Microsoft's Patchday release this month includes fixes for 98 CVEs, 11 of which are rated Critical and 87 are Major. In addition, Microsoft closes two zero-day vulnerabilities. A lot of information came from the American National Security Agency - NSA.
Microsoft says this bug has already been exploited in practice as a zero day: CVE-2023-21674 is an elevation-of-privilege vulnerability in Windows Advanced Local Procedure Call (ALPC) that simplifies interprocess communication for Windows operating system components.
Serious zero-day vulnerability
Although no details about the flaw were available at the time Microsoft published its advisory on Patch Tuesday, it appears likely to have been chained to a vulnerability in a browser such as Google Chrome or Microsoft Edge in order to break out of a browser's sandbox and get full system access.
Vulnerabilities like CVE-2023-21674 are typically the work of Advanced Persistent Threat (APT) groups as part of targeted attacks. The chance of future widespread exploitation of an exploit chain like this is limited due to the auto-update functionality used to patch browsers.
Windows Print Spooler - still many vulnerabilities
Researchers and attackers alike continue to be interested in Windows Print Spooler due to its ubiquity on Windows systems. Since PrintNightmare was released in the summer of 2021, there has been a steadily increasing spate of print spooler vulnerabilities on an almost monthly basis. This month Microsoft patched three Windows print spooler vulnerabilities. All three received the same CVSSv3 score and are less likely to be exploited.
“However, it is interesting that CVE-2023-21678 was leaked to Microsoft by the National Security Agency. This is a continuation of a trend observed last year when the NSA disclosed three vulnerabilities in the Windows Print Spooler, starting with CVE-2022-29104 and CVE-2022-29132 in May 2022 and ending with CVE-2022-38028 in May October 2022.” Said Satnam Narang, senior staff research engineer at Tenable.
More at Tenable.com
About Tenable Tenable is a Cyber Exposure company. Over 24.000 companies worldwide trust Tenable to understand and reduce cyber risk. Nessus inventors have combined their vulnerability expertise in Tenable.io, delivering the industry's first platform that provides real-time visibility into and secures any asset on any computing platform. Tenable's customer base includes 53 percent of the Fortune 500, 29 percent of the Global 2000, and large government agencies.