Urgent: Microsoft Releases Security Patches for 97 Vulnerabilities, Including Active Ransomware Threat

April 12, 2023
Patch Tuesday / Software Updates

On the second Tuesday of the month, Microsoft has issued security updates addressing a total of 97 vulnerabilities within its software. Notably, one of these flaws is currently being exploited in active ransomware attacks. Of the 97 issues, seven are classified as Critical and 90 as Important. The updates notably include 45 remote code execution flaws and 20 elevation of privilege vulnerabilities. This release follows previous fixes for 26 vulnerabilities found in the Edge browser over the past month. The actively exploited flaw is CVE-2023-28252 (CVSS score: 7.8), a privilege escalation vulnerability within the Windows Common Log File System (CLFS) Driver. According to Microsoft’s advisory, “An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” with credit given to researchers Boris Larin, Genwei Jiang, and Quan Jin for their discovery. CVE-2023-28252 represents the fourth privilege escalation flaw recently identified…

Microsoft Releases Critical Patches for 97 Vulnerabilities, Addressing Active Ransomware Threat

On April 12, 2023, Microsoft introduced a substantial set of security updates aimed at rectifying a total of 97 vulnerabilities across its software ecosystem. Among these, one particular flaw is currently being exploited actively in ransomware operations. This month’s update features seven vulnerabilities classified as Critical and 90 as Important. Notably, 45 of these issues pertain to remote code execution, while another 20 are related to privilege escalation.

The most pressing security concern is identified as CVE-2023-28252, a privilege escalation vulnerability affecting the Windows Common Log File System (CLFS) Driver, which has received a CVSS score of 7.8. Microsoft indicated in its advisory that successful exploitation of this vulnerability could grant an attacker SYSTEM privileges, thereby allowing for extensive control over the affected system. The bug was disclosed by researchers Boris Larin, Genwei Jiang, and Quan Jin, who played a crucial role in bringing this risk to the company’s attention.

With the backdrop of increasing ransomware attacks, this update follows closely on the heels of previous patches addressing 26 vulnerabilities within Microsoft’s Edge browser. This pattern underscores an ongoing trend where the proliferation of vulnerabilities correlates with heightened exploitation efforts by cyber adversaries.

The specific nature of the ongoing exploitation of CVE-2023-28252 places businesses at significant risk, as attackers leveraging this vulnerability could potentially gain unauthorized access to sensitive information and resources. The implications could extend well beyond individual organizations, highlighting systemic vulnerabilities that could affect broader networks.

Business owners should be cognizant of the potential for attackers to utilize various tactics and techniques as outlined in the MITRE ATT&CK framework. Initial access might be obtained through phishing or exploiting system vulnerabilities, leading to persistence strategies that allow the attacker to maintain their foothold within the network. Privilege escalation, as seen with CVE-2023-28252, could become a crucial step in an attacker’s methodology for gaining heightened privileges and executing further malicious actions.

Prompt implementation of these patches is critical for organizations aiming to safeguard their systems against such sophisticated threats. Catastrophic outcomes can arise from delayed responses, particularly as cybercriminals continuously adapt their tactics. By addressing these vulnerabilities as they are disclosed, business owners can significantly mitigate risks associated with ransomware and other cyber threats.

In summary, the current patch rollout by Microsoft serves as a vital reminder of the ever-present cybersecurity landscape. Organizations must prioritize the timely application of these updates while remaining vigilant against emerging threats, thereby ensuring more robust defenses in an era of relentless cyber conflict.

Source link

Related Posts

Lazarus Hacker Group Adapts Tactics, Tools, and Targets in DeathNote Campaign

The North Korean cyber threat group known as Lazarus has been observed changing its strategies and rapidly enhancing its tools within its ongoing DeathNote campaign. While historically focused on the cryptocurrency sector, recent attacks have also expanded to include the automotive, academic, and defense sectors in Eastern Europe and beyond. This shift is seen as a major change in approach. Kaspersky researcher Seongsu Park noted that the group has switched its decoy documents to job descriptions for defense contractors and diplomatic services, marking a strategic pivot that began in April 2020. This campaign is also identified by other names such as Operation Dream Job or NukeSped, with Google-owned Mandiant linking certain activities to this evolving threat.

RTM Locker: A Rising Cybercrime Collective Targeting Enterprises with Ransomware

April 13, 2023
Ransomware / Cyber Attack

Cybersecurity experts have revealed insights into the tactics of a burgeoning cybercriminal organization known as “Read The Manual” (RTM) Locker. This group operates as a private ransomware-as-a-service (RaaS) provider, executing opportunistic attacks to illicitly generate profits. According to a report from cybersecurity firm Trellix shared with The Hacker News, “The RTM Locker gang employs affiliates to extort victims, all of whom must adhere to the gang’s stringent rules.” The structured nature of the group, where affiliates are expected to remain active or inform the gang of their departure, highlights its organizational maturity, akin to that seen in other sophisticated groups like Conti. Originally documented by ESET in February 2017, RTM began in 2015 as a banking malware targeting businesses in Russia through methods such as drive-by downloads, spam, and phishing emails. The group’s attack strategies have since evolved to include ransomware deployment.

Critical Vulnerabilities in Android and Novi Survey Under Ongoing Exploitation

April 14, 2023
Mobile Security / Cyber Threat

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog due to active exploitation evidence. The vulnerabilities include:

  • CVE-2023-20963 (CVSS score: 7.8) – Android Framework Privilege Escalation Vulnerability
  • CVE-2023-29492 (CVSS score: TBD) – Novi Survey Insecure Deserialization Vulnerability

CISA’s advisory for CVE-2023-20963 notes that the Android Framework contains an unspecified vulnerability that enables privilege escalation when an app is updated to a higher Target SDK without requiring additional execution privileges. Google acknowledged in its March 2023 Android Security Bulletin that there are signs of limited, targeted exploitation of CVE-2023-20963. This revelation follows a report from Ars Technica that Android apps digitally signed by a Chinese e-commerce entity may be affected.