![]() It is rated as critical with a CVSS score of 8.8 out of 10. Exploitation does not require any user interaction and the vulnerability is already in use by at least one ransomware gang.Īnother vulnerability to keep an eye on is CVE-2023-28231, a DHCP Server Service remote code execution (RCE) vulnerability. CLFS is present in all Windows versions and so is the vulnerability. Given the reach and simplicity of exploitation, this vulnerability is bound to be very popular among cybercriminals, and so it should be patched as soon as possible. Once an attacker has access, EoP vulnerabilities allow them to exploit that access to the fullest.ĬISA has already added the CVE-2023-28252 Windows zero-day to its catalog of Known Exploited Vulnerabilities, which means federal (FCEB) agencies have until to patch against it. This is the type of vulnerability that we can expect to see chained with other vulnerabilities. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges, which is the highest level of privilege on Windows systems. The actively exploited zero day is listed as CVE-2023-28252.ĬVE-2023-28252 is an elevation of privilege (EoP) vulnerability in the Windows Common Log File System (CLFS) driver. ![]() The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. Microsoft classifies a vulnerability as a zero-day if it is publicly disclosed or actively exploited with no official fix available. Among a total of 97 patched vulnerabilities there is one actively exploited zero-day. Microsoft and other vendors have released their monthly updates. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |