Microsoft has released its latest batch of updates, which aim to address 97 security issues, including a ransomware vulnerability that is currently being exploited by cybercriminals. The monthly release of security patches, also known as Patch Tuesday, offers fixes and improvements for Microsoft’s products.
According to The Hacker News, the latest update addresses the CVE-2023-28252 vulnerability, which is the fourth flaw in the CLFS component that has come under active exploitation in the past year. CVE-2022-24521, CVE-2022-37969, and CVE-2023-23376 are the three previous flaws in the CLFS component that have been exploited, with CVSS scores of 7.8. The CLFS component has been identified as the source of at least 32 vulnerabilities since 2018.
Russian cybersecurity company Kaspersky has reported that a cybercrime group has weaponized the vulnerability to deploy Nokoyawa ransomware against small and medium-sized businesses in North America, Asia, and the Middle East.
It is highly recommended that all users update their Windows operating system immediately to protect themselves from potential cyberattacks.