Critical Windows flaw has been exploited in ransomware attacks, so patch now
Patch Tuesday fixes a zero-day known to be abused in the wild
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
There is a serious flaw affecting all supported versions of Windows server and client, which hackers are actively exploiting, researchers are warning. Therefore, IT teams should apply the fix immediately, they say.
The flaw in question is tracked as CVE-2023-28252, a zero-day in the Windows Common Log File System (CLFS). Discovered by researchers from Mandiant and WeBin Lab, the vulnerability can be used in low-complexity attacks. It requires no user interaction, but does require local access, BleepingComputer reports.
Threat actors that successfully leverage the flaw can gain SYSTEM privileges and fully compromise the target endpoint, it was said. Simultaneously, researchers from Kaspersky have also seen it exploited, apparently to deploy the Nokoyawaransomwarestrain.
Fixing zero-days
“Kaspersky researchers uncovered the vulnerability in February as a result of additional checks into a number of attempts to execute similar elevation of privilege exploits onMicrosoftWindows servers belonging to different small and medium-sized businesses in the Middle Eastern and North American regions,” the company said in a press release.
The first Microsoft Patch Tuesday of 2023 includes some rather important fixes>Microsoft’s latest Patch Tuesday broke some VMs, but there’s a fix>These are the best endpoint protection tools at the moment
“CVE-2023-28252 was first spotted by Kaspersky in an attack in which cybercriminals attempted to deploy a newer version of Nokoyawa ransomware.”
The researchers claim the same threat actor has been leveraging this flaw, as well as a number of other similar flaws, since early summer 2022. They were using them to target wholesale, energy, manufacturing, healthcare, and software development firms.
Now, Microsoft has addressed the problem in its April Patch Tuesday cumulative update, and researchers are urging all users to deploy the fix immediately. The cumulative update addresses another 96 flaws, including 45 remote code execution (RCE) flaws.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Furthermore, the Cybersecurity and Infrastructure Security Agency (CISA) added this zero-day to its catalog of Known Exploited Vulnerabilities and ordered Federal Civilian Executive Branch (FCEB) organizations to apply the fix by May 2.
Via:BleepingComputer
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
This new malware utilizes a rare programming language to evade traditional detection methods
A new form of macOS malware is being used by devious North Korean hackers
Arcane season 2 confirms the hit series isn’t just one of the best Netflix shows ever made – it’s an animated legend that’ll stand the test of time
