It is the second day of the month, and Microsoft is rolling out its latest security updates for various products, including Windows, as part of Patch Tuesday.
For anyone not on a proactive fully managed IT support contract, you’ll need to complete these patch updates manually to get protected from the current vulnerabilities Microsoft has identified, or if you’re in IT, we know it’s painful doing manual updates. Eitherway, give us a shout, we can do it for you.
It is crucial to prioritize and address the critical vulnerabilities and actively exploited bugs to secure your business's network and protect against potential cyberattacks.
The April Patch Tuesday covers a total of 97 vulnerabilities, with one zero-day vulnerability that has been actively exploited by cybercriminals.
The update addresses seven "critical" flaws that require immediate attention, including 45 remote code execution (RCE) vulnerabilities, 20 elevation of privilege (EoP) vulnerabilities, 10 information disclosure bugs, nine denial of service (DoS) bugs, eight security feature bypass vulnerabilities, and six spoofing bugs.
One of the critical vulnerabilities that Microsoft addressed is CVE-2023-21554, an RCE flaw that affects servers with Microsoft's Message Queuing (MSMQ) service enabled. CVE-2023-21554 is a high-risk vulnerability with a severity rating of 9.8 out of 10 and has been categorized as "exploitation more likely."
Microsoft has also addressed a zero-day vulnerability, identified as CVE-2023-28252, that has been actively exploited in malicious attacks. This vulnerability affects the Windows Common Log File System (CLFS) Driver and allows attackers to elevate their privileges to SYSTEM, the highest level in Windows.
The CVE-2023-28252 vulnerability has been assigned a CVSSv3 score of 7.8 and is a post-compromise vulnerability that can only be exploited by an attacker who has already gained access to a vulnerable target.
According to security researchers, the Nokoyawa ransomware has been deployed using this security flaw. Moreover, the CVE-2023-28252 vulnerability marks the second time this year that a CLFS elevation of privilege zero-day bug has been exploited in the wild.
Microsoft also addressed multiple RCE vulnerabilities in Office, Word, and Publisher, which can be triggered by opening a malicious document. These vulnerabilities have been identified as CVE-2023-28285, CVE-2023-28295, CVE-2023-28287, and CVE-2023-28311.
In addition to the security updates Microsoft has also made an announcement regarding Exchange Server 2013. The company has declared that Exchange Server 2013 has now reached its end of life, and will no longer receive any further security updates. To help customers with the decommissioning process, Microsoft has released guidance on how to upgrade to a newer version of Exchange Server.
Original article can be found here https://www.computing.co.uk/news/4111947/patch-tuesday-microsoft-fixes-actively-exploited-zero-day-seven-critical-flaws
