Critical Windows flaw has been exploited in ransomware attacks, so patch now

Threat actors that successfully leverage the flaw can gain SYSTEM privileges and fully compromise the target endpoint, it was said. Simultaneously, researchers from Kaspersky have also seen it exploited, apparently to deploy the Nokoyawa ransomware strain.

Fixing zero-days

"Kaspersky researchers uncovered the vulnerability in February as a result of additional checks into a number of attempts to execute similar elevation of privilege exploits on Microsoft Windows servers belonging to different small and medium-sized businesses in the Middle Eastern and North American regions," the company said in a press release.

"CVE-2023-28252 was first spotted by Kaspersky in an attack in which cybercriminals attempted to deploy a newer version of Nokoyawa ransomware."

The researchers claim the same threat actor has been leveraging this flaw, as well as a number of other similar flaws, since early summer 2022. They were using them to target wholesale, energy, manufacturing, healthcare, and software development firms. 

Now, Microsoft has addressed the problem in its April Patch Tuesday cumulative update, and researchers are urging all users to deploy the fix immediately. The cumulative update addresses another 96 flaws, including 45 remote code execution (RCE) flaws.

Furthermore, the Cybersecurity and Infrastructure Security Agency (CISA) added this zero-day to its catalog of Known Exploited Vulnerabilities and ordered Federal Civilian Executive Branch (FCEB) organizations to apply the fix by May 2.

• Check out the best firewalls right now

Via: BleepingComputer