Windows Users Asked To Update As Microsoft Spots New Zero-Day Attack


Zero-Day attack

Microsoft has recently issued a warning to Windows users to update their systems as a new zero-day attack has been spotted. According to Techcrunch, the attack exploits a vulnerability in the Windows Common Log File System (CLFS). It allows attackers to gain full access to an unpatched system. Microsoft found 132 security flaws this week across all product lines, including a total of six zero – day flaws that have already been actively exploited. Due to this, Windows safety experts advise users to upgrade their systems right away.

Zero-Day attack

 

What is a zero-day attack?

A zero – day attack is a type of cyber attack that exploits a lacuna in the software app or system that nobody knows before. This vulnerability is called a zero – day because it is not known to the software vendor and there is no patch available to fix it. Zero – day attacks are mainly dangerous because they can be used to launch targeted attacks against specific brands or people.

Details of the Windows zero-day attack

The Windows zero – day attack exploits a vulnerability in the Windows Common Log File System (CLFS). This is used to manage log files on Windows systems. The vulnerability allow attackers to gain full access to a system that does not have a patch. It can then be used to launch a ransomware attack or other types of cyber attacks. According to Kaspersky, a Russian cyber security company, the zero – day attack was used to deploy Nokoyawa ransomware. This ransomware targets Windows servers that belong to small and medium – size brands in the Middle East, North America, and Asia.

According to Forbes, one of the zero – days is a remote code execution type. An official report from Microsoft claims that this vulnerability has links to RomCom, a Russian cybercrime outfit. Also, Microsoft claims that this group is likely working with interest from Russian intelligence. Rapid7 vulnerability risk expert, Adam Barnett warns that RomCom attacks usually target a wide spread of victims. However, Microsoft has a new patch and the full list of vulnerabilities which the patch handles is in its Security Update Guide.

Microsoft claims that it is probing “reports of a series of remote code execution vulnerabilities impacting Windows and Office products. Microsoft is aware of targeted attacks that attempt to exploit these vulnerabilities by using specially-crafted Microsoft Office documents.” Let us take a look at some of the important zero – days that the company had to deal with.

Windows 11 print screen

CVE-2023-36884

At the moment, there is no patch for CVE-2023-36884 and Microsoft has officially confirmed this. However, the company says that it is probing the issue. The company adds that it will “take the appropriate action to help protect our customers” after it is done with the probe.

Gizchina News of the week


Microsoft will not leave an exploited zero – day in the public space for a long time. Thus, when it is done with the probe, it will likely not wait for next month’s Patch Tuesday rollout. The company will also likely release the fix as an out – of – band security update. For now, Microsoft has a blog post that offers some sort of workaround for users. If you need the temporary solution, click here.

CVE-2023-32046

CVE-2023-32046 is a zero-day attack that that affects MSHTML core Windows. Immersive Labs director of cyber threat research, Kev Breen said “This is not limited to browsers – other apps like Office, Outlook, and Skype also make use of this component.” Breen adds

Read Also:  Microsoft Ends Support for Windows 11 Versions 21H2 and 22H2

“This vulnerability would likely be used as an initial infection vector . It allows the attacker to gain code execution in the context of the user clicking the link or opening the document.”

CVE-2023-36874

This zero – day vulnerability mainly attacks Windows Error Reporting (WER) service. If the attacker suceeds, he will have admin access as well as privledge to the system. Automox product security staff, Tom Bowyer said “The WER service is a feature in Microsoft Windows operating systems that collects and sends error reports to Microsoft when certain software crashes or encounters other types of errors,”

Bowyer adds

“This zero – day issue is being actively exploited … so if WER is used by your organization we recommend patching within 24 hours.”

Zero-Day attack

CVE-2023-32049

CVE-2023-32049 is another issue that is been exploited and it attacks the Windows Smart Screen feature. It has the capacity to bypass the Windows Smart Screen feature and make changes. VP of security products at Ivanti, Chris Goettl said

“The CVE is rated as important, but Microsoft has confirmed reports of exploitation for this issue increasing the urgency to critical,”

How to protect your system from zero – day attack

To protect yourself against this zero – day attack, Windows users must apply the Microsoft patch as soon as possible. Security experts like Kev Breen has issued a strong warning that users must update their systems immediately. He further warns “With 5 CVEs being actively exploited in the wild, and one advisory for attacker techniques also being exploited in the wild, this is not a month to wait on patching,”. He asks users to make these patches a priority so as to keep their devices safe.

Final Words

Zero – day attacks are a serious threat to brands and people alike and Windows users must be careful. Security Week claims that this year, there have been at least 19 zero – day attacks in the wild. Microsoft has patched several zero – day issues in recent months. So, it is good for users to update their system from time to time so as to guard them from exposure.

Disclaimer: We may be compensated by some of the companies whose products we talk about, but our articles and reviews are always our honest opinions. For more details, you can check out our editorial guidelines and learn about how we use affiliate links.

Source/VIA :
Previous WhatsApp Innovations this year: Discover the Best Features Now
Next Microsoft Introduces a New System Tuning App for Windows 10 and 11