Comment on Microsoft’s April 2023 Patch Tuesday: Satnam Narang, Sr. Staff Research Engineer, Tenable
“CVE-2023-28252 is an elevation of privilege vulnerability in the Windows Common Log File System (CLFS). It was exploited in the wild and it is the second CLFS elevation of privilege zero day exploited in the wild this year, and the fourth in the last two years. It is also the second CLFS zero day disclosed to Microsoft by researchers from Mandiant and DBAPPSecurity (CVE-2022-37969), though it is unclear if both of these discoveries are related to the same attacker. Over the last two years, attackers appear to have found success targeting CLFS in order to elevate privileges as part of post-compromise activity.
| CVE | Patch Tuesday Release |
| CVE-2023-28252 | April 2023 |
| CVE-2023-23376 | February 2023 |
| CVE-2022-37969 | September 2022 |
| CVE-2022-24521 | April 2022 |
While CVE-2023-28252 was the only flaw exploited in the wild, of the 97 CVEs patched this month, Microsoft has rated nearly 90% of the vulnerabilities as Exploitation Less Likely, while just 9.3% of flaws were rated as Exploitation More Likely.”– Satnam Narang, Sr. Staff Research Engineer, Tenable
Milky Tea Games Studio levels up with new majority owner Aonic
