Microsoft released a security update under patch Tuesday for April and fixed 97 vulnerabilities affecting various products, including a Windows zero-day bug that was exploited for ransomware attacks.
The Microsoft security updates contain fixes for the vulnerabilities that affected the following products:
Out of 97 vulnerabilities, 7 vulnerabilities are marked as ‘Critical.’ The following number of vulnerabilities has been fixed for the respective vulnerability categories.
Microsoft fixed a critical Elevation privilege zero-day vulnerability that affected the Windows Common Log File System Driver.
Upon successfully exploiting this vulnerability, attackers gain the system privilege. Genwei Jiang discovered the vulnerability with Mandiant and Quan Jin with DBAPPSecurity WeBin Lab, Microsoft says.
CVE-2023-28252 is an out-of-bounds write (increment) vulnerability that can be exploited when the system attempts to extend the metadata block.
Also this particular zero-day was used by a sophisticated cybercrime group that carries out ransomware attacks, Kaspersky says.
Microsoft fixed the following remote code execution vulnerabilities that affect MS Office and Word.
CVE-2023-28285 – A Remote code execution vulnerability that affects MS Office allows an attacker to trick users into running malicious files from the local machine to exploit the vulnerability. Also, Microsoft clarifies that it doesn’t mean arbitrary code, but the word Remote in the title refers to the attacker’s location.
CVE-2023-28295 & CVE-2023-28287 – A Microsoft Publisher remote code execution vulnerability lets hackers gain system access by tricking the users into executing the malicious code that sends via email and downloaded from a malicious website.
CVE-2023-28311 – Microsoft Word Remote Code Execution Vulnerability allows attackers to trick users into running malicious files from the local machine to exploit the vulnerability.
You can refer here to the complete patch details for the full list of resolved vulnerabilities and advisories in the April 2023 Patch.
Microsoft strongly recommended installing these security updates for all Windows users to avoid the security risk and protect your Windows.
Along with Microsoft security updates, Several other vendors of the following issues security updates for their respective products and services.
We're currently living in an age where digital threats loom large. Among these, ransomware has…
Attackers are exploiting the recently discovered critical security vulnerability tracked as (CVE-2023-46604) affecting Apache ActiveMQ…
Media reports highlight the sale of LLMs like WormGPT and FraudGPT on underground forums. Fears…
An open-source security scanner, developed by Git Hub user Adam Swanda, was released to explore…
One of Slovenia's major power providers, HSE, has recently fallen victim to a significant cyberattack.…
In the labyrinthine landscape of cyber threats, the Trend Micro Managed XDR team has uncovered…