Microsoft released a total of 97 fixes, with seven bugs rated as critical, and 90 as important in severity. Among them, 45 remote code execution flaws and 20 elevation of privilege vulnerabilities were found. One of the flaws actively exploited in the wild by ransomware attacks is a privilege escalation bug in the Windows Common Log File System (CLFS) Driver, CVE-2023-28252.
At least 32 vulnerabilities have been discovered in the CLFS component since 2018. Another vulnerability, CVE-2023-21554 (QueueJumper), found in Microsoft Message Queuing (MSMQ) software, was also rated critical with a CVSS score of 9.8.
The vulnerability could lead to unauthorized code execution and server takeover.
The tech giant also updated its advisory for a 10-year-old WinVerifyTrust signature validation vulnerability, CVE-2013-3900, on several Server Core installation versions. Additionally, Microsoft issued guidance for CVE-2022-21894 (Baton Drop), a Secure Boot bypass flaw exploited by threat actors to establish persistence on a host.
Microsoft further recommended that compromised devices be removed from the network and examined for evidence of follow-on activity, reformat or restore the machines from a known clean backup that includes the EFI partition, maintain credential hygiene, and enforce the principle of least privilege (PoLP).
Other vendors also released security updates to fix several vulnerabilities, including Adobe, AMD, Android, Apache Projects, Apple, Aruba Networks, Cisco, Citrix, CODESYS, Dell, Drupal, F5, Fortinet, GitLab, Google Chrome, HP, IBM, Jenkins, Juniper Networks, Lenovo, Linux distributions Debian, Oracle Linux, Red Hat, SUSE, and Ubuntu, MediaTek, and Mozilla Firefox, Firefox ESR, and Thunderbird.
These security updates show that vulnerabilities and exploits are still prevalent and demonstrate the importance of maintaining updated and secure systems to mitigate threats.
Users should promptly apply updates from vendors and implement cybersecurity measures, including maintaining the principle of least privilege (PoLP) and maintaining credential hygiene.
