Microsoft’s April security update for multiple high-risk product vulnerabilities

Microsoft’s April security update for multiple high-risk product vulnerabilities

abril 17, 2023 | NSFOCUS

Overview

NSFOCUS CERT recently monitored that Microsoft had released a security update patch for April, which fixed 97 security issues, involving Microsoft Word, Layer2 Tunneling Protocol, Microsoft Publisher, Windows Kernel and other widely used products, including high-risk vulnerability types such as privilege escalation and remote code execution.

Among the vulnerabilities fixed in Microsoft’s monthly updates this month, there are 7 critical vulnerabilities and 90 important vulnerabilities, including 1 0-day vulnerability:

Windows Common Log File System Driver Privilege Elevation Vulnerability (CVE-2023-28252)

Please update the patch as soon as possible for protection. Please refer to the appendix for a complete list of vulnerabilities.

Reference link: https://msrc.microsoft.com/update-guide/releaseNote/2023-Apr

Key Vulnerabilities

Based on product popularity and vulnerability importance, we have identified vulnerabilities with significant impact in this update. Relevant users are advised to pay close attention to them:

Windows Common Log File System driver privilege escalation vulnerability (CVE-2023-28252):

There is a privilege escalation vulnerability in the Windows Common Log File System driver. Due to boundary errors in the Windows public log file system driver, local attackers can run malicious programs to trigger memory corruption, leading to the privilege escalation to SYSTEM on the target system. At present, it has been detected that the vulnerability is being exploited in the wild, with a CVSS score of 7.8.

Official announcement link:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28252

Microsoft Office Publisher Remote Code Execution Vulnerability (CVE-2023 28295/CVE-2023 28287):

There is a remote code execution vulnerability in Microsoft Office Publisher, which allows local attackers without authentication to execute arbitrary code with user privileges on the target system by inducing users to run malicious files on the affected system. The CVSS score is 7.8.

Official announcement link:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28295

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28287

Microsoft Word Remote Code Execution Vulnerability (CVS 2023-28311):

There is a remote code execution vulnerability in Microsoft Word, which allows attackers to create malicious files. After successfully inducing users to download and open specially crafted malicious files on the affected system, attackers without authentication can use this vulnerability to execute arbitrary code on the target system. The CVSS score is 7.8.

Official announcement link:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28311

Layer2 Tunneling Protocol Remote Code Execution Vulnerability (CVE-2023 28219/CVE-2023 28220):

There is a remote code execution vulnerability in Layer2 Tunneling Protocol, where in a specific configuration environment, a remote attacker without authentication sends a crafted request to the RAS server, ultimately resulting in arbitrary code execution on the target server without user interaction. The CVSS score is 8.1.

Official announcement link:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28219

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28220

Windows Point to Point Tunneling Protocol Remote Code Execution Vulnerability (CVS 2023-28232):

The Windows point-to-point tunneling protocol has a remote code execution vulnerability. In a specific target environment, an unauthenticated remote attacker successfully induces a user to connect a Windows client to a malicious server and triggers this vulnerability. Attackers who successfully exploit this vulnerability can ultimately achieve remote code execution on the server side without user interaction. The CVSS score is 7.5.

Official announcement link:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28232

Windows Kernel privilege escalation vulnerability (CVE-2023-28248/CVE-2023-28272/CVE-2023-28293):

There is a privilege escalation vulnerability in the Windows Kernel. Because of boundary errors in the Windows Kernel, buffer overflow can be caused. Local attackers can exploit this vulnerability to elevate SYSTEM privileges and execute arbitrary code on the target system.

Official announcement link:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28248

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28272

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28293

Microsoft Message Queuing Remote Code Execution Vulnerability (CVS 2023-21554):

The Windows Message Queuing service is a Windows component that needs to be enabled by the system to exploit this vulnerability, which can be added through the control panel. There is a remote code execution vulnerability in Microsoft Message Queuing, which can be triggered by an unauthenticated remote attacker sending a specially crafted malicious MSMQ packet to the MSMQ server, ultimately achieving remote code execution on the server side without user interaction. The CVSS score is 9.8.

Official announcement link:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21554

Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability (CVS 2023-28250):

A remote code execution vulnerability exists in Windows Pragmatic General Multicast (PGM). After enabling the Windows Message Queuing service, an unauthenticated attacker sends a crafted file over the network and attempts to trigger malicious code, ultimately achieving remote code execution. The CVSS score is 9.8.

Official announcement link:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28250

Scope of Impact

The following are some affected product versions that focus on vulnerabilities. For other product ranges affected by vulnerabilities, please refer to the official announcement link.

