Microsoft patched over 100 vulnerabilities this week in its products, including a zero-day privilege escalation flaw used in the wild by a ransomware gang. However, another critical vulnerability that can be easily exploited to take over Windows systems remotely over local networks and the internet is likely to be of more interest to attackers and see widespread exploitation in the future.
Dubbed QueueJumper and tracked as CVE-2023-21554, the flaw was discovered by researchers from security firm Check Point Software Technologies and is rated 9.8 out of 10 on the CVSS severity scale. Microsoft’s own advisory lists the attack complexity as low and the exploitability assessment as more likely. The impact is remote code execution.
