Security Alert: Windows Privilege Escalation Vulnerability
Date:
2023-04-12 20:18:00
Status:
Closed
Brief Description:
Microsoft has patched a zero-day vulnerability in the Windows Common Log File System (CLFS), actively exploited by cybercriminals to escalate privileges and deploy Nokoyawa ransomware payloads.
Current Status:
N/A
Services Affected:
Certified Desktop
Servers
Full Description:
Microsoft has patched a zero-day vulnerability in the Windows Common Log File System (CLFS), actively exploited by cybercriminals to escalate privileges and deploy Nokoyawa ransomware payloads.
In light of its ongoing exploitation, CISA also added the CVE-2023-28252 Windows zero-day to its catalog of Known Exploited Vulnerabilities today, ordering Federal Civilian Executive Branch (FCEB) agencies to secure their systems against it by May 2nd.
Tracked as CVE-2023-28252, this CLFS security flaw was reported to Microsoft by Boris Larin of Kaspersky, Genwei Jiang of Mandiant, and Quan Jin of DBAPPSecurity's WeBin Lab.
It affects all supported Windows server and client versions and can be exploited by local attackers in low-complexity attacks without user interaction.
Successful exploitation enables threat actors to gain SYSTEM privileges and fully compromise targeted Windows systems.
Microsoft patched this zero-day and 96 other security bugs as part of this month's Patch Tuesday, including 45 remote code execution vulnerabilities.
For Certified Desktop customers:
This zero-day fix is part of a cumulative patch, updates will be made available today, Wednesday, April 12, with an installation deadline of 4:00 pm on Thursday, April 13 for the standard Test Group; for the remaining clients the deadline will be set for Monday, April 17.
For unmanaged Windows computers:
Apply the April 2023 Patch Tuesday updates for Windows.
IMPORTANT NOTE:
Due to this being a cumulative update it will likely force a reboot after the installation deadline.
References:
Microsoft MSRC - CVE-2023-28252: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28252
Microsoft – Common Log File System: https://learn.microsoft.com/en-us/previous-versions/windows/desktop/clfs/common-log-file-system-portal
Bleeping Computer: https://www.bleepingcomputer.com/news/security/windows-zero-day-vulnerability-exploited-in-ransomware-attacks/
Bleeping Computer (April 2023 Patch Tuesday info): https://www.bleepingcomputer.com/news/microsoft/microsoft-april-2023-patch-tuesday-fixes-1-zero-day-97-flaws/
CISA: https://www.cisa.gov/news-events/alerts/2023/04/11/cisa-adds-one-known-exploited-vulnerability-catalog
In light of its ongoing exploitation, CISA also added the CVE-2023-28252 Windows zero-day to its catalog of Known Exploited Vulnerabilities today, ordering Federal Civilian Executive Branch (FCEB) agencies to secure their systems against it by May 2nd.
Tracked as CVE-2023-28252, this CLFS security flaw was reported to Microsoft by Boris Larin of Kaspersky, Genwei Jiang of Mandiant, and Quan Jin of DBAPPSecurity's WeBin Lab.
It affects all supported Windows server and client versions and can be exploited by local attackers in low-complexity attacks without user interaction.
Successful exploitation enables threat actors to gain SYSTEM privileges and fully compromise targeted Windows systems.
Microsoft patched this zero-day and 96 other security bugs as part of this month's Patch Tuesday, including 45 remote code execution vulnerabilities.
For Certified Desktop customers:
This zero-day fix is part of a cumulative patch, updates will be made available today, Wednesday, April 12, with an installation deadline of 4:00 pm on Thursday, April 13 for the standard Test Group; for the remaining clients the deadline will be set for Monday, April 17.
For unmanaged Windows computers:
Apply the April 2023 Patch Tuesday updates for Windows.
IMPORTANT NOTE:
Due to this being a cumulative update it will likely force a reboot after the installation deadline.
References:
Microsoft MSRC - CVE-2023-28252: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28252
Microsoft – Common Log File System: https://learn.microsoft.com/en-us/previous-versions/windows/desktop/clfs/common-log-file-system-portal
Bleeping Computer: https://www.bleepingcomputer.com/news/security/windows-zero-day-vulnerability-exploited-in-ransomware-attacks/
Bleeping Computer (April 2023 Patch Tuesday info): https://www.bleepingcomputer.com/news/microsoft/microsoft-april-2023-patch-tuesday-fixes-1-zero-day-97-flaws/
CISA: https://www.cisa.gov/news-events/alerts/2023/04/11/cisa-adds-one-known-exploited-vulnerability-catalog
CIT TDX ID: