skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition

Zero-Day Vulnerability CVE-2024-49138 Disclosed for Windows

/ 1 min read

🦠 New zero-day vulnerability CVE-2024-49138 poses significant risk to Windows systems. Security researcher MrAle_98 has disclosed a proof-of-concept exploit for a critical zero-day vulnerability affecting the Windows Common Log File System (CLFS) Driver, which has a CVSS score of 7.8. This elevation of privilege flaw allows attackers to gain SYSTEM-level access, potentially compromising a wide range of Windows devices, including the latest Windows 11 version. Microsoft confirmed that the vulnerability was actively exploited before the release of a patch in December 2024, which addressed this and 70 other vulnerabilities. The release of the PoC on GitHub raises concerns about increased exploitation risks for unpatched systems, emphasizing the urgency for users to apply the latest security updates.

Source
{entry.data.source.title}
Original