According to Kaspersky, cybercriminals have used a Windows zero-day vulnerability patched by Microsoft with its April 2023 Patch Tuesday updates in ransomware attacks.
About 100 vulnerabilities are patched by Microsoft’s most recent round of security updates, including CVE-2023-28252, which is a privilege escalation flaw affecting the Windows Common Log File System (CLFS) driver. Microsoft issued a warning that the flaw had already been used in real-world attacks but provided no further details.
The disclosure of CVE-2023-28252 is credited to Kaspersky, Mandiant, and the Chinese cybersecurity company DBAppSecurity. Kaspersky also provided some information about the attacks that exploited the vulnerability.
Read More: Windows Zero-Day Exploited in Nokoyawa Ransomware Attacks
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.