Windows CLFS and five exploits used by ransomware operators

[correlate]

[correlate]

Level 18
Thread author
Verified
Top Poster
Well-known
Forum Veteran
May 4, 2019
791
9,574
1,670
New York
Content source
https://securelist.com/windows-clfs-exploits-ransomware/111560/
In April 2023, we published a blog post about a zero-day exploit we discovered in ransomware attacks that was patched as CVE-2023-28252 after we promptly reported it to Microsoft.
In that blog post, we mentioned that the zero-day exploit we discovered was very similar to other Microsoft Windows elevation-of-privilege (EoP) exploits that we have seen in ransomware attacks throughout the year. We found that since June 2022, attackers have used exploits for at least five different Common Log File System (CLFS) driver vulnerabilities. Four of these vulnerabilities used by the attackers (CVE-2022-24521, CVE-2022-37969, CVE-2023-23376, CVE-2023-28252) have been captured in the wild as zero-days.
Click to expand...
securelist.com

Windows CLFS and five exploits used by ransomware operators

We had never seen so many CLFS driver exploits being used in active attacks before, and then suddenly there are so many of them captured in just one year. Is there something wrong with the CLFS driver? Are all these vulnerabilities similar? These questions encouraged me to take a closer look at...
securelist.com securelist.com
 
  • Like
  • +Reputation
Reactions: Gandalf_The_Grey, Nevi, Andy Ful and 3 others
You must log in or register to reply here.

You may also like...