This is the third part of our study about the Common Log File System (CLFS) and five vulnerabilities in this Windows OS component that have been used in ransomware attacks throughout the year. Please read the previous parts first if you haven't already. You can skip to the other parts using this table of contents or using the link at the end of this part. Part 1 – Windows CLFS and five exploits of ransomware operators Part 2 – Windows CLFS and five exploits of ransomware operators (Exploit #1 – CVE-2022-24521) Part 3 – Windows CLFS and five exploits of ransomware operators (Exploit #2 – September 2022) Part 4 – Windows CLFS and five exploits of ransomware operators (Exploit #3 – October 2022) Part 5 – Windows CLFS and five exploits of ransomware operators (Exploit #4 – CVE-2023-23376) Part 6 – Windows CLFS and five exploits of ransomware operators (Exploit #5 – CVE-2023-28252) Exploit #2 – September 2022 Two CLFS vulnerabilities were fixed in September 2022: CVE-2022-35803 and CVE-2022-37969. The last one was discovered as a zero-day exploited in the wild and it was reported by Quan Jin with DBAPPSecurity, Genwei Jiang with Mandiant, FLARE OTF, CrowdStrike, Zscaler ThreatLabz with Zscaler. We didn't see it used in any attacks on our customers when it was a zero-day and we assume it was found when someone uploaded it to VirusTotal. While there appears to be no information about the attacks and the threat actor who used it, researchers from Zscaler have published an article…Read More