Microsoft patches zero-day exploited by attackers (CVE-2023-28252)

It’s April 2023 Patch Tuesday, and Microsoft has released fixes for 97 CVE-numbered vulnerabilities, including one actively exploited zero-day (CVE-2023-28252). About CVE-2023-28252 CVE-2023-28252 is a vulnerability in the Windows Common Log File System (CLFS) that allows attackers to gain SYSTEM privileges on target machines. “Over the last two years, attackers appear to have found success targeting CLFS in order to elevate privileges as part of post-compromise activity,” Satnam Narang, senior staff research engineer at Tenable, … More →

The post …

0 day actively exploited april april 2023 patch tuesday attackers check point clfs compromise cve cve-2023-28252 don't miss engineer exploited file file system fixes fortinet help net security hot stuff log machines microsoft microsoft exchange order patch patches patch tuesday privileges research satnam narang security security update staff system system privileges target targeting tenable trend micro tuesday vulnerabilities vulnerability windows windows common log file system zero-day