Microsoft has patched a zero-day vulnerability affecting all supported variations of Home windows, which researchers say hackers exploited to launch ransomware assaults.

Microsoft stated in a safety alert on Tuesday that an attacker who efficiently exploited the vulnerability within the Home windows Widespread Log File System (CLFS) might achieve full entry to an unpatched system. Microsoft confirmed that attackers have been actively exploiting the vulnerability.

Russian cybersecurity firm Kaspersky says the flaw was used to deploy Nokoyawa ransomware, predominantly focusing on Home windows servers belonging to small and medium-sized companies primarily based within the Center East, North America and Asia.

In its evaluation of the vulnerability, Kaspersky says that the zero-day stands out as a result of it’s actively exploited by financially motivated cyber criminals.

“Cyber crime teams have gotten more and more extra subtle utilizing zero-day exploits of their assaults,” stated Boris Larin, lead safety researcher at Kaspersky. “Beforehand, they have been primarily a device of APT actors, however now cyber criminals have the sources to amass zero-days and routinely use them in assaults.”

Nokoyawa was first noticed in February 2022 and is believed to be related to the now-defunct Hive ransomware gang, which legislation enforcement infiltrated and shut down in January. “The 2 households share some placing similarities of their assault chain, from the instruments used to the order through which they execute numerous steps,” Development Micro stated in an evaluation on the time.

The Nokoyawa malware encrypts recordsdata on techniques it compromises, however the operators additionally declare to steal useful data that they threaten to leak until a ransom is paid.

U.S. cybersecurity company CISA added the newly-patched Home windows vulnerability to its recognized exploited vulnerabilities catalog and urged federal companies to replace techniques earlier than Might 2.

Microsoft fastened virtually 100 flaws as a part of its recurrently scheduled Patch Tuesday replace. The tech large additionally fastened a distant code execution flaw that might permit a distant, unauthenticated attacker to run their code with elevated privileges on affected servers with Microsoft’s Message Queuing service enabled.