comscore
हिंदी
  • Home
  • Laptops
  • Windows 11, 10 users need to update their PCs right now

Windows 11, 10 users need to update their PCs right now

Microsoft has patched an exploit developed for different versions and builds of Windows OS, including Windows 11, by a group of cybercriminals.

Published By: Shubham Verma | Published: Apr 14, 2023, 09:10 AM (IST)

windows11new
  • whatsapp
  • twitter
  • facebook
  • whatsapp
  • twitter
  • facebook

Microsoft has fixed a zero-day vulnerability affecting all supported versions of Windows, which experts say hackers exploited to launch ransomware attacks, a new report said on Thursday. news Also Read: Windows 10 And Windows 11 Hit By High-Severity Security Flaw: CERT-In Issues Warning

In February, researchers discovered an attack using a zero-day vulnerability in the Microsoft Common Log File System (CLFS). A cybercriminal group used an exploit developed for different versions and builds of Windows OS, including Windows 11, and attempted to deploy a Nokoyawa ransomware attack, according to the cybersecurity firm Kaspersky. news Also Read: Microsoft Refreshes Windows 11 Start Menu: Here’s What’s New In The KB5067036 Update

Microsoft assigned ‘CVE-2023-28252’ to the discovered zero-day bug. Attackers used the CVE-2023-28252 vulnerability to elevate privileges and steal credentials from the Security Account Manager (SAM) database. news Also Read: Microsoft Patches Windows 11 Bug That Broke USB Devices: Here's What To Do

While most of the vulnerabilities are used by APTs (Advanced Persistent Threats), the researchers stated that this one turned out to be exploited for cybercrime purposes by a sophisticated group that carries out ransomware attacks.

“Cybercrime groups are becoming increasingly more sophisticated using zero-day exploits in their attacks. Previously it was primarily a tool of APTs, but now cybercriminals have the resources to acquire zero-days and routinely use them in attacks,” said Boris Larin, Lead Security Researcher with the Global Research and Analysis Team (GReAT).

“It’s very important for businesses to download the latest patch from Microsoft as soon as possible, and use other methods of protection, such as EDR solutions,” he added.

Moreover, the report said that the hackers also attempted to execute similar elevation of privilege exploits in attacks on different small and medium-sized businesses in the Middle East and North America, and previously in Asia regions.

The researchers said they saw at least five different exploits of this kind, which were used in attacks on retail and wholesale, energy, manufacturing, healthcare, software development, and other industries.

Trending Now

— IANS