Microsoft April 2023 Patch Tuesday

CybersecurityVulnerability Management
Written By RF Wave

Microsoft has released updates as part of its April 2023 Patch Tuesday.

Of all the updates released today, there were a total of 97 security fixes. This includes one zero-day vulnerability, tracked as CVE-2023-28252, that is actively exploited in the wild by ransomware actors and affiliates. When exploited, the zero-day allows an attacker to elevate privilege to SYSTEM, gaining full access to the target system.

According to Bleeping Computer, other security vulnerabilities fixed include:

  • 20 Elevation of Privilege Vulnerabilities

  • 8 Security Feature Bypass Vulnerabilities

  • 45 Remote Code Execution Vulnerabilities

  • 10 Information Disclosure Vulnerabilities

  • 9 Denial of Service Vulnerabilities

  • 6 Spoofing Vulnerabilities

Windows users are advised to update their systems as soon as possible to close the vulnerabilities. Priority consideration should be given to the actively exploited CVE-2023-28252, then critical vulnerabilities.

References

  • https://www.bleepingcomputer.com/news/microsoft/microsoft-april-2023-patch-tuesday-fixes-1-zero-day-97-flaws/

  • https://www.bleepingcomputer.com/news/security/windows-zero-day-vulnerability-exploited-in-ransomware-attacks/

RF Wave
Previous

Canadian Centre for Cyber Security Issues Guidance on Security of Tech Products
Next

Microsoft Adds AI to Cybersecurity With Security Copilot