{"id":51415,"date":"2023-04-11T22:09:00","date_gmt":"2023-04-11T22:09:00","guid":{"rendered":"https:\/\/www.darkreading.com\/vulnerabilities-threats\/microsoft-patches-97-cves-including-zero-day-wormable-bugs"},"modified":"2023-04-11T22:09:00","modified_gmt":"2023-04-11T22:09:00","slug":"microsoft-patches-97-cves-including-zero-day-wormable-bugs","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/microsoft-patches-97-cves-including-zero-day-wormable-bugs\/","title":{"rendered":"Microsoft Patches 97 CVEs, Including Zero-Day & Wormable Bugs"},"content":{"rendered":"
<\/div>\n

Microsoft’s Patch Tuesday security update for April 2023 contains patches for 97 CVEs, including one zero-day bug under active exploit in ransomware attacks, another that’s a reissue of a fix for a flaw from 2013 that a threat actor recently exploited in a supply chain attack on 3CX, and a wormable bug rated critical in severity.<\/p>\n

Microsoft identified a total of seven of the bugs it fixed this month as being of critical severity, which typically means organizations need to make them a top priority from a patch implementation standpoint.<\/p>\n

Zero-Day Used in Ransomware Attacks<\/h2>\n

Nearly half, or 45, of the vulnerabilities in the April update enable remote code execution (RCE), a significant uptick from the average of 33 RCE bugs that Microsoft has reported in each of the previous three months. Even so, the company rated nearly 90% of the CVEs in the latest batch as bugs that cyberattackers are less likely to exploit \u2014 just 9% are characterized as flaws that threat actors are more likely to exploit.<\/p>\n

The zero-day bug, tracked as CVE-2023-28252<\/a>, is an elevation-of-privilege vulnerability in the Windows Common Log File System (CLFS) that affects all supported versions of Windows 10 and Windows Server. It is the second CLFS zero day in recent months \u2014 the other was CVE-2022-37969<\/a> \u2014 and it gives adversaries who already have access to the platform a way to gain highly privileged system-level privileges. <\/p>\n

“This vulnerability leverages existing system access to actively exploit a device and is a result of how the CLFS driver interacts with objects in memory on a system,” said Gina Geisel, a security researcher at Automox. To exploit the flaw, an attacker would need to log in to a system and then execute a malicious binary to elevate privileges. <\/p>\n

“Automox recommends patch deployment within 24 hours since this is an actively exploited zero-day,” Geisel said in emailed comments to Dark Reading.<\/p>\n

In a blog post issued in tandem with Microsoft’s update, Kaspersky said its researchers had observed a threat actor exploiting CVE-2023-28252 to deliver Nokoyawa ransomware<\/a> on systems belonging to small and midsized organizations in North America, the Middle East, and Asia. The security vendor’s analysis shows that the exploits are similar to already-known driver exploits targeting CLFS. <\/p>\n

“The exploit was highly obfuscated with more than 80% of its code being ‘junk’ elegantly compiled into the binary,” according to the analysis. Kaspersky researchers said they reported the bug to Microsoft after observing an adversary using it in ransomware attacks in February.<\/p>\n

A Patch From the Past<\/h2>\n

Another patch in Microsoft’s April update that researchers are recommending organizations pay attention to is CVE-2013-3900<\/a>, a 10-year-old signature validation vulnerability in the Windows WinVerifyTrust function. A threat actor \u2014 believed to be North Korea’s Lazarus Group \u2014 recently exploited the flaw in a supply-chain attack on 3CX<\/a> that resulted in malware landing on systems belonging to users of the company’s video-conferencing software. <\/p>\n

When Microsoft released the patch in 2013, the company had decided to make it an opt-in patch because of the potential for the fix to cause problems for some organizations. With the April security update, Microsoft has made the fix available for more platforms and provide more recommendations for organizations on how to address the issue. <\/p>\n

