Tuesday’s latest Windows update fixes a host of critical security vulnerabilities. One of them allows cybercriminals to take control of your machine to install Nokoyawa ransomware.
The April 2023 Update for Windows is available with the LAPS solution integrated. It also corrects a “zero-day” type vulnerability (unprotected until now) in the system Common Log File System (CLFS) of Windows. Currently exploited by groups of hackers, this flaw allows cybercriminals to elevate their administrative privileges to take control of your machine and install ransomware. Remember, the consequences of a ransomware attack can go far, as with this ransomware responsible for the death of a patient in a German hospital.
This CLFS security flaw was discovered by Chinese researchers from DBAPPSecurity. It affects all versions of Windows and can be exploited by hackers in rudimentary attacks without user interaction. In addition to this zero-day flaw, Microsoft patched no less than 96 other security bugs during Patch Tuesday, including 45 remote malicious code execution vulnerabilities. We strongly advise you to download the update as soon as possible.
There Cybersecurity & Infrastructure Security Agency of the United States has listed this flaw as CVE-2023-28252 to its catalog of known exploited vulnerabilities, ordering US government agencies to secure their computer systems against this vulnerability by May 2. Indeed, security researchers from Kaspersky’s Global Research and Analysis Team (GReAT) discovered that this CVE-2023-28252 flaw had been exploited in attacks with the Nokoyawa ransomware.
Windows protects itself from Nokoyawa ransomware
“Kaspersky researchers discovered this vulnerability in February following additional verification of a number of attempts to run similar privilege escalation exploits on Microsoft Windows servers belonging to different small and medium-sized businesses in the regions. from the Middle East and North America“, said the cybersecurity company in a press release.
To read: Hackers spread photos of naked patients to blackmail a hospital
CVE-2023-28252 was first spotted by Kaspersky in an attack where cybercriminals attempted to deploy the latest version of Nokoyawa ransomware. According to Kaspersky, the Nokoyawa group has used other flaws targeting the Common Log File System since June 2022. Thus, the group has used at least five other CLFS exploits to target several economic sectors, such as retail and wholesale trade, l energy, industry, healthcare and IT: no sector is immune.
