Microsoft released its April 2023 Patch Tuesday security updates to address nearly 100 vulnerabilities in Windows and its components, Office, Windows Defender, SharePoint Server, Windows Hyper-V, PostScript Printer, Microsoft Dynamics, and other products. The security update also includes a fix for a zero-day vulnerability listed as under active attack.
The flaw in question, tracked as CVE-2023-28252, is a buffer overflow issue in the Windows Common Log File System Driver, which allows a local user to execute arbitrary code on the system with the highest privileges. This vulnerability is said to have been exploited by threat actors to deploy Nokoyawa ransomware payloads.
Nokoyawa is a relatively new 64-bit Windows-based ransomware family that emerged in February 2022. Like other ransomware operations the threat group behind Nokoyawa performs double extortion ransomware attacks: exfiltrating sensitive information from organizations, followed by file encryption and a ransom payment demand. Trend Micro says that Nokoyawa is likely connected with Hive - one of most notable ransomware families - as the two share similarities in their attack chain, from the tools used to the order in which they execute various steps.
Other noteworthy security issues addressed by Microsoft this month include high-risk vulnerabilities in Microsoft Windows Kernel, Windows Kerberos, Office Graphics, Word, Microsoft ODBC and OLE DB, Microsoft Netlogon RPC, Microsoft SQL Server, Microsoft Message Queuing, Microsoft Layer 2 Tunneling Protocol.