Microsoft’s Patch Tuesday release this month included a security update for a zero-day Windows vulnerability in the wild.
The bug in question, CVE-2023-28252, has been described as a privilege escalation vulnerability in the Windows Common Log File System (CLFS) driver.
A proof-of-concept for this exploit has yet to be discovered, so Microsoft customers should patch it soon, advises Mike Walters, vice president of vulnerability and threat research at Action1.
“This vulnerability requires low privileges and no user interaction to exploit because it is low complexity and uses a local attack vector. It also affects Windows Server versions after 2019,” he explained.
“This vulnerability has a CVSS risk score of 7.8, which is low because it can only run locally. However, it still poses a high privilege escalation risk, as a successful exploit could allow an attacker to gain system privileges. ”
Dustin Childs, Head of Threat Awareness for the Zero-Day Initiative, added that a similar zero-day was patched with the same Windows component exactly two months ago.
“This means that the original fix was inadequate and the attackers found a way to circumvent that fix,” he added.
“As in February, we have no information on how widespread these attacks could be. This type of exploit is typically combined with code execution bugs to spread malware and ransomware. Please test and deploy this patch immediately.”
There were updates for a total of 7 vulnerabilities rated Critical, including CVE-2023-21554, a remote code execution bug in Microsoft Message Queuing with a CVSS rating of 9.8.
“This could allow an unauthenticated, remote attacker to execute code with elevated privileges on an affected server that has the Message Queuing service enabled. This service is disabled by default. It’s been a long time coming, but it’s commonly used in many contact center applications,” Childs explains.
“It listens on TCP port 1801 by default, so blocking this at the perimeter will prevent external attacks. However, it is not clear what impact this will have on operations. The best option is to update to test and deploy.”
Editorial image credit: rafapress / Shutterstock.com