Vulnerability numberAffected product version
CVE-2023-28252Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
CVE-2023-28295
CVE-2023-28287
Microsoft Office 2019 for 32-bit editions
Microsoft Office 2019 for 64-bit editions
Microsoft Publisher 2013 Service Pack 1 RT
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft Office LTSC 2021 for 32-bit editions
Microsoft Office LTSC 2021 for 64-bit editions
Microsoft Publisher 2013 Service Pack 1 (64-bit editions)
Microsoft Publisher 2013 Service Pack 1 (32-bit editions)
Microsoft Publisher 2016 (64-bit edition)
Microsoft Publisher 2016 (32-bit edition)
CVE-2023-28311Microsoft Office LTSC for Mac 2021
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft Office 2019 for Mac
CVE-2023-28219
CVE-2023-28220
CVE-2023-28232
CVE-2023-28272
CVE-2023-28293
CVE-2023-21554
CVE-2023-28250
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
CVE-2023-28248Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 version 21H2 for ARM64-based Systems
Windows 11 version 21H2 for x64-based Systems
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems

Mitigation

At present, Microsoft has officially released security patches to fix the above vulnerabilities for supported product versions. It is strongly recommended that affected users install the patch as soon as possible for protection. The official download link is:

https://msrc.microsoft.com/update-guide/releaseNote/2023-Apr

Note: Due to network issues, computer environment issues, and other reasons, patch updates for Windows Update may fail. After installing the patch, users should promptly check whether the patch has been successfully updated.

Right click on the Windows icon, select “Settings”, select “Updates and Security” – “Windows Update” to view the prompts on this page, or click “View Update History” to view the historical update status.

For updates that have not been successfully installed, you can click on the update name to go to the Microsoft official download page. It is recommended that users click on the link on this page and go to the “Microsoft Update Directory” website to download and install the independent package.