“Definitely take the time to review all of the recommendations, including the information on the Microsoft Trusted Root Program<\/a>, and take the actions needed to protect your environment,” Dustin Childs, researcher with Trend Micro’s Zero Day Initiative (ZDI)<\/a> said in a blog post.<\/p>\n

A Slew of RCE Vulnerabilities<\/h2>\n

Researchers identified two of the critical vulnerabilities in April’s batch as needing immediate action. One of them is CVE-2023-21554<\/a>. <\/p>\n

The bug affects Microsoft Message Queuing (MSMQ) technology and gives attackers a way to gain RCE by sending a specially crafted MSMQ packet to a MSMQ server. The vulnerability affects Windows 10, 11, and Server 2008-2022 systems that have the message queuing feature enabled on their systems, Automox researcher Peter Pflaster said in emailed comments. Administrators should consider applying Microsoft patch for the issue ASAP, since the company has noted that threat actors are more likely to exploit the vulnerability.<\/p>\n

That’s just one of two critical vulnerabilities affecting the Windows Message Queuing system that Microsoft fixed this week. The other is CVE-2023-28250<\/a>, a vulnerability in Windows Pragmatic Multicast that, like CVE-2023-21554, has a base score of 9.8 and is potentially wormable. <\/p>\n

“This patch Tuesday MSFT fixed some critical flaws, of which we would recommend organizations to prioritize patching vulnerabilities those that are actively being exploited and wormable,” said Bharat Jogi, director of vulnerability and threat Research, at Qualys.<\/p>\n

The other critical vulnerability that needs immediate fixing is CVE-2023-28231<\/a>, a RCE bug in the DHCP Server service. Microsoft has assessed the bug as another issue that attackers are more likely to try and weaponize. To exploit the bug, an attacker would need prior access on a network. But once on it, the adversary could initiate remote code execution on the DHCP server, according to Kevin Breen, director of cyber threat research at Immersive Labs. <\/p>\n

“Microsoft recommends that DHCP services are not installed on Domain Controllers, however, smaller organizations will commonly see DC and DHCP services co-located. In this instance the impact could be a lot higher,” Breen warned in emailed comments. Attackers that have control over DHCP servers could wreak considerable havoc on the network including stealing credentials for software-as-a-service (SaaS) products, or to carry out machine-in-the-middle (MITM) attacks, he noted.<\/p>\n

