Microsoft has recently issued a warning to Windows users to update their systems as a new zero-day attack has been spotted. According to Techcrunch, the attack exploits a vulnerability in the Windows Common Log File System (CLFS). It allows attackers to gain full access to an unpatched system. Microsoft found 132 security flaws this week across all product lines, including a total of six zero – day flaws that have already been actively exploited. Due to this, Windows safety experts advise users to upgrade their systems right away.
What is a zero-day attack?
A zero – day attack is a type of cyber attack that exploits a lacuna in the software app or system that nobody knows before. This vulnerability is called a zero – day because it is not known to the software vendor and there is no patch available to fix it. Zero – day attacks are mainly dangerous because they can be used to launch targeted attacks against specific brands or people.
Details of the Windows zero-day attack
The Windows zero – day attack exploits a vulnerability in the Windows Common Log File System (CLFS). This is used to manage log files on Windows systems. The vulnerability allow attackers to gain full access to a system that does not have a patch. It can then be used to launch a ransomware attack or other types of cyber attacks. According to Kaspersky, a Russian cyber security company, the zero – day attack was used to deploy Nokoyawa ransomware. This ransomware targets Windows servers that belong to small and medium – size brands in the Middle East, North America, and Asia.
According to Forbes, one of the zero – days is a remote code execution type. An official report from Microsoft claims that this vulnerability has links to RomCom, a Russian cybercrime outfit. Also, Microsoft claims that this group is likely working with interest from Russian intelligence. Rapid7 vulnerability risk expert, Adam Barnett warns that RomCom attacks usually target a wide spread of victims. However, Microsoft has a new patch and the full list of vulnerabilities which the patch handles is in its Security Update Guide.
Microsoft claims that it is probing “reports of a series of remote code execution vulnerabilities impacting Windows and Office products. Microsoft is aware of targeted attacks that attempt to exploit these vulnerabilities by using specially-crafted Microsoft Office documents.” Let us take a look at some of the important zero – days that the company had to deal with.
CVE-2023-36884
At the moment, there is no patch for CVE-2023-36884 and Microsoft has officially confirmed this. However, the company says that it is probing the issue. The company adds that it will “take the appropriate action to help protect our customers” after it is done with the probe.
Gizchina News of the week
Microsoft will not leave an exploited zero – day in the public space for a long time. Thus, when it is done with the probe, it will likely not wait for next month’s Patch Tuesday rollout. The company will also likely release the fix as an out – of – band security update. For now, Microsoft has a blog post that offers some sort of workaround for users. If you need the temporary solution, click here.
CVE-2023-32046
CVE-2023-32046 is a zero-day attack that that affects MSHTML core Windows. Immersive Labs director of cyber threat research, Kev Breen said “This is not limited to browsers – other apps like Office, Outlook, and Skype also make use of this component.” Breen adds
“This vulnerability would likely be used as an initial infection vector . It allows the attacker to gain code execution in the context of the user clicking the link or opening the document.”
CVE-2023-36874
This zero – day vulnerability mainly attacks Windows Error Reporting (WER) service. If the attacker suceeds, he will have admin access as well as privledge to the system. Automox product security staff, Tom Bowyer said “The WER service is a feature in Microsoft Windows operating systems that collects and sends error reports to Microsoft when certain software crashes or encounters other types of errors,”
Bowyer adds
“This zero – day issue is being actively exploited … so if WER is used by your organization we recommend patching within 24 hours.”
CVE-2023-32049
“The CVE is rated as important, but Microsoft has confirmed reports of exploitation for this issue increasing the urgency to critical,”
How to protect your system from zero – day attack
To protect yourself against this zero – day attack, Windows users must apply the Microsoft patch as soon as possible. Security experts like Kev Breen has issued a strong warning that users must update their systems immediately. He further warns “With 5 CVEs being actively exploited in the wild, and one advisory for attacker techniques also being exploited in the wild, this is not a month to wait on patching,”. He asks users to make these patches a priority so as to keep their devices safe.
Final Words
Zero – day attacks are a serious threat to brands and people alike and Windows users must be careful. Security Week claims that this year, there have been at least 19 zero – day attacks in the wild. Microsoft has patched several zero – day issues in recent months. So, it is good for users to update their system from time to time so as to guard them from exposure.