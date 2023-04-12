



Microsoft patched nearly 100 individual vulnerabilities in its April Patch Tuesday release. This includes one bug that is currently under active attack and affects many versions of Windows and Windows Server.

The vulnerability (CVE-2023-20852) is a privilege escalation flaw in the Windows common log file system driver that could allow an attacker who already has privileges to the system to gain elevated access to the machine. There is a nature.

An attacker who exploited this vulnerability could gain SYSTEM privileges, according to Microsoft’s advisory.

Although the vulnerability is categorized as important instead of critical, the attack complexity is low and valid exploit code is available, so the risk is fairly high. This vulnerability affects several versions of Windows 10, Windows 11 and Windows Server.

This vulnerability is very similar to the vulnerability that Microsoft fixed in February in the same component (CVE-2023-23376). This bug is also a privilege escalation and was being exploited at the time it was patched.

To me, this means that the original fix was lame and the attacker found a way around it. As in February, there is no information about how widespread these attacks could be. This type of exploit is usually combined with code execution bugs to spread malware and ransomware. Dustin Childs of the Zero Day Initiative recommends testing and deploying this patch quickly.

Among other interesting bugs Microsoft fixed this month is a patch for a 2013 bug that was previously optional. This patch addresses vulnerabilities exploited by attackers in the 3CX intrusion.

A remote code execution vulnerability exists in the way the WinVerifyTrust function handles Windows Authenticode signature verification for portable executable (PE) files. An anonymous attacker can exploit this by modifying an existing signed executable file to take advantage of unverified portions of the file in such a way as to add malicious code to the file without invalidating the signature. Vulnerabilities can be exploited. An attacker who successfully exploited this vulnerability could take complete control of the affected system. An attacker could then install the program. view, change, or delete data; According to Microsoft’s advisory, you can also create a new account with full user rights.

