Microsoft patches vulnerability used in Nokoyawa ransomware attacks

Microsoft has released a patch for a Windows zero day vulnerability that has been exploited by cybercriminals in ransomware attacks. The vulnerability identified as CVE-2023-28252 is a privilege escalation flaw affecting the Windows Common Log File System (CLFS) driver.

CLFS is a general purpose logging service that can be used by dedicated client applications and that multiple clients can share to optimize log access. The vulnerability allows an attacker to elevate privileges to the system in low-complexity attacks without any user interaction. Microsoft has credited Kaspersky Labs’ Boris Larin, Mandiant’s Genwei Jiang, and DBAPPSecurity WeBin Lab’s Quan Jin for reporting the vulnerability. 

To read this article in full, please click here