Published: 11/04/2023 Updated: 14/09/2023

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 0

Windows Common Log File System Driver Elevation of Privilege Vulnerability

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft windows server 2008 r2
microsoft windows server 2012 r2
microsoft windows server 2016 -
microsoft windows server 2008 -
microsoft windows server 2012 -
microsoft windows server 2019 -
microsoft windows server 2022 -
microsoft windows 10 20h2
microsoft windows 11 21h2
microsoft windows 10 21h2
microsoft windows 11 22h2
microsoft windows 10 22h2
microsoft windows 10 1809
microsoft windows 10 1607
microsoft windows 10 1507

A privilege escalation vulnerability exists in the clfssys driver which comes installed by default on Windows 10 21H2, Windows 11 21H2 and Windows Server 20348 operating systems This Metasploit module exploit makes use to two different kinds of specially crafted blf files ...

CVE-2023-28252 CVE-2023-28252 CLFS 提权漏洞POC

Since February 2022 was reported a new ransomware that appears to be using a Windows 0-day vulnerability, according to the research conducted by Trend Micro More information about this ransomware can be found at this link According to analysis by Kaspersky, the Nokoyawa ransomware group has used other exploits targeting the Common Log File System (CLFS) driver since June 2022

My HTB Writeups

HTB_Writeups My HTB Writeups, some in ENG and others in PT-BR Some writeups don't have a writeup, they only have a reference writeup Windows Machines Machine Resume Tools or Techniques Difficulty Absolute nmap, netexec, exiftool, john rules, kerbrute, impacket-GetNPUsers, john, impacket-getTGT, impacket-smbclient, bloodhound-python, bloodhound, impacket-owneredit,

A modification to fortra's CVE-2023-28252 exploit, compiled to exe

CVE-2023-28252-Compiled-exe A modification of Fortra's excellent CVE-2023-2852 Privesc Exploit Works on Windows 11 21H2 clfssys version 100220001574 - also works on Windows 10 21H2, Windows 10 22H2, Windows 11 22H2 and Windows server 2022 This version retains the original functionality, but gives the option to provide a binary to execute as an argument, useful if you

My bin folder, tools I created as FOSS

My "bin folder" tools Tools I created as FOSS htmlqpy To see examples how I use htmlq and jsonq - see the script: cve_scrapesh $ htmlqpy -h usage: htmlqpy [-h] [-j] -l LOOP -s SELECTORS [-t] [-o] [-u URLROOT] HTML Data Extraction options: -h, --help show this help message and exit -j, --json Output as JSON -l LOOP, --loop LOOP Loop

Обнаружение эксплойта CVE-2023-28252

CVE-2023-28252- Обнаружение эксплойта CVE-2023-28252 Контроль создания файлов в директории, в котором эксплойт оставляет файлы, используемые для эксплуатации, по жестко заданному пути в папке "C:\Users\Public", "C:\Users\Public

The repo contains a precompiled binary which can be run on a Windows machine vulnerable to CVE-2023-28252

Compiled PoC Binary For CVE-2023-28252 The repo contains a precompiled binary which can be run on a Windows machine vulnerable to CVE-2023-28252 The precompiled binary is a slightly modified version of the PoC exploit seen in fortra's repo The file can be run with the following arguments: clfs_eopexe <PAYLOAD> <OFFSET,optional> <FLAG,op

IT threat evolution in Q2 2023

Securelist • David Emm • 30 Aug 2023

IT threat evolution in Q2 2023 IT threat evolution in Q2 2023. Non-mobile statistics IT threat evolution in Q2 2023. Mobile statistics Targeted attacks Gopuram backdoor deployed through 3CX supply-chain attack Earlier this year, a Trojanized version of the 3CXDesktopApp, a popular VoIP program, was used in a high-supply-chain attack. The attackers were able to embed malicious code into the libffmpeg media processing library to download a payload from their servers. When we reviewed our telemetry...

Securelist • AMR • 30 Aug 2023

IT threat evolution in Q2 2023 IT threat evolution in Q2 2023. Non-mobile statistics IT threat evolution in Q2 2023. Mobile statistics These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data. Quarterly figures According to Kaspersky Security Network, in Q2 2023: Kaspersky solutions blocked 801,934,281 attacks from online resources across the globe. A total of 209,716,810 unique links were detected by Web ...

Securelist • Boris Larin • 11 Apr 2023

In February 2023, Kaspersky technologies detected a number of attempts to execute similar elevation-of-privilege exploits on Microsoft Windows servers belonging to small and medium-sized businesses in the Middle East, in North America, and previously in Asia regions. These exploits were very similar to already known Common Log File System (CLFS) driver exploits that we analyzed previously, but we decided to double check and it was worth it – one of the exploits turned out to be a zero-day, sup...

The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Plus Google, SAP, Adobe and Cisco emit fixes

Microsoft patched 97 security flaws today for April's Patch Tuesday including one that has already been found and exploited by miscreants attempting to deploy Nokoyawa ransomware. Redmond deemed seven of the now-patched vulnerabilities "critical" and the rest merely "important." Microsoft, as usual, didn't disclose the extent of attacks against CVE-2023-28252, a privilege elevation bug in the Windows Common Log File System (CLFS) driver, infosec folk say they've spotted attempts to deploy the No...

CVE-2023-28252

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

Recent Articles

References

Vulmon Search

About

Products

Connect