Categories Blog Microsoft releases fixes for its 97 flaws and 1 zero-day vulnerability Post author By Vinith Sengunthar Post date April 14, 2023 No Comments on Microsoft releases fixes for its 97 flaws and 1 zero-day vulnerability Home » Blog » Microsoft releases fixes for its 97 flaws and 1 zero-day vulnerability Microsoft releases fixes for its 97 flaws and 1 zero-day vulnerability Microsoft is known for its regular security updates and fixes. Every month, Microsoft releases security updates for its Windows and other products, specifically on the second Tuesday of the month. This month they have focused on fixing their repeatedly exploited zero-day and many other vulnerabilities. Around 97 security fixes were released by Microsoft for its components and products including: NET Core MS Office applications Windows Active Directory Kernel, the Azure cloud platform Windows 32K API, and Windows Many security experts have commented that this month’s fix for zero-day vulnerability was a big relief for cybersecurity since it was one of the most exploited vulnerabilities. Let’s take a closer look at the security updates and fixes that they have released through our blog. Fix for over 97 Vulnerabilities Last week, Microsoft released fixes for 17 Edge-related flaws and non-security updates for its Windows 11 OS, specifically – KB5025239 and Windows 10 – KB5025221 & KB5025229. Microsoft has released security fixes for over seven critical vulnerabilities that allowed remote code execution. Out of the 97 vulnerabilities, 45 were remote code execution vulnerabilities, 20 were elevation of privilege vulnerabilities, 8 were security feature bypass vulnerabilities, 10 were information disclosure vulnerabilities, around 6 were spoofing vulnerabilities and 9 were denial of service vulnerabilities. Highly exploited zero-day vulnerability finally fixed Through this month’s Update Tuesday, Microsoft released a security fix zero-day vulnerability CVE- 2023-28252 or ”Windows Common Log System Driver Elevation of Privilege Vulnerability” that is being exploited widely by cyber criminals in industries such as retail, energy, and healthcare. It is also currently being used to spread the Nokoyawa ransomware. These security updates are critical since attackers somehow bypass the vulnerabilities to engage in organization-wide breaches that impact operations at large, causing damage. You can check the complete list of fixes here. The following are some of the most exploited vulnerabilities that Microsoft has released fixes for: CVE 2023 28252Zero DayCommon Log File System Driver (CLFS)CriticalCVE 2023 21554RCE Microsoft Message Queuing (MSMQ)HighCVE 2023 28250RCEPragmatic General Multicast (PGM)HighCVE 2023 2823RCEDynamic Host Configuration protocol server serviceHigh In addition to the security updates and fixes, they also announced the end of Microsoft Exchange Server 2013. The Exchange Server was targeted by more than ten ransomware groups in 2022, with most vulnerabilities being targeted even by most state-sponsored threat actors. Apart from Microsoft, companies have also released security updates this month including Adobe, Google, Cisco, Apple and SAP. How SharkStriker assists you with Proactive Threat Hunting? At SharkStriker, we keep our clients two moves ahead of attackers. We have a 24x7x365 dedicated team that ensures that your cybersecurity stays up-to-date with the latest developments in the threat landscape. Our SOC team is actively monitoring the threat landscape for the vulnerabilities specific to Microsoft products and components. We have developed various detection capabilities pertaining to the above vulnerabilities. Our threat hunters are actively monitoring customer environments and assisting them to stay up to date with the fixes and security updates released by vendors through effective patch management. If you are one of our clients, please keep an eye out for our internal advisories and updates on this. To wrap it up Microsoft has released some critical and highly important security updates that include one zero-day vulnerability that is being exploited by attackers repeatedly, especially in the healthcare, energy, and retail industries. With our blog, we have explored the updates and their impact on their products and components. If you are a business owner looking for a cybersecurity service that assists you in improving your cybersecurity posture, then you are at the right place. We offer holistic cybersecurity services ranging from security assessment, implementation, and monitoring. If you are interested, mail us and we will schedule a call with our cybersecurity experts who will guide you better through a tailored service that best fits your budget and scope. SearchSearch Recent News SharkStriker Wins the “SIEM Innovation of the Year” award at the 7th CyberSecurity Breakthrough awardOctober 6, 2023 SharkStriker joins the league of the world’s Top 250 MSSPs, again! September 27, 2023 STRIEGO by SharkStriker: A holistic cybersecurity platform launched September 20, 2023 SharkStriker launches a data center in South AfricaAugust 31, 2023 Russian APT group Midnight Blizzard targets more than 40 companies globally using Microsoft TeamsAugust 16, 2023 On-Demand Webinars Know which cyber insurance will fetch you the maximum ROI for your business.July 19, 2023 Charter business growth in cybersecurity services market in 2023May 19, 2023 Live Attack Simulation: Exploring Microsoft Exchange from a Hacker’s POVApril 21, 2023 Affordable enterprise security for SMBsMarch 10, 2023 Turbocharging solutions through cybersecurity -as-a-service USAFebruary 13, 2023 Services Experience end-to-end managementof statutory and regulatory compliancethrough our dedicated service for compliance Explore More > Latest Post AllBlog Load More Blog Webinar News Guides Videos Data Sheet Services ← Top 7 Challenges for CISOs in 2023 → Live Attack Simulation: Exploring Microsoft Exchange from a Hacker’s POV Leave a Reply Cancel replyYour email address will not be published. Required fields are marked *Comment * Name * Email * Website Save my name, email, and website in this browser for the next time I comment.