Security News > 2023 > April > April Patch Tuesday: Ransomware gangs already exploiting this Windows bug
Microsoft patched 97 security flaws today for April's Patch Tuesday including one that has already been found and exploited by miscreants attempting to deploy Nokoyawa ransomware.
Microsoft, as usual, didn't disclose the extent of attacks against CVE-2023-28252, a privilege elevation bug in the Windows Common Log File System driver, infosec folk say they've spotted attempts to deploy the Nokoyawa ransomware via this security hole.
As Microsoft warned: "An attacker who successfully exploited this vulnerability could gain SYSTEM privileges." And according to Kaspersky, a cybercriminal crew is attempting to use this vulnerability to help itself spread ransomware among targets in the retail and wholesale, energy, manufacturing, healthcare, and software development industries, plus others.
The flaw is similar to another privilege elevation bug Microsoft patched in February.
A pair of critical layer two tunneling protocol RCEs, CVE-2023-28220 and CVE-2023-28219, that affect Windows Remote Access Servers are also marked as "Exploitation more likely."
One patch for Digital Edition plugs a critical code execution bug, and the bulletin for InCopy also fixes a single, critical code execution flaw.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/04/11/april_patch_tuesday_ransomware/
Related news
- Patch Tuesday: Microsoft Patches Two Actively Exploited Zero-Day Flaws (source)
- March 2025 Patch Tuesday forecast: A return to normalcy (source)
- Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws (source)
- Choose your own Patch Tuesday adventure: Start with six zero day fixes, or six critical flaws (source)
- Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days (source)
- New VanHelsing ransomware targets Windows, ARM, ESXi systems (source)
- VanHelsing ransomware emerges to put a stake through your Windows heart (source)
- New Windows zero-day leaks NTLM hashes, gets unofficial patch (source)
- April 2025 Patch Tuesday forecast: More AI security introduced by Microsoft (source)
- Week in review: Probing activity on Palo Alto Networks GlobalProtect portals, Patch Tuesday forecast (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-11 | CVE-2023-28252 | Out-of-bounds Write vulnerability in Microsoft products Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 |
| 2023-04-11 | CVE-2023-28220 | Unspecified vulnerability in Microsoft products Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | 0.0 |
| 2023-04-11 | CVE-2023-28219 | Unspecified vulnerability in Microsoft products Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | 0.0 |