Windows Zero-Day being exploited in Ransomware Attacks

Share This Post

CISA added CVE-2023-28252, a Windows zero-day vulnerability in the Common Log File System (CLFS), to its catalog of Known Exploited Vulnerabilities yesterday. This flaw was first discovered in February. It’s noted that this vulnerability is currently being actively exploited by cybercriminals across small and medium-sized businesses in the Middle East and North America. Threat actors have been monitored escalating privileges and deploying ransomware payloads, particularly Nokoyama.

Nokoyama ransomware first surfaced in February of 2022 and was viewed as one of several offshoots of JSWorm. Since then, it has used CLFS system flaws similar to CVE-2023-28252, including in 64-bit Windows systems, to perpetrate double extortion attacks with victims’ stolen data.

Microsoft patched this zero-day and 96 other bugs, including 45 remote code execution vulnerabilities, as part of April’s Patch Tuesday, Full details on yesterday’s patches can be found here: https://www.bleepingcomputer.com/news/microsoft/microsoft-april-2023-patch-tuesday-fixes-1-zero-day-97-flaws/



Reach out to our incident response team for help

More To Explore

Information Security News – 6/23/2025

Law Enforcement Takedowns Disrupt Cybercrimes Across the Globe Article Link: https://cyberscoop.com/cybercrime-crackdown-operation-endgame-operation-secure/   Microsoft 365 to Block File Access Via Legacy Auth by Default Article link:

Information Security News – 6/16/2025

Grocery Wholesale Giant United Natural Foods Hit by Cyberattack Article Link: https://www.bleepingcomputer.com/news/security/grocery-wholesale-giant-united-natural-foods-hit-by-cyberattack/ The Worsening Landscape of Educational Cybersecurity Article Link: https://blog.knowbe4.com/the-worsening-landscape-of-educational-cybersecurity Gov. Abbott Signs Texas

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.