Appendix: Vulnerability List

Impact productCVE numberVulnerability TitleSeverity
Microsoft Message QueuingCVE-2023-21554Microsoft Message Queuing Remote Code Execution VulnerabilityCritical
Windows DHCP ServerCVE-2023-28231DHCP Server Service Remote Code Execution VulnerabilityCritical
Windows Layer 2 Tunneling ProtocolCVE-2023-28219Layer 2 Tunneling Protocol Remote Code Execution VulnerabilityCritical
Windows Layer 2 Tunneling ProtocolCVE-2023-28220Layer 2 Tunneling Protocol Remote Code Execution VulnerabilityCritical
Windows PGMCVE-2023-28250Windows Pragmatic General Multicast (PGM) Remote Code Execution VulnerabilityCritical
Windows Point-to-Point Tunneling ProtocolCVE-2023-28232Windows Point-to-Point Tunneling Protocol Remote Code Execution VulnerabilityCritical
Windows Raw Image ExtensionCVE-2023-28291Raw Image Extension Remote Code Execution VulnerabilityCritical
.NET CoreCVE-2023-28260. NET DLL hijacking remote code execution vulnerabilityImportant
Azure Machine LearningCVE-2023-28312Azure Machine Learning Information Disclosure VulnerabilityImportant
Azure Service ConnectorCVE-2023-28300Azure Service Connector Security Feature Bypass VulnerabilityImportant
Microsoft Bluetooth DriverCVE-2023-28227Windows Bluetooth Driver Remote Code Execution VulnerabilityImportant
Microsoft Defender for EndpointCVE-2023-24860Microsoft Defender Denial of Service VulnerabilityImportant
Microsoft DynamicsCVE-2023-28314Microsoft Dynamics 365 (Local) Cross Site Scripting VulnerabilityImportant
Microsoft DynamicsCVE-2023-28309Microsoft Dynamics 365 (Local) Cross Site Scripting VulnerabilityImportant
Microsoft Dynamics 365 Customer VoiceCVE-2023-28313Microsoft Dynamics 365 Customer Voice Cross Site Scripting VulnerabilityImportant
Microsoft Graphics ComponentCVE-2023-24912Windows Graphics Component Privilege Escalation VulnerabilityImportant
Microsoft Message QueuingCVE-2023-21769Microsoft Message Queuing Denial of Service VulnerabilityImportant
Microsoft OfficeCVE-2023-28285Microsoft Office Graphics Remote Code Execution VulnerabilityImportant
Microsoft Office PublisherCVE-2023-28295Microsoft Office Publisher Remote Code Execution VulnerabilityImportant
Microsoft Office PublisherCVE-2023-28287Microsoft Office Publisher Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2023-28288Microsoft Office SharePoint Server Spoofing VulnerabilityImportant
Microsoft Office WordCVE-2023-28311Microsoft Word Remote Code Execution VulnerabilityImportant
Microsoft PostScript Printer DriverCVE-2023-28243Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution VulnerabilityImportant
Microsoft Printer DriversCVE-2023-24883Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure VulnerabilityImportant
Microsoft Printer DriversCVE-2023-24927Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution VulnerabilityImportant
Microsoft Printer DriversCVE-2023-24925Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution VulnerabilityImportant
Microsoft Printer DriversCVE-2023-24924Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution VulnerabilityImportant
Microsoft Printer DriversCVE-2023-24885Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution VulnerabilityImportant
Microsoft Printer DriversCVE-2023-24928Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution VulnerabilityImportant
Microsoft Printer DriversCVE-2023-24884Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution VulnerabilityImportant
Microsoft Printer DriversCVE-2023-24926Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution VulnerabilityImportant
Microsoft Printer DriversCVE-2023-24929Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution VulnerabilityImportant
Microsoft Printer DriversCVE-2023-24887Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution VulnerabilityImportant
Microsoft Printer DriversCVE-2023-24886Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution VulnerabilityImportant
Microsoft WDAC OLE DB provider for SQLCVE-2023-28275Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution VulnerabilityImportant
Microsoft Windows DNSCVE-2023-28256Windows DNS Server Remote Code Execution VulnerabilityImportant
Microsoft Windows DNSCVE-2023-28278Windows DNS Server Remote Code Execution VulnerabilityImportant
Microsoft Windows DNSCVE-2023-28307Windows DNS Server Remote Code Execution VulnerabilityImportant
Microsoft Windows DNSCVE-2023-28306Windows DNS Server Remote Code Execution VulnerabilityImportant
Microsoft Windows DNSCVE-2023-28223Windows Domain Name Service Remote Code Execution VulnerabilityImportant
Microsoft Windows DNSCVE-2023-28254Windows DNS Server Remote Code Execution VulnerabilityImportant
Microsoft Windows DNSCVE-2023-28305Windows DNS Server Remote Code Execution VulnerabilityImportant
Microsoft Windows DNSCVE-2023-28308Windows DNS Server Remote Code Execution VulnerabilityImportant
Microsoft Windows DNSCVE-2023-28255Windows DNS Server Remote Code Execution VulnerabilityImportant
Microsoft Windows DNSCVE-2023-28277Windows DNS Server Information Disclosure VulnerabilityImportant
SQL ServerCVE-2023-23384Microsoft SQL Server Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2023-23375Microsoft ODBC and OLE DB Remote Code Execution VulnerabilityImportant
SQL ServerCVE-2023-28304Microsoft ODBC and OLE DB Remote Code Execution VulnerabilityImportant
Visual StudioCVE-2023-28299Visual Studio Spoofing VulnerabilityImportant
Visual StudioCVE-2023-28262Visual Studio Permission Elevation VulnerabilityImportant
Visual StudioCVE-2023-28263Visual Studio Information Disclosure VulnerabilityImportant
Visual StudioCVE-2023-28296Visual Studio Remote Code Execution VulnerabilityImportant
Visual Studio CodeCVE-2023-24893Visual Studio Code Remote Code Execution VulnerabilityImportant
