Microsoft Releases Patches for 97 Flaws, Including Active Ransomware Exploit and Secure Boot Bypass

Microsoft has released security updates to address a total of 97 vulnerabilities in its software, including one actively exploited in ransomware attacks. Of the 97 flaws, seven are rated critical, and 90 are rated important in severity.

The critical flaw is a privilege escalation bug in the Windows Common Log File System Driver (CVE-2023-28252), which has been actively exploited by a cybercrime group to deploy Nokoyawa ransomware against small and medium-sized businesses in various regions. The vulnerability enables an attacker to gain SYSTEM privileges, allowing them to execute malicious code, install programs, or create user accounts with full privileges. To secure your system against this flaw, Microsoft recommends installing the latest security updates immediately. In addition, the Cybersecurity and Infrastructure Security Agency (CISA) has added the Windows zero-day to its catalog of Known Exploited Vulnerabilities (KEV), ordering Federal Civilian Executive Branch (FCEB) agencies to secure their systems by May 2, 2023.

Another critical flaw is the Microsoft Message Queuing (MSMQ) bug (CVE-2023-21554), which could lead to unauthorized code execution and server takeover. To exploit this vulnerability, an attacker could send a specially crafted malicious MSMQ packet to an MSMQ server, leading to unauthorized code execution. Microsoft recommends installing the latest security updates to protect against this vulnerability.

Microsoft has also issued guidance for CVE-2022-21894, a Secure Boot bypass flaw that has been exploited by threat actors using a Unified Extensible Firmware Interface bootkit called BlackLotus to establish persistence on a host. Microsoft recommends removing any compromised devices from the network and examining them for evidence of follow-on activity. Additionally, it recommends reformatting or restoring the machines from a known clean backup that includes the EFI partition and maintaining credential hygiene.

Other vendors, including Adobe, Apple, Cisco, and Mozilla, have also released security updates to address various vulnerabilities. To secure your systems, it is recommended that you install the latest security updates from these vendors as well.