Summary: Security researcher MrAle_98 has disclosed a proof-of-concept exploit for a zero-day vulnerability, CVE-2024-49138, affecting the Windows Common Log File System (CLFS) Driver. This elevation of privilege flaw, with a CVSS score of 7.8, allows attackers to gain SYSTEM privileges on affected devices. Microsoft confirmed that the vulnerability was actively exploited before a patch was released, emphasizing the urgency for users to update their systems.
Threat Actor: Unknown | unknown
Victim: Microsoft Windows Users | Microsoft Windows Users
Keypoints :
- MrAle_98 published a PoC exploit for CVE-2024-49138, a zero-day vulnerability in the CLFS Driver.
- The vulnerability allows attackers to elevate their privileges to SYSTEM level, compromising device security.
- Microsoft addressed this flaw in its December Patch Tuesday release, urging users to apply updates promptly.