Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Critical Windows flaw has been exploited in ransomware attacks, so patch now

Hand increasing the protection level by turning a knob

There is a serious flaw affecting all supported versions of Windows server and client, which hackers are actively exploiting, researchers are warning. Therefore, IT teams should apply the fix immediately, they say.

The flaw in question is tracked as CVE-2023-28252, a zero-day in the Windows Common Log File System (CLFS). Discovered by researchers from Mandiant and WeBin Lab, the vulnerability can be used in low-complexity attacks. It requires no user interaction, but does require local access, BleepingComputer reports. 

Threat actors that successfully leverage the flaw can gain SYSTEM privileges and fully compromise the target endpoint, it was said. Simultaneously, researchers from Kaspersky have also seen it exploited, apparently to deploy the Nokoyawa ransomware strain.

Fixing zero-days

"Kaspersky researchers uncovered the vulnerability in February as a result of additional checks into a number of attempts to execute similar elevation of privilege exploits on Microsoft Windows servers belonging to different small and medium-sized businesses in the Middle Eastern and North American regions," the company said in a press release.

"CVE-2023-28252 was first spotted by Kaspersky in an attack in which cybercriminals attempted to deploy a newer version of Nokoyawa ransomware."

The researchers claim the same threat actor has been leveraging this flaw, as well as a number of other similar flaws, since early summer 2022. They were using them to target wholesale, energy, manufacturing, healthcare, and software development firms. 

Now, Microsoft has addressed the problem in its April Patch Tuesday cumulative update, and researchers are urging all users to deploy the fix immediately. The cumulative update addresses another 96 flaws, including 45 remote code execution (RCE) flaws.

Furthermore, the Cybersecurity and Infrastructure Security Agency (CISA) added this zero-day to its catalog of Known Exploited Vulnerabilities and ordered Federal Civilian Executive Branch (FCEB) organizations to apply the fix by May 2.

Via: BleepingComputer

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.