Windows CLFS and five exploits used by ransomware operators (Exploit #4 – CVE-2023-23376)

Dec 21, 2023 12:00 pm Cyber Security 104
Windows CLFS and five exploits used by ransomware operators (Exploit #4 – CVE-2023-23376)

This is part five of our study about the Common Log File System (CLFS) and five vulnerabilities in this Windows OS component that have been used in ransomware attacks throughout the year. Please read the previous parts first if you haven’t already.


You can skip to the other parts using this table of contents or using the link at the end of this part.


Part 1 – Windows CLFS and five exploits of ransomware operators
Part 2 – Windows CLFS and five exploits of ransomware operators (Exploit #1 – CVE-2022-24521)
Part 3 – Windows CLFS and five exploits of ransomware operators (Exploit #2 – September 2022)
Part 4 – Windows CLFS and five exploits of ransomware operators (Exploit #3 – October 2022)
Part 5 – Windows CLFS and five exploits of ransomware operators (Exploit #4 – CVE-2023-23376)
Part 6 – Windows CLFS and five exploits of ransomware operators (Exploit #5 – CVE-2023-28252)

Exploit #4 – CVE-2023-23376


The October changes complicated the exploitation of the GENERAL block, and the author of the previously discussed exploits switched to exploiting the CONTROL block. CVE-2023-23376 was discovered as a zero-day in the wild by the Microsoft Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center (MSRC). It was fixed in February 2023.


To discuss this vulnerability, we need to take a closer look at the CLFS_CONTROL_RECORD structure. As mentioned in part one o ..

Support the originator by clicking the read the rest link below.

windows exploits ransomware operators exploit 23376
Read The Rest from the original source
securelist.com

Related News

Be in Touch

All Rights Reserved #1 Source for Cyber Security News, Reports and Threat Intelligence
Powered By The Internet!!!!