockBit ransomware behind PaperCut server hacks (source)
- Microsoft Confirms PaperCut Servers Used to Deliver LockBit and Cl0p Ransomware (source)
- New Ransomware Strain 'CACTUS' Exploits VPN Flaws to Infiltrate Networks (source)
- Microsoft: Notorious FIN7 hackers return in Clop ransomware attacks (source)
- New Buhti ransomware uses leaked payloads and public exploits (source)
|2013-12-11||CVE-2013-3900|| Improper Input Validation vulnerability in Microsoft products |
The WinVerifyTrust function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate PE file digests during Authenticode signature verification, which allows remote attackers to execute arbitrary code via a crafted PE file, aka "WinVerifyTrust Signature Validation Vulnerability."
| 0.0 |