



Microsoft has released patches for 97 vulnerabilities for the April 2023 Patch Monthly Rollout. 7 are classified as Critical and the remaining 90 are classified as Important. We have seen one vulnerability being actively exploited. We will discuss this zero-day in more detail later in this blog.

April 2023 Risk Analysis

Remote code execution (46.4%, up from 40.3% in March 2023) was the leading risk type this month, followed by elevation of privilege (20.6%, down from 31% in March).

The Microsoft Windows product family received the most patches this month, with 77. Next were Extended Support Updates (44) and Microsoft Developer Tools (6).

Zero-Day Vulnerability in Common Log File System Driver Actively Exploited

Microsoft disclosed one actively exploited vulnerability (CVE-2023-28252) in this month’s release. Successful exploitation of this vulnerability would grant an attacker full system privileges, the highest level of privileges on a Windows system. Although exploitation of this vulnerability would require an attacker to have access to the victim’s computer, SYSTEM privileges are risky enough that this vulnerability should be patched as soon as possible. Additionally, because this vulnerability is actively exploited, special care should be taken to monitor Windows endpoints for signs of compromise. A similar vulnerability was reported in his September 2022 monthly patch release.

Rank CVSS Score CVE Description Critical 7.8 CVE-2023-28252 Windows Common Log File System Driver Elevation of Privilege Vulnerability

Figure 3. Zero-day vulnerabilities patched in April 2023

Critical Vulnerability in Microsoft Windows Message Queuing System

The Microsoft Message Queuing (MSMQ) system has been patched for CVE-2023-21554, a critical remote code execution (RCE) vulnerability with a CVSS score of 9.8. The MSMQ system allows applications to communicate with the system over the network, online or not. This system is most commonly used in business-critical applications such as e-commerce and embedded systems.

Microsoft notes that an attacker could exploit this vulnerability by crafting a malicious MSMQ packet and sending it to an MSMQ server running as the Network Service account. This means that attackers can start other malicious services and exploit existing trust relationships between servers and other endpoints in your network.For additional information on the MSMQ system See here.

The Windows Pragmatic General Multicast (PGM) RCE vulnerability, CVE-2023-28250, is a critical vulnerability with a CVSS of 9.8. An attacker could exploit this vulnerability by sending a specially crafted file. An attacker can trigger malicious code on the endpoint if the MSMQ service is enabled. More information on the NetworkService account and its default permissions can be found here.

Rank CVSS Score CVE Description Critical 9.8 CVE-2023-21554 Microsoft Message Queuing Remote Code Execution Vulnerability Critical 9.8 CVE-2023-28250 Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability

Figure 4. Critical vulnerabilities in the Microsoft Message Queuing system

Critical Vulnerabilities Affecting Microsoft Windows Networking Components

CVE-2023-28231 is a critical vulnerability affecting the Dynamic Host Configuration Protocol (DHCP) service that allows an authenticated attacker to send a specially crafted remote procedure call (RPC) to the DHCP service. , an RCE may occur. An attacker must have some access to the target network to exploit this vulnerability. RPC calls should be actively monitored to determine if this vulnerability is being exploited.

CVE-2023-28219 and CVE-2023-28220 are critical RCE vulnerabilities that target the layer 2 or data link layer. This layer of the Open Systems Interconnection model is responsible for forwarding network packets. This is where protocols like Ethernet and TCP/IP come into play. These highly complex vulnerabilities require an attacker to overcome a race condition in which the attacker attempts to respond to a connection request to the remote access server before the originator of the connection request has responded. This race condition does not guarantee an attacker’s chances of success, but given enough time an attacker could exploit this vulnerability.

CVE-2023-28232 is a critical vulnerability that targets the Windows Point-to-Point Tunneling Protocol. This highly complex vulnerability requires the victim user to connect to a malicious server. Once connected, an attacker could use this vulnerability to execute code on the victim’s machine. This kind of vulnerability is most often exploited using phishing.

Rank CVSS Score CVE Description Critical 8.8 CVE-2023-28231 DHCP Server Service Remote Code Execution Vulnerability Critical 8.1 CVE-2023-28219 Layer 2 Tunneling Protocol Remote Code Execution Vulnerability Critical 7.5 CVE -2023-28232 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability

Figure 5. Critical vulnerabilities in Windows networking components

Critical Vulnerability Affecting Microsoft Raw Image Extension

CVE-2023-28291 is a critical vulnerability affecting the Raw Image file extension. A raw image file is an image that has not yet been compressed or processed into a more usable format such as JPEG. A victim user could exploit this vulnerability by opening a malicious file. Affected applications are most often updated through the Microsoft Store. However, Microsoft says this update will be available for download outside of the store.

Rank CVSS Score CVE Description Critical 8.4 CVE-2023-28291 Raw Image Extension Remote Code Execution Vulnerability

Figure 6. Critical vulnerability in Raw Image file extension

Important end of support dates for Microsoft Exchange

End-of-support software no longer receives security updates and should be used with extreme caution and monitoring.

Microsoft Exchange 2013 reached end of support on April 4, 2023. Exchange 2016 reaches end of support in October 2025, so we recommend updating to Exchange 2019 or later to get the most benefit.

