Summary: Microsoft has patched a security flaw in Windows Common Log File System (CLFS), identified as CVE-2025-29824, which was exploited in ransomware attacks targeting multiple sectors across different countries. The flaw allowed attackers to escalate privileges to SYSTEM level and subsequently deploy the PipeMagic malware for further exploits. The threat actors are being tracked by Microsoft under the name Storm-2460.
Affected: Microsoft Windows Operating System
Keypoints :
- Attackers exploited the privilege escalation bug in CLFS to achieve SYSTEM privileges.
- Targets included organizations in the IT, real estate, finance, software, and retail sectors across the US, Venezuela, Spain, and Saudi Arabia.
- The malware PipeMagic has been involved in various past ransomware attacks and employs a backdoor mechanism to facilitate exploitation.
- Windows 11, version 24H2, is not affected due to user privilege restrictions on access to certain system classes.
- Microsoft noted that successful exploitation involves extracting user credentials and deploying ransomware across systems.
Source: https://thehackernews.com/2025/04/pipemagic-trojan-exploits-windows-clfs.html
Views: 14
简体中文
Nederlands
Français
Bahasa Indonesia
日本語
Português