Definitely test and deploy this patch quickly,” he added. “This type of exploit is typically paired with a code execution bug to spread malware or ransomware. It is also the second CLFS zero-day disclosed to Microsoft by researchers from Mandiant and DBAPPSecurity, though it is unclear if both of these discoveries are related to the same attacker.”ĭustin Childs, head of threat awareness at Trend Micro Inc.’s Zero Day Initiative, has posited that the February fix might have been insufficient and that attackers may have found a method to bypass that fix – though there’s not enough information available to confirm this. “CVE-2023-28252 is the second CLFS elevation of privilege zero-day exploited in the wild this year (the first one was CVE-2023-23376, patched in February) and the fourth in the last two years. “Over the last two years, attackers appear to have found success targeting CLFS in order to elevate privileges as part of post-compromise activity,” Satnam Narang, senior staff research engineer at Tenable, told Help Net Security. It’s April 2023 Patch Tuesday, and Microsoft has released fixes for 97 CVE-numbered vulnerabilities, including one actively exploited zero-day (CVE-2023-28252).ĬVE-2023-28252 is a vulnerability in the Windows Common Log File System (CLFS) that allows attackers to gain SYSTEM privileges on target machines.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |