The Microsoft Security Response Center (MSRC) investigates all reports of security vulnerabilities affecting Microsoft products and services. Microsoft has released another set of security updates to fix 97 flaws affecting its software and one vulnerability acting as a backdoor for ransomware attacks.
The analysis revealed that seven vulnerabilities are critical, and 90 had a rating of important in severity. Further details have also revealed that remote code execution flaws contributed to 45 vulnerabilities, while the elevation of privilege vulnerabilities contributed to 20.
According to a statement by Microsoft identifying Boris Larin, Genwei Jiang, and Quan Jin;
“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.” CVE-2023-28252 (CVSS score: 7.8), which happens to be a privilege escalation bug in the Windows Common Log File System (CLFS) Driver, is the exploited security flaw.
Details about CVE-2023-28252 showed it is the fourth privilege escalation flaw in the CLFS component regularly abused after CVE-2022-24521, CVE-2022-37969, and CVE-2023-23376 (CVSS scores: 7.8) in the past year. Reports from 2018 showed over 32 vulnerabilities in CLFS.
According to Larin, “CVE-2023-28252 is an out-of-bounds write (increment) vulnerability that can be exploited when the system attempts to extend the metadata block. The vulnerability gets triggered by the manipulation of the base log file.”
A cybercrime group has reportedly taken advantage of a vulnerability that has been weaponized, allowing them to deploy Nokoyawa ransomware on small and medium-sized businesses in North America, Asia, and the Middle East. In response, CISA has taken action to maximize security against active exploitation. They directed Federal Civilian Executive Branch (FCEB) agencies to ensure their systems are fully secure by May 2, 2023. They added the Windows zero-day to their Known Exploited Vulnerabilities (KEV) catalogue as part of this action.
Additionally, Microsoft has patched several critical remote code execution flaws in various services, including DHCP Server Service, Layer 2 Tunneling Protocol, Raw Image Extension, Windows Point-to-Point Tunneling Protocol, Windows Pragmatic General Multicast, and Microsoft Message Queuing (MSMQ), as a result of these actions.
Researcher Haifei Li mentioned that the MSMQ bug was tagged as CVE-2023-21554 in one of her statements. She noted, “The CVE-2023-21554 vulnerability allows an attacker to potentially execute code remotely and without authorization by reaching the TCP port 1801.” The statement showed the risk involved in the vulnerability. Other discovered flaws in MSMQ include CVE-2023-21769 and CVE-2023-28302, with CVSS scores of 7.5. Microsoft is relentlessly ensuring maximum security by fixing existing and preventing future vulnerabilities.
