{"uuid": "1ad2a3a2-6245-41e8-a0bb-7ec76ba45c52", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-28252", "type": "exploited", "source": "https://t.me/poxek/2816", "content": "\ud83d\udca5Nokoyawa ransomware attacks with Windows zero-day\nIn February 2023, Kaspersky technologies detected a number of attempts to execute similar elevation-of-privilege exploits on Microsoft Windows servers belonging to small and medium-sized businesses in the Middle East, in North America, and previously in Asia regions.\n\nThis is the one bug(CVE-2023-28252) under active attack this month, and if it seems familiar, that\u2019s because there was a similar 0-day patched in the same component just two months ago. To me, that implies the original fix was insufficient and attackers have found a method to bypass that fix. As in February, there is no information about how widespread these attacks may be. This type of exploit is typically paired with a code execution bug to spread malware or ransomware.", "creation_timestamp": "2023-04-11T18:59:27.000000Z"}