Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Multiple Vulnerabilities in Microsoft Products
Alerts

Multiple Vulnerabilities in Microsoft Products

14 April 2023

Microsoft has released security updates to address vulnerabilities (CVE-2023-21554 and CVE-2023-28252) in Microsoft Message Queuing (MSMQ) and the Windows Common Log File System (CLFS) Driver. The vulnerability in MSMQ service has a Common Vulnerability Scoring System (CVSSv3) score of 9.8 out of 10.

The vulnerabilities are:

  • CVE-2023-21554: A critical Remote Code Execution (RCE) vulnerability in the MSMQ service may allow unauthorised users to remotely execute arbitrary code in the Windows service process mqsvc.exe.

  • CVE-2023-28252: A vulnerability in the Windows CLFS Driver may allow an attacker to gain system privileges on targeted machines. It can be exploited by an attacker in low-complexity attacks without user interaction. This vulnerability is reportedly being actively exploited in ransomware attacks.

Users and administrators of affected products are advised to apply the latest patches immediately. Microsoft has also advised users and administrators to check for the availability of the MSMQ service for Windows servers and clients, and disable it if not required to reduce the attack surface.

More information is available here:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21554

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28252

https://nvd.nist.gov/vuln/detail/CVE-2023-21554

https://socprime.com/blog/detect-cve-2023-28252-cve-2023-21554-exploitation-attempts-windows-zero-day-actively-used-in-ransomware-attacks-and-a-critical-rce-flaw/

https://www.bleepingcomputer.com/news/security/windows-zero-day-vulnerability-exploited-in-ransomware-attacks/

https://www.helpnetsecurity.com/2023/04/11/cve-2023-28252/

Back to top