“This month, Microsoft addressed two zero-day vulnerabilities, including one exploited in the wild.
“CVE-2023-21674 is an elevation of privilege vulnerability in the Windows Advanced Local Procedure Call (ALPC), which facilitates interprocess communication for Windows operating system components. Microsoft says that this flaw has been exploited in the wild as a zero day.
“Though details about the flaw were not available at the time Microsoft published its advisory on Patch Tuesday, it appears this was likely chained together with a vulnerability in a Chromium-based browser such as Google Chrome or Microsoft Edge in order to break out of a browser’s sandbox and gain full system access.
“Vulnerabilities like CVE-2023-21674 are typically the work of advanced persistent threat (APT) groups as part of targeted attacks. The likelihood of future widespread exploitation of an exploit chain like this is limited due to auto-update functionality used to patch browsers.
“The interest by researchers and attackers alike in Windows Print Spooler persists due to its ubiquity on Windows systems. Since PrintNightmare was disclosed in the summer of 2021, we have seen a steady stream of vulnerabilities being reported in Print Spooler almost monthly. This month, Microsoft patched three Windows Print Spooler vulnerabilities.. All three received the same CVSSv3 score and are less likely to be exploited.
“However, it’s interesting to note that CVE-2023-21678 was disclosed to Microsoft by the National Security Agency. This is a continuation of a trend observed last year, where the NSA disclosed three vulnerabilities in Windows Print Spooler, beginning with CVE-2022-29104 and CVE-2022-29132 in May 2022 to CVE-2022-38028 in October 2022.” —Satnam Narang, Sr. Staff Research Engineer at Tenable