Not All Relevant Vulnerabilities Have Patches: Consider Mitigation Strategies

As we learned with other notable vulnerabilities such as Log4j, not all highly exploitable vulnerabilities are easily patchable. As with the ProxyNotShell vulnerability, it is very important to develop a response plan for how to defend your environment in the absence of a patch protocol.

Regular reviews of your patching strategy should continue to be part of your program, but you should also look more holistically at your organization’s cybersecurity practices to improve your overall security posture.

The CrowdStrike Falcon platform routinely collects and analyzes trillions of endpoint events per day from millions of sensors deployed in 176 countries. Watch this demo to see the Falcon platform in action.

learn more

Learn how CrowdStrike Falcon Spotlight can help you find and prioritize vulnerabilities quickly and easily.

About CVSS scores

The Common Vulnerability Scoring System (CVSS) is a free and open industry standard used by CrowdStrike and many other cybersecurity organizations to rate and communicate the severity and characteristics of software vulnerabilities. CVSS base scores range from 0.0 to 10.0, and the National Vulnerability Database (NVD) adds severity ratings for CVSS scores. For more information on vulnerability scoring, see this article.

Additional Resources For more information about products included in Microsoft’s Extended Security Updates, please refer to the vendor guidance here. Download the CrowdStrike 2023 Global Threat Report to see how the threat landscape has changed over the past year and understand the attacker behaviors that are driving these changes. See how Falcon Spotlight can help you discover and manage vulnerabilities and prioritize patches in your environment. Learn how Falcon Surface, CrowdStrikes’ external attack surface module, can detect unknown, exposed and vulnerable Internet-facing assets, enabling security teams to track attackers. See how Falcon identity protection products can help your employee stop her identity threats faster. Make prioritization easy and efficient. See how Falcon Spotlight helps IT staff increase visibility with custom filters and team dashboards. Test CrowdStrike next-gen AV for yourself with a free trial of Falcon Prevent.

Sources 1/ https://Google.com/ 2/ https://www.crowdstrike.com/blog/patch-tuesday-analysis-april-2023/ The mention sources can contact us to remove/changing this article

What Are The Main Benefits Of Comparing Car Insurance Quotes Online

LOS ANGELES, CA / ACCESSWIRE / June 24, 2020, / Compare-autoinsurance.Org has launched a new blog post that presents the main benefits of comparing multiple car insurance quotes. For more info and free online quotes, please visit https://compare-autoinsurance.Org/the-advantages-of-comparing-prices-with-car-insurance-quotes-online/ The modern society has numerous technological advantages. One important advantage is the speed at which information is sent and received. With the help of the internet, the shopping habits of many persons have drastically changed. The car insurance industry hasn't remained untouched by these changes. On the internet, drivers can compare insurance prices and find out which sellers have the best offers. View photos The advantages of comparing online car insurance quotes are the following: Online quotes can be obtained from anywhere and at any time. Unlike physical insurance agencies, websites don't have a specific schedule and they are available at any time. Drivers that have busy working schedules, can compare quotes from anywhere and at any time, even at midnight. Multiple choices. Almost all insurance providers, no matter if they are well-known brands or just local insurers, have an online presence. Online quotes will allow policyholders the chance to discover multiple insurance companies and check their prices. Drivers are no longer required to get quotes from just a few known insurance companies. Also, local and regional insurers can provide lower insurance rates for the same services. Accurate insurance estimates. Online quotes can only be accurate if the customers provide accurate and real info about their car models and driving history. Lying about past driving incidents can make the price estimates to be lower, but when dealing with an insurance company lying to them is useless. Usually, insurance companies will do research about a potential customer before granting him coverage. Online quotes can be sorted easily. Although drivers are recommended to not choose a policy just based on its price, drivers can easily sort quotes by insurance price. Using brokerage websites will allow drivers to get quotes from multiple insurers, thus making the comparison faster and easier. For additional info, money-saving tips, and free car insurance quotes, visit https://compare-autoinsurance.Org/ Compare-autoinsurance.Org is an online provider of life, home, health, and auto insurance quotes. This website is unique because it does not simply stick to one kind of insurance provider, but brings the clients the best deals from many different online insurance carriers. In this way, clients have access to offers from multiple carriers all in one place: this website. On this site, customers have access to quotes for insurance plans from various agencies, such as local or nationwide agencies, brand names insurance companies, etc. "Online quotes can easily help drivers obtain better car insurance deals. All they have to do is to complete an online form with accurate and real info, then compare prices", said Russell Rabichev, Marketing Director of Internet Marketing Company. CONTACT: Company Name: Internet Marketing CompanyPerson for contact Name: Gurgu CPhone Number: (818) 359-3898Email: cgurgu@internetmarketingcompany.BizWebsite: https://compare-autoinsurance.Org/ SOURCE: Compare-autoinsurance.Org View source version on accesswire.Com:https://www.Accesswire.Com/595055/What-Are-The-Main-Benefits-Of-Comparing-Car-Insurance-Quotes-Online View photos

Related