Windows Active DirectoryCVE-2023-28302Microsoft Message Queuing Denial of Service VulnerabilityImportant
Windows ALPCCVE-2023-28236Windows Kernel privilege escalation vulnerabilityImportant
Windows ALPCCVE-2023-28216Windows Advanced Local Procedure Call (ALPC) Privilege Elevation VulnerabilityImportant
Windows Ancillary Function Driver for WinSockCVE-2023-28218Windows Accessibility Driver for WinSock Privilege Escalation VulnerabilityImportant
Windows Boot ManagerCVE-2023-28269Windows Boot Manager Security Feature Bypass VulnerabilityImportant
Windows Boot ManagerCVE-2023-28249Windows Boot Manager Security Feature Bypass VulnerabilityImportant
Windows Clip ServiceCVE-2023-28273Windows Clipping Service Privilege Escalation VulnerabilityImportant
Windows CNG Key Isolation ServiceCVE-2023-28229Windows CNG Key Isolation Service Privilege Enhancement VulnerabilityImportant
Windows Common Log File System DriverCVE-2023-28266Windows Common Log File System Driver Information Disclosure VulnerabilityImportant
Windows Common Log File System DriverCVE-2023-28252Windows Common Log File System Driver Privilege Escalation VulnerabilityImportant
Windows Enroll EngineCVE-2023-28226Windows Registration Engine Security Feature Bypass VulnerabilityImportant
Windows Error ReportingCVE-2023-28221Windows Error Reporting Service Privilege Escalation VulnerabilityImportant
Windows Group PolicyCVE-2023-28276Windows Group Policy Security Feature Bypass VulnerabilityImportant
Windows Internet Key Exchange (IKE) ProtocolCVE-2023-28238Windows Internet Key Exchange (IKE) Protocol Extension Remote Code Execution VulnerabilityImportant
Windows KerberosCVE-2023-28244Windows Kerberos privilege escalation vulnerabilityImportant
Windows KernelCVE-2023-28271Windows Kernel Memory Information Disclosure VulnerabilityImportant
Windows KernelCVE-2023-28248Windows Kernel privilege escalation vulnerabilityImportant
Windows KernelCVE-2023-28222Windows Kernel privilege escalation vulnerabilityImportant
Windows KernelCVE-2023-28272Windows Kernel privilege escalation vulnerabilityImportant
Windows KernelCVE-2023-28293Windows Kernel privilege escalation vulnerabilityImportant
Windows KernelCVE-2023-28253Windows Kernel Information Disclosure VulnerabilityImportant
Windows KernelCVE-2023-28237Windows Kernel Remote Code Execution VulnerabilityImportant
Windows KernelCVE-2023-28298Windows Kernel Denial of Service VulnerabilityImportant
Windows Lock ScreenCVE-2023-28270Windows Lock Screen Security Feature Bypass VulnerabilityImportant
Windows Lock ScreenCVE-2023-28235Windows Lock Screen Security Feature Bypass VulnerabilityImportant
Windows NetlogonCVE-2023-28268Netlogin RPC privilege escalation vulnerabilityImportant
Windows Network Address Translation (NAT)CVE-2023-28217Windows Network Address Translation (NAT) Denial of Service VulnerabilityImportant
Windows Network File SystemCVE-2023-28247Windows Network File System Information Disclosure VulnerabilityImportant
Windows Network Load BalancingCVE-2023-28240Windows Network Load Balancing Remote Code Execution VulnerabilityImportant
Windows NTLMCVE-2023-28225Windows NTLM privilege escalation vulnerabilityImportant
Windows Point-to-Point Protocol over Ethernet (PPPoE)CVE-2023-28224Windows Ethernet Point-to-point Protocol (PPPoE) Remote Code Execution VulnerabilityImportant
Windows Raw Image ExtensionCVE-2023-28292Raw Image Extension Remote Code Execution VulnerabilityImportant
Windows RDP ClientCVE-2023-28228Windows Spoofing VulnerabilityImportant
Windows RDP ClientCVE-2023-28267Remote Desktop Protocol Client Information Disclosure VulnerabilityImportant
Windows RegistryCVE-2023-28246Windows Registry Privilege Escalation VulnerabilityImportant
Windows RPC APICVE-2023-21729Remote Procedure Call Runtime Information Disclosure VulnerabilityImportant
Windows RPC APICVE-2023-21727Remote Procedure Call Runtime Remote Code Execution VulnerabilityImportant
Windows RPC APICVE-2023-28297Windows Remote Procedure Call Service (RPCSS) privilege escalation vulnerabilityImportant
Windows Secure ChannelCVE-2023-24931Windows Secure Channel Denial of Service VulnerabilityImportant
Windows Secure ChannelCVE-2023-28233Windows Secure Channel Denial of Service VulnerabilityImportant
Windows Secure Socket Tunneling Protocol (SSTP)CVE-2023-28241Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service VulnerabilityImportant
Windows Transport Security Layer (TLS)CVE-2023-28234Windows Secure Channel Denial of Service VulnerabilityImportant
Windows Win32KCVE-2023-28274Windows Win32k Privilege Escalation VulnerabilityImportant
Windows Win32KCVE-2023-24914Win32k privilege escalation vulnerabilityImportant

Statement

This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and/or indirect consequences and losses caused by transmitting and/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add/delete any information to/from it, or use this advisory for commercial purposes without permission from NSFOCUS.

About NSFOCUS

NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks. The company’s Intelligent Hybrid Security strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide multi-layered, unified and dynamic protection against advanced cyber attacks.

NSFOCUS works with Fortune Global 500 companies, including four of the world’s five largest financial institutions, organizations in insurance, retail, healthcare, critical infrastructure industries as well as government agencies. NSFOCUS has technology and channel partners in more than 60 countries, is a member of both the Microsoft Active Protections Program (MAPP), and the Cloud Security Alliance (CSA).

A wholly owned subsidiary of NSFOCUS Technologies Group Co., Ltd., the company has operations in the Americas, Europe, the Middle East and Asia Pacific.