Windows under attack: 0-day vulnerability used by ransomware group

[harlan4096]

Microsoft released security updates for Windows yesterday and revealed today that the updates include a patch for a 0-day issue that is exploited in the wild.

The vulnerability -- Windows Common Log File System Driver Elevation of Privilege Vulnerability -- is tracked as CVE-2025-29824.

Important information:

• The issue affects most supported server and client versions of Windows, including Windows 10, Windows 11, and Windows Server 2025.
  
• Microsoft notes that the exploit does not work in Windows 11, version 24H2.
  
• It is a use-after-free security issue that may be exploited for local elevation attacks.
  
• The attack does not require user interaction.
  
• The attacker may gain system privileges upon successful exploitation.
  

Microsoft notes that it is aware of limited attacks. It mentions targets in the IT and real estate sectors in the United States, the financial sector in Venezuela, a Spanish software company, and the retail sector in Saudi Arabia specifically in a special announcement on its security website.

Installation of the update protects systems against exploits. Microsoft's guidance includes an ominous note revealing that the company is delaying the patch for Windows 10 systems. It does not provide an explanation for the delay. Affected users and administrators are asked to monitor the official CVE on Microsoft's MSRC website for updates regarding the rollout of the patch to Windows 10 systems.

Continue Reading...