Microsoft April 2023 Patch Tuesday
Microsoft has released updates as part of its April 2023 Patch Tuesday.
Of all the updates released today, there were a total of 97 security fixes. This includes one zero-day vulnerability, tracked as CVE-2023-28252, that is actively exploited in the wild by ransomware actors and affiliates. When exploited, the zero-day allows an attacker to elevate privilege to SYSTEM, gaining full access to the target system.
According to Bleeping Computer, other security vulnerabilities fixed include:
20 Elevation of Privilege Vulnerabilities
8 Security Feature Bypass Vulnerabilities
45 Remote Code Execution Vulnerabilities
10 Information Disclosure Vulnerabilities
9 Denial of Service Vulnerabilities
6 Spoofing Vulnerabilities
Windows users are advised to update their systems as soon as possible to close the vulnerabilities. Priority consideration should be given to the actively exploited CVE-2023-28252, then critical vulnerabilities.
References
https://www.bleepingcomputer.com/news/microsoft/microsoft-april-2023-patch-tuesday-fixes-1-zero-day-97-flaws/
https://www.bleepingcomputer.com/news/security/windows-zero-day-vulnerability-exploited-in-ransomware-attacks/