Microsoft Patches Windows Exploit Targeted by Ransomware Attacks

windows 11


  • Vulnerability in Windows Common Log File System actively exploited by hackers
  • Nokoyawa ransomware predominantly targets Windows servers of small and medium-sized businesses
  • Microsoft’s Patch Tuesday update includes a fix for almost 100 flaws

Microsoft has addressed a zero-day vulnerability impacting all supported Windows versions, which researchers claim was exploited by hackers to carry out ransomware attacks.

In a security alert on Tuesday, Microsoft revealed that an attacker exploiting the vulnerability in the Windows Common Log File System (CLFS) could gain complete access to an unpatched system, and confirmed that the vulnerability was actively being exploited, reports TechCrunch. Microsoft says the Tuesday patch fixed over 100 security flaws.

Russian cybersecurity firm, Kaspersky, said that the flaw was used to deploy Nokoyawa ransomware, primarily targeting Windows servers of small and medium-sized businesses in the Middle East, North America, and Asia.

“Cyber crime groups are becoming increasingly more sophisticated using zero-day exploits in their attacks. Previously, they were primarily a tool of APT actors, but now cyber criminals have the resources to acquire zero-days and routinely use them in attacks,” said Boris Larin, lead security researcher at Kaspersky.

Nokoyawa, first observed in February 2022, is believed to be linked to the now-defunct Hive ransomware gang. The malware encrypts files on compromised systems and operators claim to steal valuable information, threatening to leak it unless a ransom is paid.

The U.S. cybersecurity agency CISA has added the newly-patched Windows vulnerability to its known exploited vulnerabilities catalog and urged federal agencies to update systems before May 2.