Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2023-28252

7.8HIGH

Key Information:

Vendor
Microsoft
Status
Windows 10 Version 1809
Windows Server 2019
Windows Server 2019 (server Core Installation)
Windows Server 2022
Vendor
CVE Published:
11 April 2023

Badges

πŸ’° RansomwareπŸ‘Ύ Exploit Exists🟑 Public PoC🟣 EPSS 59%πŸ¦… CISA ReportedπŸ“° News Worthy

Summary

The Windows Common Log File System Driver contains a vulnerability that could enable an attacker to elevate their privileges on the system. By exploiting this flaw, a malicious user could gain unauthorized access to sensitive information or perform actions that would otherwise be restricted. It is imperative for users and administrators to apply security updates to mitigate potential risks associated with this vulnerability.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited and is known by the CISA as enabling ransomware campaigns.

The CISA's recommendation is: Apply updates per vendor instructions.

Affected Version(s)

Windows 10 Version 1507 32-bit Systems 10.0.10240.0 < 10.0.10240.19869

Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.5850

Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.4252

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-28252
Created by fortra

CVE-2023-28252-Compiled-exe
Created by duck-sec

Compiled-PoC-Binary-For-CVE-2023-28252
Created by bkstephen

News Articles

favicon imageKaspersky

CVE-2023-28252 zero-day vulnerability in CLFS

Update Windows: Nokoyawa ransomware operators exploiting CVE-2023-28252 zero-day vulnerability in the Common Log File System (CLFS).

favicon imageDark Reading

Ransomware Attackers Abuse Multiple Windows CLFS Driver Zero-Days

Attackers were escalating privileges left and right in 2023, thanks to one performance-oriented, security-lacking driver.

favicon imageSecurelist

Windows CLFS and five exploits used by ransomware operators (Exploit #4 – CVE-2023-23376)

This is part five of our study about the Common Log File System (CLFS) and five vulnerabilities in this Windows OS component that have been used in ransomware attacks throughout the year.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisory

EPSS Score

59% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟑

    Public PoC available

  • πŸ“°

    First article discovered by Securelist

  • πŸ’°

    Used in Ransomware

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ¦…

    CISA Reported

  • Vulnerability published

  • Vulnerability Reserved

.