Microsoft patches Windows zero-day bug used in ransomware attacks

Microsoft has patched a zero-day vulnerability affecting all supported variations of Home windows, which researchers say hackers exploited to launch ransomware assaults.

Microsoft said in a safety alert on Tuesday that an attacker who efficiently exploited the vulnerability within the Home windows Frequent Log File System (CLFS) might acquire full entry to an unpatched system. Microsoft confirmed that attackers had been actively exploiting the vulnerability.

Russian cybersecurity firm Kaspersky says the flaw was used to deploy Nokoyawa ransomware, predominantly focusing on Home windows servers belonging to small and medium-sized companies primarily based within the Center East, North America and Asia.

In its evaluation of the vulnerability, Kaspersky says that the zero-day stands out as a result of it’s actively exploited by financially motivated cyber criminals.

“Cyber crime teams have gotten more and more extra subtle utilizing zero-day exploits of their assaults,” mentioned Boris Larin, lead safety researcher at Kaspersky. “Beforehand, they had been primarily a instrument of APT actors, however now cyber criminals have the sources to accumulate zero-days and routinely use them in assaults.”

Nokoyawa was first noticed in February 2022 and is believed to be linked to the now-defunct Hive ransomware gang, which legislation enforcement infiltrated and shut down in January. “The 2 households share some hanging similarities of their assault chain, from the instruments used to the order by which they execute varied steps,” Development Micro said in an evaluation on the time.

The Nokoyawa malware encrypts recordsdata on programs it compromises, however the operators additionally declare to steal precious info that they threaten to leak until a ransom is paid.

U.S. cybersecurity company CISA added the newly patched Home windows vulnerability to its known exploited vulnerabilities catalog and urged federal businesses to replace programs earlier than Could 2.

Microsoft fastened nearly 100 flaws as a part of its repeatedly scheduled Patch Tuesday replace. The tech large additionally fastened a distant code execution flaw that would enable a distant, unauthenticated attacker to run their code with elevated privileges on affected servers with Microsoft’s Message Queuing service enabled.