CVE-2023-28252

Vulnerability updated 4 months ago (2024-05-04T20:24:31.470Z)

Download STIX

Preview STIX

CVE-2023-28252 is a critical Elevation of Privilege vulnerability found in the Windows Common Log File System (CLFS) driver. This flaw was discovered by Kaspersky researchers while preventing attacks on users, marking it as a zero-day vulnerability. The vulnerability presents a significant risk with a QDS score of 95 and a high CVSS score of 7.8, indicating its potential severity if exploited. The vulnerability was identified amidst a series of zero-day vulnerabilities found in Windows, with CVE-2023-28252 standing out due to its similarity with another exploit, CVE-2023-23376. This suggests a pattern or possible related origin between these exploits, increasing the urgency for addressing this issue. Microsoft has acknowledged the vulnerability and assigned it the identifier 'CVE-2023-28252.' In response to the discovery, Microsoft has published an advisory about the vulnerability on their security update guide. It is crucial for all users and administrators to stay informed about the latest updates and patches released by Microsoft to mitigate this vulnerability. Given the high-risk scores associated with this exploit, immediate attention and action are required to prevent potential system compromise.

Description last updated: 2024-05-04T16:19:43.273Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Windows

Vulnerability

Microsoft

Exploit

Kaspersky

Exploits

exploited

Ransomware

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

ID	Type	Votes	Profile Description
Nokoyawa	has used	3	Nokoyawa is a notorious malware, particularly known for its ransomware capabilities. It has been associated with various other malicious software including Quantum, Royal, BlackBasta, Emotet, IcedID, CobaltStrike, SVCReady, CargoBay, Pushdo, Minodo, DiceLoader, AresLoader, LummaC2, Vidar, Gozi, Cany

Associated Vulnerabilities

To see the evidence that has resulted in these vulnerability associations, create a free account

ID	Type	Votes	Profile Description
CVE-2022-24521	Unspecified	3	CVE-2022-24521 is a software vulnerability discovered in 2022, characterized by a flaw in the software design or implementation. This specific vulnerability was exploited through modifications to BLF files and was one of four vulnerabilities (including CVE-2022-37969, CVE-2023-23376, and CVE-2023-28

Source Document References

Information about the CVE-2023-28252 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securityaffairs	a month ago	Ransomware gangs exploit VMware ESXi bug CVE-2024-37085
Securelist	4 months ago	Analyzing the vulnerability landscape in Q1 2024
CERT-EU	8 months ago	Less than 1% vulnerabilities pose highest risk in 2023, finds Qualys
CERT-EU	8 months ago	Windows CLFS Driver zero-days leveraged in ransomware attacks \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	8 months ago	Carbanak Banking Malware Resurfaces with New Ransomware Tactics \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	8 months ago	Windows CLFS and five exploits used by ransomware operators \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	9 months ago	Ransomware Attackers Abuse Multiple Windows CLFS Driver Zero-Days \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
DARKReading	9 months ago	Ransomware Attackers Abuse Multiple Windows CLFS Driver Zero-Days
CERT-EU	9 months ago	Windows CLFS and five exploits used by ransomware operators (Exploit #2 – September 2022)
Securelist	9 months ago	Windows CLFS and five exploits used by ransomware operators (Exploit #4 – CVE-2023-23376)
Securelist	9 months ago	Windows CLFS and five exploits used by ransomware operators (Exploit #1 – CVE-2022-24521)
Securelist	9 months ago	Windows CLFS and five exploits used by ransomware operators (Exploit #2 – September 2022)
Securelist	9 months ago	Windows CLFS and five exploits used by ransomware operators (Exploit #5 – CVE-2023-28252)
Securelist	9 months ago	Windows CLFS and five exploits used by ransomware operators
CERT-EU	9 months ago	Windows CLFS and five exploits used by ransomware operators – GIXtools
CERT-EU	10 months ago	Inside Farnetwork Operation: a Major RaaS Player
CERT-EU	a year ago	Search \| Tripwire
CERT-EU	a year ago	Qualys Survey of Top 10 Exploited Vulnerabilities in 2023 \| Qualys Security Blog
CERT-EU	a year ago	Heimdal®’s Semiannual Rundown of the Most Exploited Vulnerabilities of 2023
CERT-EU	a year ago	IT threat evolution in Q2 2023. Non-mobile statistics – GIXtools