It’s April 2023 Patch Tuesday, and Microsoft has released fixes for 97 CVE-numbered vulnerabilities, including one actively exploited zero-day (CVE-2023-28252). About CVE-2023-28252 CVE-2023-28252 is a vulnerability in the Windows Common Log File System (CLFS) that allows attackers to gain SYSTEM privileges on target machines. “Over the last two years, attackers appear to have found success targeting CLFS in order to elevate privileges as part of post-compromise activity,” Satnam Narang, senior staff research engineer at Tenable, … More
The post Microsoft patches zero-day exploited by attackers (CVE-2023-28252) appeared first on Help Net Security.