CVE-2023-28252

Vulnerability updated a month ago (2024-11-29T14:40:23.845Z)
Download STIX
Preview STIX
CVE-2023-28252 is a critical Elevation of Privilege vulnerability, affecting the Windows Common Log File System (CLFS) driver. This flaw was discovered by Kaspersky researchers while investigating zero-day vulnerabilities in Windows aimed at preventing user attacks. The vulnerability presents a significant risk to systems, with a high Qualitative Disaster Severity (QDS) score of 95 and a Common Vulnerability Scoring System (CVSS) score of 7.8, indicating its potential for severe impact on system integrity. The exploitation process of this vulnerability, CVE-2023-28252, bears a striking resemblance to another exploit, CVE-2023-23376. Microsoft assigned the identifier 'CVE-2023-28252' to this zero-day bug upon discovery. The threat actor initially gained access to the organization through a Qakbot infection, subsequently exploiting the Windows CLFS vulnerability to elevate their privileges on affected devices. Following the successful exploitation of CVE-2023-28252, the threat actor used Cobalt Strike and Pypykatz, a Python version of Mimikatz, to steal the credentials of two domain administrators. This action facilitated lateral movement to four domain controllers, further compromising the security of the organization's network. The discovery and subsequent analysis of this vulnerability underline the importance of continuous vigilance and timely patching in maintaining system security.
Description last updated: 2024-10-17T12:52:58.917Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Windows
Vulnerability
Microsoft
Exploit
Kaspersky
Exploits
exploited
Ransomware
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Nokoyawa Malware is associated with CVE-2023-28252. Nokoyawa is a prominent malware, specifically ransomware, that has been linked to numerous cybercrime activities since it first emerged in 2022. It has been associated with various other malware families including Quantum, Royal, BlackBasta, and a variety of others such as Emotet, IcedID, CobaltStrihas used
3
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
Alias DescriptionAssociation TypeVotes
The CVE-2022-24521 Vulnerability is associated with CVE-2023-28252. CVE-2022-24521 is a software vulnerability discovered in 2022, characterized by a flaw in the software design or implementation. This specific vulnerability was exploited through modifications to BLF files and was one of four vulnerabilities (including CVE-2022-37969, CVE-2023-23376, and CVE-2023-28Unspecified
3
Source Document References
Information about the CVE-2023-28252 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Securityaffairs
5 months ago
Securelist
8 months ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
DARKReading
a year ago
CERT-EU
a year ago
Securelist
a year ago
Securelist
a year ago
Securelist
a year ago
Securelist
a year ago
Securelist
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago