Microsoft has patched a very dangerous ‘Day-0’ Windows critical vulnerability, as it was being actively exploited to escalate privileges and deploy payloads of the popular Nokoyawa ransomware.
It is one of the 97 vulnerabilities patched in the April security update that Microsoft releases on the second Tuesday of the month. Seven of them are classified as “Critical” and the rest as “Important” in terms of their severity. The number of errors in each category is:
- 20 elevation of privilege vulnerabilities.
- 8 Security Feature Bypass Vulnerabilities.
- 45 remote code execution vulnerabilities.
- 10 information disclosure vulnerabilities.
- 9 denial of service vulnerabilities.
- 6 phishing vulnerabilities.
Critical Windows vulnerability cited as most dangerous is CVE-2023-28252, a privilege escalation error in the Windows Common Log File System (CLFS) driver. An attacker who successfully exploited this vulnerability could gain “SYSTEM” privileges and take control of equipment.
According to the Russian security firm, Kaspersky, the vulnerability has been created by a cybercrime group to deploy the Nokoyawa ransomware against small and medium-sized businesses. At the moment it has been located in America, the Middle East and Asia, although it is not ruled out that it already circulates throughout the world.
Emphasize that it is a 0-Day vulnerability, actively exploited before there was an official fix available like the one that has arrived in this Patch Tuesday. The vulnerabilities affect a large amount of Microsoft software and all Windows operating systems, client and server versions.
Obviously, it is recommended to update equipment as soon as possible. Like all other cumulative monthly security patches, its installation is very simple from the same system configuration:
- Press the “Windows + I” hotkey shortcut to access the Settings tool.
- Go to the Update and security section > Windows Update.
- Actively check for updates. Microsoft offers them immediately after releasing each Patch Tuesday.
- Download, install and restart the computer to apply them.
More advanced users or those who want more control over what they install can use the Microsoft Update Catalog, accessing its website and downloading the set of patches that on this occasion are defined as KB5025221 for Windows 10 versions from 20H2 onwards.