Microsoft has released its latest round of updates, addressing some 97 security issues, including a ransomware vulnerability that is being actively exploited.
Patch Tuesday is the second Tuesday of every month when Microsoft releases security fixes and improvements. This Patch Tuesday fixes a slew of issues. According to The Hacker News, the update also addresses a ransomware vulnerability that is being actively exploited:
CVE-2023-28252 is the fourth privilege escalation flaw in the CLFS component that has come under active abuse in the past year alone after CVE-2022-24521, CVE-2022-37969, and CVE-2023-23376 (CVSS scores: 7.8). At least 32 vulnerabilities have been identified in CLFS since 2018.
According to Russian cybersecurity firm Kaspersky, the vulnerability has been weaponized by a cybercrime group to deploy Nokoyawa ransomware against small and medium-sized businesses in the Middle East, North America, and Asia.
Needless to say, all users should update Windows immediately.