Read More HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

The April 2023 Patch Tuesday security update also included a reissue of a fix for a 10-year-old bug that a threat actor recently exploited in the supply chain attack on 3CX.Read More HERE<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[151],"tags":[],"class_list":["post-51415","post","type-post","status-publish","format-standard","hentry","category-darkreading-ti"],"yoast_head":"\nMicrosoft Patches 97 CVEs, Including Zero-Day & Wormable Bugs 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/microsoft-patches-97-cves-including-zero-day-wormable-bugs\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Microsoft Patches 97 CVEs, Including Zero-Day & Wormable Bugs 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/microsoft-patches-97-cves-including-zero-day-wormable-bugs\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-04-11T22:09:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt79a4d644bd524ad8\/6435c7b6d1683a10fe1d45e0\/patchtuesday_diy13_shutterstock.com.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-patches-97-cves-including-zero-day-wormable-bugs\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-patches-97-cves-including-zero-day-wormable-bugs\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Microsoft Patches 97 CVEs, Including Zero-Day & Wormable Bugs\",\"datePublished\":\"2023-04-11T22:09:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-patches-97-cves-including-zero-day-wormable-bugs\\\/\"},\"wordCount\":934,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-patches-97-cves-including-zero-day-wormable-bugs\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt79a4d644bd524ad8\\\/6435c7b6d1683a10fe1d45e0\\\/patchtuesday_diy13_shutterstock.com.jpg\",\"articleSection\":[\"DarkReading |TI\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-patches-97-cves-including-zero-day-wormable-bugs\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-patches-97-cves-including-zero-day-wormable-bugs\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-patches-97-cves-including-zero-day-wormable-bugs\\\/\",\"name\":\"Microsoft Patches 97 CVEs, Including Zero-Day & Wormable Bugs 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-patches-97-cves-including-zero-day-wormable-bugs\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-patches-97-cves-including-zero-day-wormable-bugs\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt79a4d644bd524ad8\\\/6435c7b6d1683a10fe1d45e0\\\/patchtuesday_diy13_shutterstock.com.jpg\",\"datePublished\":\"2023-04-11T22:09:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-patches-97-cves-including-zero-day-wormable-bugs\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-patches-97-cves-including-zero-day-wormable-bugs\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-patches-97-cves-including-zero-day-wormable-bugs\\\/#primaryimage\",\"url\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt79a4d644bd524ad8\\\/6435c7b6d1683a10fe1d45e0\\\/patchtuesday_diy13_shutterstock.com.jpg\",\"contentUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt79a4d644bd524ad8\\\/6435c7b6d1683a10fe1d45e0\\\/patchtuesday_diy13_shutterstock.com.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/microsoft-patches-97-cves-including-zero-day-wormable-bugs\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Microsoft Patches 97 CVEs, Including Zero-Day & Wormable Bugs\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Microsoft Patches 97 CVEs, Including Zero-Day & Wormable Bugs 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/microsoft-patches-97-cves-including-zero-day-wormable-bugs\/","og_locale":"en_US","og_type":"article","og_title":"Microsoft Patches 97 CVEs, Including Zero-Day & Wormable Bugs 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/microsoft-patches-97-cves-including-zero-day-wormable-bugs\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-04-11T22:09:00+00:00","og_image":[{"url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt79a4d644bd524ad8\/6435c7b6d1683a10fe1d45e0\/patchtuesday_diy13_shutterstock.com.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/microsoft-patches-97-cves-including-zero-day-wormable-bugs\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-patches-97-cves-including-zero-day-wormable-bugs\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Microsoft Patches 97 CVEs, Including Zero-Day & Wormable Bugs","datePublished":"2023-04-11T22:09:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-patches-97-cves-including-zero-day-wormable-bugs\/"},"wordCount":934,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-patches-97-cves-including-zero-day-wormable-bugs\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt79a4d644bd524ad8\/6435c7b6d1683a10fe1d45e0\/patchtuesday_diy13_shutterstock.com.jpg","articleSection":["DarkReading |TI"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/microsoft-patches-97-cves-including-zero-day-wormable-bugs\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/microsoft-patches-97-cves-including-zero-day-wormable-bugs\/","url":"https:\/\/www.threatshub.org\/blog\/microsoft-patches-97-cves-including-zero-day-wormable-bugs\/","name":"Microsoft Patches 97 CVEs, Including Zero-Day & Wormable Bugs 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-patches-97-cves-including-zero-day-wormable-bugs\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-patches-97-cves-including-zero-day-wormable-bugs\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt79a4d644bd524ad8\/6435c7b6d1683a10fe1d45e0\/patchtuesday_diy13_shutterstock.com.jpg","datePublished":"2023-04-11T22:09:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/microsoft-patches-97-cves-including-zero-day-wormable-bugs\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/microsoft-patches-97-cves-including-zero-day-wormable-bugs\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/microsoft-patches-97-cves-including-zero-day-wormable-bugs\/#primaryimage","url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt79a4d644bd524ad8\/6435c7b6d1683a10fe1d45e0\/patchtuesday_diy13_shutterstock.com.jpg","contentUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt79a4d644bd524ad8\/6435c7b6d1683a10fe1d45e0\/patchtuesday_diy13_shutterstock.com.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/microsoft-patches-97-cves-including-zero-day-wormable-bugs\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Microsoft Patches 97 CVEs, Including Zero-Day & Wormable Bugs"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/51415","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=51415"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/51415\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=51415"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=51415"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=51415"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}